JerseyCTF: Crypto: StegAESaurus

This is for the JerseyCTF

For this challenge, we were given the following information and files:






To begin with… I assume the flag.txt is the hex of the flag encrypted using AES.

I go to work on analyzing the wav file and based on previous experience it sounds lie there may be hidden data in the sound itself. I need to look at the spectrogram. I import it into Audacity and take a look:

I see the hidden message is “ECB”, which is the Electronic Codebook mode of decryption.

Next I analyze the PartofKey.jpg image. Looking at the Exif data (metadata) of the picture, I see the image has a copyright of “Bases of Eight” and a comment with the value:

66 64 71 63 64 142 63 66 142 67 145 70 146 146 60 144

This looks like octal and the hint cements that assumption. A quick conversion to ASCII:

This gives me a 16 character hex value:


Next, I look at the gif. Watching it loop, I see a quick blip on one of the frames, so I decide to split it into individual frames to get a better look:

I see some text. After trying the usual decoding (base64) of strings like this, I realize the actual name of the gif might yield a hint… AlsoPartofKey58.gif

This might be base58 encoded:

This gives me another 16 character hex string:


I think I have what I need to decrypt. I tried several online tools and Linux terminal commands, but found a site with the options I need.

For AES256, the key needs to be 32 characters long. I input the encrypted flag, mark it as hex, choose AES with ECB, combine and enter the two 16 character hex strings I collected from the images “918fcbd005bcaf7a64934b36b7e8ff0d”, and select mark the key as hex:

And I click Decrypt to get the flag:


Leave a Reply

Your email address will not be published. Required fields are marked *