Review: WGMY OSINT Writeup #1

This is the sequel of this article:

WGMY OSINT Writeup #1

Please read that one first as this one wouldn’t make any sense without it.

Usually, I don’t repeat any close call challenges in CTF’s that I’m in but I would like to change that.

This post will be primarily understanding my main problem regarding the failed chllenge and address it.

[Source]

1. Team Storm’s WGMY 2022 Writeup

This is probably one of the most complete writeup that I’ve encountered. Thanks, Team Storm :)

2.

Thank you for the whenami workflow :)

[Who Am I]

Current progress: Got the picture but have no idea where to start

Weakness: No sock account on all big social media for investigation as I don’t have Facebook account personally(I know, I came to game really late)

Solution:

1. Scoll to Facebook to find the exact picture given in the zip file

This is the picture that’s available on the wargames facebook page.

This is the weird green font available on the picture. No wonder the hint is Wingdings language :0

2) Go to https://www.dcode.fr/wingdings-font and decode it

The result of the windings decode

[When Am I]

Current progress: Cross reference it with the actual Comic Fiesta 2022 and found the blurred event referring to Hololive meet.

Weakness: Mental block to keep googling for stuff within the event. I’ve seen that the hangman keyword can be find with just couple of google search online. Now, this is a mental defect not a tooling problem. Why? Lack of experience? Emotional state? Decision fatigue? The closest I got is this video on Why Athlete Choke Under Pressure. Simply said, anxiety of performance narrows down the attention causes the athlete to miss important info which leads to missing easy chances. So, current solution that I can think of is to train this type of CTF again and again to find optimal level of arousal for maximum performance.

File given in the question:

whenami.jpg with important details highlighted

Solution:

1. Google “Time Hololive” to get the hangman password at the bottom of the whenami.jpg

the password is OUROKRONII based on the google result

2. As in the whenami.jpg there someone hid something in the picture, extract the hidden content in the picture using steghide

the steghide command to extract answer.txt

answer.txt section #1

answer.txt section #2

answer.txt section #3

3. Open up the Ourokronii Among Us video and scroll to the [Viewer Rules] section in the video description

The video:

The [viewer rules] on the video description:

The target of this challenge

3. Search for the cipher format of answer.txt #2 and #3

This is cheating some sort of way because I just search the format of the cipher. Anyways, we got 2 ciphers, Arnold CIpher and Book cipher. Looks here that Arnold Cipher is a type of book cipher so in this case, we will use book cipher decoder to decode the cipher.

4. Use online book decoder and decode the cipher

The setting use to decode the cipher and the result of the decode. As you can see the result is not good so need to clean up a bit

5. Clean up the decode result and get the flag

This is the flag after the cleanup

Thank you taking your time reading this article and have a nice day :)