Category
Cryptography / Steganography
Description
Goal: Answer the following question: Where is my Kitty? Rules: Cheat whenever possible.
Solution
Unzipping the attached file we get a password protected zip and a text file.
Checking out 0-Start.txt we get some clues.
***INFORMATION***
__________________________________________________________
Goal:
Answer the following question: Where is my Kitty?
Rules:
Cheat whenever possible.
***START***
__________________________________________________________
Her name is Gaia and she is 11 years old. The is almost a fully black fur kitty. A little bit of white fur in her neck. No collar or something.
She does has a boyfriend cat called Caesar. That is the cat from the house next to us. She spend a lot of time with him outside, enjoying the sun and catching birds.
Ytnp, rzzo uzm! Mfe ozye piapne te ez mp pldj. Esp alddhzco ty zcopc ez mprty LSLCUSDPERUC%PUCEUPCSCUUPCSUcUEUVEKZCCUPCU
Part 1
The mention of Caesar hints that the last line in the message is enciphered with a caesar cipher. Deciphering the message using caesar cipher gives us Nice, good job! But dont expect it to be easy. The password in order to begin AHARJHSETGJR%EJRTJERHRJJERHJrJTJKTZORRJERJ
ASV{AHARJHSETGJR%EJRTJERHRJJERHJrJTJKTZORRJERJ}
Part 2
Unzipping the password protected zip file using the previously found password we get a couple of new files.
0-Start.txt 1-Start.zip 3-Kitty.zip 5-Location.zip
1-Read_Me.txt 2-Kitty.png 4-Letter.pdf
Checking out the file 1-Read_Me.txt we get some additional clues.
SO THERE YOU ARE!!!!
Thank you! It is really bad.....
Everyone should look out for her! Idk what happend to her.
Generally I would assume you know where I am talking about... My cat has been missing :(
All you need will be in this file. She is a smart kitty and left a trail so I could find her if anything happend.
Nothing worked. I tries almost everything.
Often she would go to a different garden but never for this long.
Got all the catnip and food but she is just not here to react to it.
Ready to help me out? It would mean a lot to me!
And don't worry, she would not bite. She is a real sweetheart.
PANIC!!!! Just kidding >->
Have fun!
You will definitely learn something!
You will find two pictures of her so you know how she looks!
Using zsteg we can find some more information.
[Gaia] Oh No! If you are looking at my picture that means that I am in trouble?! Please continue and go find me. The password is *96*)K3Jz$5*)4(0$%f)5*)4($U0^6*)(J3*3o5*)0
ASV{*96*)K3Jz$5*)4(0$%f)5*)4($U0^6*)(J3*3o5*)0}
Part 3
Unzip the password protected zip 3-Kitty.zip using the password found in the last step and we get a new image called Kitty.png.
Checking the file type we find out that it’s not a valid PNG.
file Kitty.png
Kitty.png: data
Opening the file in an hex editor we can see that there’s some extra data that breaks the file.
After fixing the image by removing the added strings we can open the image.
On the box we see a new password, *KK$3Jz$9$LT3%*0$OU0^J3*3o0^$9^JKT3^$9JD%f
ASV{*KK$3Jz$9$LT3%*0$OU0^J3*3o0^$9^JKT3^$9JD%f}
Part 4
Using the previously found password to open the PDF, we get the following.
Selecting all text in the file we see some hidden text.
39$O Ut53oY%0 ^G39 ou39 5iHuD 53uJz3% 0z$9$ D^9%t
Hey there!!
Good job you came this far. You should be really proud but I am still lost so please find me.
Sometimes things are not as black and white as we think they are. Sometimes we think too complex
about a simple solution.
Kind regards,
Gaia
39$OUt53oY%0^G39ou395iHuD53uJz3%0z$9$D^9%t
ASV{39$OUt53oY%0^G39ou395iHuD53uJz3%0z$9$D^9%t}
Part 5
Now we can unzip the file 5-Location.zip and we get a file called Location.png.dd
Opening the file in an hex editor we can see a bunch of extra data at the beginning.
After removing all the extra data to the PNG header we have a valid PNG file.
Running exiftool on the new file we get a lot of metadata, including GPS coordinates.
GPS Latitude : 59 deg 12' 49.01" N
GPS Longitude : 18 deg 23' 9.15" E
GPS Position : 59 deg 12' 49.01" N, 18 deg 23' 9.15" E
Converting the GPS Position to a format used by google maps we end up with the following coordinates: 59°12'49.01"N 18°23'9.15"E
Now we got the flag.
ASV{SWEDEN,BREVIK}