Introduction

ayy this weekend, with my team fr334aks-mini, I joined the EHAX CTF—their very first edition! Now, while I wasn’t the one submitting the flags, my teammate, who had the reaction speed of a caffeinated squirrel, kept beating me to it. Every time I cracked a challenge, I’d rush over to submit the flag, only to find out he had already done it. Honestly, I started feeling like an intern in my own CTF team. Alright, no more chatter—time to dive in!

Dots & Dashes(Crypto)

We begin with the challenge info:

We were given a WAV file. Now, I don’t know about you, but my first instinct was to blast it at full volume just in case the flag was some hidden subliminal message. Turns out, it was Morse code. Classic.

Now, onto the solution. I uploaded the file to Morse Code Audio Decoder.

The output was:


'W0RY3 D1Q3N3X3 0X3B4T10T'

Since that looked suspiciously like it needed further decoding, I ran it through Decodefr, which revealed it to be a Vigenère cipher.

and boom! here was the flag:

Flag: EHAX{m0rs3_v1g3n3r3_0p3r4t10n}

Retrieve the Flag (Misc)

This time, We were given two files:

  • An audio file (which, based on the challenge description, we were supposed to "sit back, relax, and enjoy").
  • A flag.zip file (which, of course, was password-protected).

solution

I did the responsible thing and played the audio file as instructed. Halfway through, though, something sounded… off. Maybe it was just my gut instinct, or maybe it was the audio itself.

Anyway, I loaded it into Audacity and switched to spectrogram view.

Boom! Hidden within the spectrogram was this string:


':DE9:D4@CC64E'

Thinking this was the zip password, I tried it. No luck. Turns out, it was encoded. Most people hit this point and bailed out, thinking they'd hit a dead end. Oops!

I ran it through Decodefr, and it turned out to be ROT47, which gave:


'isthiscorrect'

Entering this as the zip password finally extracted a file: flag.gif.

Of course, the flag wasn’t just in the image; it was hidden in the metadata.

Using exiftool, I unearthed this encoded string:


'5JMFC{qttpx@dtz##knsfqqd__ktzsi+_ymj%kqfl_tw_ini_dtz?}'

Decoded using Vigenère cipher (Decodefr again), and voilà, the final flag was:

Flag: EHAX{looks@you##finally__found+_the%flag_or_did_you?}

At this point, I rushed to submit it, only to realize… the competition had already ended. Imagine solving a challenge, feeling so 1337, only to realize you just played yourself. GG, EHAX. GG.

Until next one, GG and happy hacking!