In this room, we uncover hidden messages through steganographic methods and research.
Task 2: Analyze the Audio
Question: What is the link inside of the audio?
To solve this task, I used Sonic Visualizer to analyze the attached WAV file for hidden messages.
I added a new spectrogram layer and zoomed in to reveal a QR code.
Scanning this QR code reveals a Pastebin link which is the answer for this task. Clicking on this link opens a text document with a passphrase and key. This information will be needed for the next task.
To decrypt the passphrase and key, I needed to identify the cryptographic methods used. I used an online hash identifier tool to reveal that both strings were base64. CyberChef can be used to decode them.
Question: What is the decrypted passphrase?
Answer: Hm5R_4_P455mhp453!
Question: What is the decrypted key?
Answer: Cicada
Question: What is the final passphrase?
The hint in the room indicates that a French Diplomat Cipher is used, also known as the Vigenère cipher. CyberChef can be used to decode the Vigenère cipher.
However, this did not seem correct so I reencoded the passphrase to reveal the final passphrase.
Answer: Ju5T_4_P455phr453!
Task 4: Gather Metadata
Question: What link is given?
Steghide can be used to extract the hidden files with the passphrase found from the previous task. This resulted in an invitation.txt file, which contained an Imgur link. I downloaded the image from the link so it can be used in the next task.
Question: What tool did you use to find the hidden file?
To answer this question, I needed to identify the proper steganographic method. Initially, I tried different methods that I was familiar with but had no success. The hint revealed that the method used was one originally relied upon in the real Cicada 3301 challenge. I searched up Cicada steganography tools to discover that Outguess was the method used.
(If outguess is not on your system, you can use ‘apt install outguess’ to install it.)
I ran this command to extract the hidden information contained within the JPG file
Answer: Outguess
Task 6: Book Cipher
The output file from Outguess revealed this secret message.
This hash cannot be cracked with an offline tool, such as hashcat, and instead needs to be cracked with an online tool. I used (https://md5hashing.net/) to crack the hash and uncover the link for the answer.
Visiting this link reveals a long text file. This document is key to uncovering the link needed for the next question
Question: What is the link?
To decode the document, I used the message contained within the output file from earlier. The instructions stated that positive integers mean to move forward in the sentence and negative integers mean to go backward. The codes seemed to follow the format: (I: line number: character position). *Spaces are not included
