diff --git a/hells-hex-station/README.md b/hells-hex-station/README.md new file mode 100644 index 0000000..c2e32af --- /dev/null +++ b/hells-hex-station/README.md @@ -0,0 +1,10 @@ +# Hell's Hex Station +## Difficulty +Medium +## Text +Mein Fraulein, +I haven't heard from you in a while. Won't you write me? +## Files +[recording.wav](recording.wav) +## How to deploy +n/a \ No newline at end of file diff --git a/hells-hex-station/SOLUTION.md b/hells-hex-station/SOLUTION.md new file mode 100644 index 0000000..12adace --- /dev/null +++ b/hells-hex-station/SOLUTION.md @@ -0,0 +1,45 @@ +# Hell's Hex Station +## Difficulty +Medium +## Category +Forensics +## How To Solve +The title is a reference to [Rudolf Hell](https://en.wikipedia.org/wiki/Rudolf_Hell) (inventor of the _"Hellschreiber"_), the [hexadecimal system](https://en.wikipedia.org/wiki/Hexadecimal), and [numbers stations](https://en.wikipedia.org/wiki/Numbers_station). The description of the challenge is a reference to [a 2006 talk at DEF CON](https://youtu.be/OOxW4VNuHf0) and also references the recurring German theme of this challenge.[^1] + +The provided `.wav` file starts with the same tune as [the "Lincolnshire Poacher" numbers station](https://en.wikipedia.org/wiki/Lincolnshire_Poacher_(numbers_station)), followed by a voice repeating `CP437`, and ends with a pattern of beeping sounds. Using `exiftool` to look at the metadata of the audio file, we get the following output (_only relevant values are shown below; the irrelevant values are excluded_): + +[^1]: The "Mein Fraulein" description, Rudolf Hell being a German engineer, and the correct flag of this challenge containing a `ß`. + +```text +$ exiftool recording.wav + +⋯ +Comment : FELDHELL freq=14071.500 +Software : fldigi-4.1.06 (libsndfile-1.0.28) +⋯ +``` + +The `Comment` and `Software` values bring us closer to the solution: the noise that makes up the bulk of the `.wav` file is ["Hellschreiber"](https://en.wikipedia.org/wiki/Hellschreiber) in Feld Hell mode, a technique developed in 1927 by Rudolf Hell and currently in use by Ham radio hobbyists.[^2] + +[^2]: http://www.w1hkj.com/modes/feld.htm + +We can use [`fldigi`](https://en.wikipedia.org/wiki/Fldigi) to decode the beeping, as the application contains Feld Hell as one of their [supported digital modes](https://en.wikipedia.org/wiki/Fldigi#Supported_digital_modes). After installing and opening `fldigi`, we change to the correct operational mode through `"Op Mode → Hell → Feld Hell"` and load in our `.wav` file through `"File → Audio → Playback"`. In the waterfall view on the bottom of the screen, we select the area that lights up when the beeping begins. Below, you can see a screenshot of the `fldigi` program, around a minute after loading the `.wav` file. A list of numbers in hexadecimal representation (referenced by the title of this challenge) appear on screen: + +![A screenshot of the `fldigi` program, a minute after loading the provided `.wav` file. A list of numbers appeared on the screen.](fldigi.png) + +```text +49 47 43 54 46 7b 48 33 4c 4c e1 43 48 52 33 31 42 33 52 21 7d +``` + +Now, we could use any tool to transform a list of hexadecimal numbers to a string of characters. The simplest way of decoding this would be through [CyberChef](https://gchq.github.io/CyberChef/). After giving our list of numbers as input, we can pick the `"From Hex"` recipe or choose "Magic" and provide `IGCTF` as the crib (which attempts to automatically detect the encoding of the data). This gives us the following output: + +```text +IGCTF{H3LLáCHR31B3R!} +``` + +**This is not the correct flag, however!** The provided `.wav` file specifically mentioned [`CP437`](https://en.wikipedia.org/wiki/Code_page_437), which is the correct character encoding. Using Python (or any other programming language or tool that allows us to use `CP437`), we can easily obtain the correct flag: + +```python +>>> bytes.fromhex(hex_string).decode("cp437") +'IGCTF{H3LLßCHR31B3R!}' +``` \ No newline at end of file diff --git a/hells-hex-station/fldigi.png b/hells-hex-station/fldigi.png new file mode 100644 index 0000000..8d6a7ba Binary files /dev/null and b/hells-hex-station/fldigi.png differ diff --git a/hells-hex-station/recording.wav b/hells-hex-station/recording.wav new file mode 100644 index 0000000..0d3146d Binary files /dev/null and b/hells-hex-station/recording.wav differ