Forensics - Tippy Tappies

118 solves | 257 points

Description

wow they must be using a really old phone (wrap number in kqctf{} flag wrapper)

Downloads

6MB

Solution

My first instinct when given a .wav file was to run it through the standard steganography tools. The list of tools I tried was:

Binwalk
Exiftool
Strings
Steghide
Wavsteg
Sonic visualizer

Unfortunately, none of these tools gave any lead. So I proceeded to listen to the .wav file manually to understand what is going on. Turns out, at around 0:20 seconds of the audio file, the caller (presumably) was asked to dial in their credit card number. Reversing the dial tone back to its corresponding number manually proved to be really difficult but fortunately, there's an abundance of Dual tone multi frequency (DTMF) decoder out there to do it for us. The tool that we will use is: https://github.com/KFSPC8/dtmf-decoder

By using the command: dtmf -v -t 15 tippytappiesbutmobile.wav

We get the above decoding. Now wrap the numbers in the flag format and we get:

Flag: kqctf{4716097646384761}

Last updated 3 years ago