BTLO: SPECTRUM(Audio Steganography)
Steganography is the art of concealing a message, image, or file within another message, image, or file, so, audio steganography is a technique used in steganography, to hide data in audio media. One of this technique is utilize the audio spectrum to hide the data.
Hiding secret messages in digital sound is a much more difficult process when compared to others, such as image steganography. In the practice, the plaintext will embedded in an audio spectrum. In a CTF competition this challenge usually combined with digital forensic challenge and some text manipulation or encoding technique like base64, base91 etc, to confuse the participant. So after you know what hidden in a spectrum audio file, sometime you will confused with the strings or the data shown.
In this article i will practice one of BTLO challenge called SPECTRUM. Start with the description of the challenge
Scotland yard have intercepted information about one of the biggest drug deals to go down in the city of London. Can you find out where and when the deal is expected to go down?
recover with photorec/foremost
They give us a zip file with unknown password to unzip them. So we need to crack it with some tool. I use fcrackzip to crack the password
yeah, it could crack it, and the password shown. There is 4 wav file inside the zip file. brown.wav, location.wav, wahwah.wav, and white.wav. For the first time it look suspicious with the file name, like the location.wav and the wahwah.wav. So we start investigate with these two file. Start with recognize the originality of the file with check the file type and the metadata with some tool like exiftool. It seems like original wav file, we try to see the spectrum in audacity and still don’t get the other clue.
Sometime audio challenge combine with other technique like morse code, and there is a tool that can help us with this. Try to upload the audio there and we fooled
location.wav = NICE TRY, NOTHING TO HEAR HERE!
After this try, we try with other file with the same step. And we found suspicious strings in whtie.wav file when we see the spectrum.
It’s kinda familiar, like a GPS coordinate, and it relevant with the next question. We try to search the location with this tool, and we know where is it.
51.505278, 0.055278 ⇒ London City Airport
Other file just show weird string in the comment tag at the metadata. Save it first to continue the other question. The white.wav actually embedded with the time that asked in the last question, but we need a password to encode this. We still have one suspicious string that possible relate with this, it’s look like string encoding type, try all possible encoding with cyberchef. It encoded with base58 encoding.
15:01:00
emit
At the first time, we confused with the strings, but it just type reversed. So reverse them to find the answer.
Audio steganography is one of useful technique to hide a message, we can use the spectrum to hide some hidden message or make tool to modify or power up this technique. I hope you learn something from this article, and sorry if I have some mistake.