The Soothing Waves

Posted by

ShellCon – October 2020

Alright chief, it's time to showoff your stego skills. Can you hear the ocean?

For this Steganography challenge, we’re given the hint above and the file below:

I don’t know about you, but my goto tool (say it fast 10 times) for audio steganography is Audacity because I like the name and also because Audacity is free, open source, and cross-platform. What’s not to like? Download it from the official site: Audacity.

Plot twist. For some reason I decide to listen to it first before opening it in Audacity. After all, it is an audio file and I might find indications of what I’m looking for just by listening to it. Check it out below. You’ll find that it is pretty high pitched:

This high frequency intrigues me and I decide to check if Morse code is involved. (Morse code doesn’t have to be high pitched, but that’s usually how we hear them in movies, amirite?). I load up Morse Code Adaptive Audio Decoder in my browser, upload the wav file and play it. The text that is generated doesn’t make much sense:

E EE IIE E5 E E E E I TI A MD TTT T I EEH EI EE S E A HSE

But something much more exciting catches the eye in the rendered spectrogram:

Recognize those little characters? What? Never had fun trying out the weirdest fonts you could find in Word? Of course! These are Wingdings! Don’t ask me why, but I recognized the font face thanks to the zodiac signs. Most of these characters are pretty easy to identify, but not all, so I try tweaking the settings of the morse code decoder to try to sharpen the less clearer characters, in vain.

That’s when I think of loading the wav file into Audacity and checking the spectrogram view. By default, when you load an audio file into Audacity, you get this type of rendering:

The default view in Audacity

If you click on the downward facing chevron, open the menu and select Spectrogram, you get a whole new perspective on the file. And this is usually the view that reveals hidden messages:

After switching to Spectrogram view

I open up the Spectrogram Settings panel and start playing with the values until I get something a bit easier to read:

These are the settings that made it easier to distinguish the characters

Now I can start decoding the message. One site that I like a lot is https://www.dcode.fr/. I highly recommend it when you have a cipher or any other type of code to solve. Just type “Wingdings” in the search box and you’ll get to a page that allows you to go from regular alphabet to wingdings and vice versa.

After a bit of trial and error, I’m able to decrypt the message:

Finally got the flag! Or I thought so…

But something’s wrong… my flag keeps getting refused by the system. I’m literally banging my head against a wall. It just doesn’t work. I actually go to bed thinking about this one. After a few hours’ rest, I’m back at it and still trying to understand what I’m doing wrong. Finally I copy the solution to Word, change the font a few times and understand my mistake. That Wingding “open folder” character represents a 1, not an l! With some fonts, the difference is hardly visible. The author of this challenge, the mighty @S1rDr0n3, had substituted a single character to leet speak, and that almost drove me nuts! Nice trick!

I’m pretty new to audio steganography so if you have any tips to share about this field, please leave a comment below. Be it tools, techniques, interesting reads, I’m all ears! Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s