CyberMed Summit 2022 Badge: DOS

The DOS badge is a fully artificial heart embedded with Martyl Langsdorf’s Doomsday Clock, "a metaphor for threats to humanity from unchecked scientific and technological advances". The color is based on horseshoe crab blood. Their blood is used in clinical safety testing and is blue because of the copper-based oxygen carrying protein hemocyanin. Hidden in this badge is a message from the CyberMed Summit Team in the form of a capture the flag (CTF).

Happy hacking!

If you have any technical issues, find someone from the Badge Team. They will be wearing a black-and-yellow "Danger" lanyard. You can also email the team at badge-team@cybermedsummit.org.

DOS

DOS (/dɒs/, /dɔːs/) noun

DoS is an acronym for "denial of service", a cyber attack in which bad actors render devices unavailable to users.

DOS (/dɒs/, /dɔːs/) noun

"a platform-independent acronym for disk operating system which later became a common shorthand for disk-based operating systems on IBM PC compatibles.

"A floppy disk or floppy diskette (casually referred to as a floppy, or a diskette) is a type of disk storage composed of a thin and flexible disk of a magnetic storage medium in a square or nearly square plastic enclosure lined with a fabric that removes dust particles from the spinning disk... By the end of the 1980s, 5¼-inch disks had been superseded by 3½-inch disks."

Reference to Wikipedia.

Need a hint?

Below are the hints and walkthroughs for all the challenges. For a given flag, each successive hint is more revealing than the previous. Not all hints have a walkthrough. Walkthroughs are the "How to" and definitely contains spoilers! Choose your own adventure!

How do I play without a floppy disk reader?

If you forgot your floppy reader but want to start playing now, you can get the CTF from our Google Drive here.

What is Steganography?

Steganography (/ˌstɛɡəˈnɒɡrəfi/ (listen) STEG-ə-NOG-rə-fee) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, message, image, or video is concealed within another file, message, image, or video. The word steganography comes from Greek steganographia, which combines the words steganós (στεγανός), meaning "covered or concealed", and -graphia (γραφή) meaning "writing". Reference to Wikipedia.

Is steganography used in medicine?

"A novel image steganography technique in order to hide the ciphered voice data has been suggested in this work. The doctor’s voice comments belonging to a coronavirus disease 2019 (COVID-19) patient are hidden in a medical image in order to protect the patient information...The results of security analysis have revealed that the presented steganography procedure is able to resist statistical attacks and the chaotic system-based steganography scheme shows the characteristics of the sensitive dependence on the initial condition and the secret key. The proposed steganography method which is based on a chaotic system has superior performance in terms of being robust against differential attack and hiding encrypted voice comments of the doctor. Moreover, the introduced algorithm is also resistant against exhaustive, known plaintext, and chosen plaintext attacks."


Check out the full paper "Steganography-based voice hiding in medical images of COVID-19 patients" here.

Have you checked the integrity of the file?

"A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage." (Checksum - Wikipedia).


Here's the checksum for our HEART.zip 2853f95348230f3c0ce6247cf0d5f0f0654088dabdd016aa4f3a7e21d64e13f4. This is a sha256sum.


Learn more about verifying checksums on Linux here.

Learn more about verifying checksums on Windows here.

<Hint 1> Flag1

3½-inch disks can't hold even half what USBs can today. We had to compress everything we wanted to send you, so you'll need to do some unpacking.

<Hint 1> Walkthrough

3½-inch disks can't hold even half what USBs can today. We had to compress everything we wanted to send you, so you'll need to do some unpacking.


Learn more about unzipping files on Linux here.

Learn more about unzipping files on Windows 10 here.


hacker@cybermed$ unzip HEART.zip

Archive: HEART.zip

inflating: HEART

hacker@cybermed$ ls

HEART

HEART.zip

<Hint 2> Flag1

What fresh magic is this? No file extension? There must be away to know what kind of file CyberMed sent even without a file extension.

<Hint 2> Walkthrough

What fresh magic is this? No file extension? There must be away to know what kind of file CyberMed sent even without a file extension.


Learn how to determine files types on Linux here.

Learn how to determine files types online here.

If you're using Windows, you might want to take a moment and update the file name to include the file extension.


hacker@cybermed$ file HEART

HEART: PNG image data, 715 x 1000, 8-bit/color RGBA, non-interlaced

<Hint 3> Flag1

Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras. (Exif - Wikipedia). What can the Exif metadata tell you?

<Hint 3> Walkthrough

Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras. (Exif - Wikipedia). What can the Exif metadata tell you?


Learn how to read Exif metadata on Linux here.

Learn how to read Exif metadata on Windows 10 here.


Note: "REDACTED" Is not the actual flag ^_=


hacker@cybermed$ exiftool HEART | tail

Exif Byte Order : Big-endian (Motorola, MM)

Image Description : Only you can combine 3 separate flags to unlock the payload

X Resolution : 72

Y Resolution : 72

Resolution Unit : inches

Y Cb Cr Positioning : Centered

Comment : Flag1:[REDACTED]

Warning : [minor] Trailer data after PNG IEND chunk

Image Size : 715x1000

Megapixels : 0.715

<Hint 4> Flag2

Red Team, Blue Team, Purple team -- which team are you on, or do you just see red?

<Hint 4> Walkthrough

Red Team, Blue Team, Purple team -- which team are you on, or do you just see red?


  1. Go to CyberChef.

  2. Under Operations, search "colour".

  3. Drag "Randomize Colour Palette" to "Recipe".

  4. In "Input" click on "Open file as input". This looks like a file with an arrow pointing right.

  5. Select the HEART file.

CyberChef will tell you what percent is loaded and automatically start "Baking", which means it's processing the file. When CyberChef finishes baking, you may need to scroll to see Flag2.

<Hint 5> Flag3

Have you got to the heart of the matter? Close your eyes. What do you hear?

<Hint 6> Flag3

Have you got to the heart of the matter? Close your eyes. What do you hear?


You probably didn't hear anything unless you were playing the hidden sound file. You haven't found it? We'll wait while you search the binary.

<Hint 6> Walkthrough

Have you got to the heart of the matter? Close your eyes. What do you hear?

You probably didn't hear anything unless you were playing the hidden sound file. You haven't found it? We'll wait while you search the binary.


Learn how to search a binary image for embedded files and executable code here.


hacker@cybermed$ binwalk -e HEART


DECIMAL HEXADECIMAL DESCRIPTION

--------------------------------------------------------------------------------

0 0x0 PNG image, 715 x 1000, 8-bit/color RGBA, non-interlaced

499 0x1F3 TIFF image data, big-endian, offset of first image directory: 8

692 0x2B4 Zlib compressed data, best compression

291664 0x47350 Zip archive data, at least v2.0 to extract, uncompressed size: 81693, name: BaBump.mp3

368795 0x5A09B Zip archive data, at least v2.0 to extract, uncompressed size: 318, name: Payload.zip

369286 0x5A286 End of Zip archive, footer length: 22

hacker@cybermed$ ls

_HEART.extracted

hacker@cybermed$ cd _HEART.extracted

hacker@cybermed$ ls

2B4 2B4.zlib 47350.zip BaBump.mp3 Payload.zip

<Hint 7> Flag3

Have you got to the heart of the matter? Close your eyes. What do you hear?

You probably didn't hear anything unless you were playing the sound file. Oh, you haven't found it? We'll wait while you search the binary.

Ultrasound is a common technology in medicine that converts audios to visuals. (Reference to healthline.com). For those of us without, there's an optical spectrometer, spectrophotometer, spectrograph or spectroscope. This measures properties of light over a specific portion of the electromagnetic spectrum, typically used in spectroscopic analysis to identify materials. (Reference to Wikipedia).

<Hint 7> Walkthrough

Have you got to the heart of the matter? Close your eyes. What do you hear?

You probably didn't hear anything unless you were playing the sound file. Oh, you haven't found it? We'll wait while you search the binary.

Ultrasound is a common technology in medicine that converts audios to visuals. (Reference to healthline.com). For those of us without, there's an optical spectrometer, spectrophotometer, spectrograph or spectroscope. This measures properties of light over a specific portion of the electromagnetic spectrum, typically used in spectroscopic analysis to identify materials. (Reference to Wikipedia).

"A fetal ultrasound (sonogram) is an imaging technique that uses sound waves to produce images of a fetus in the uterus." (Reference to Mayo Clinic). Messages can be hidden inside and revealed by a spectogram.


Learn more about the spectrogram view for Audacity here. Audacity is a Free, open source, cross-platform audio software.

<Hint 8> Message

All 3 flags? You Rock! Did you notice there was not one but two secrets files?

<Hint 9> Message

All 3 flags? You Rock! Did you notice there was not one but two secrets files?

Did you get an error when you tried to unzip? That's because we used Advanced Encryption Standard (AES), and unzip doesn't support AES. Try 7-zip.

<Hint 10> Message

All 3 flags? You Rock! Did you notice there was not one but two secrets files?

Did you get an error when you tried to unzip? That's because we used Advanced Encryption Standard (AES), and unzip doesn't support AES. Try 7-zip.

Have you put it all together? You can't read the secret messge without putting it all together.

<Hint 10> Walkthrough

All 3 flags? You Rock! Did you notice there was not one but two secrets files?

Did you get an error when you tried to unzip? That's because we used Advanced Encryption Standard (AES), and unzip doesn't support AES. Try 7-zip.


Note: "REDACTED" Is not the message ^_=


hacker@cybermed$$ 7z x -p[Sup3rS3cr3tREDACTED] Payload.zip


7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21

p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i5-10310U CPU @ 1.70GHz (806EC),ASM,AES-NI)


Scanning the drive for archives:

1 file, 318 bytes (1 KiB)


Extracting archive: Payload.zip

--

Path = Payload.zip

Type = zip

Physical Size = 318


Would you like to replace the existing file:

Path: ./Payload

Size: 0 bytes

Modified: 2022-11-09 07:52:20

with the file from archive:

Path: Payload

Size: 85 bytes (1 KiB)

Modified: 2022-11-09 07:52:20

? (Y)es / (N)o / (A)lways / (S)kip all / A(u)to rename all / (Q)uit? y


Everything is Ok


Size: 85

Compressed: 318

hacker@cybermed$ ls

2B4 2B4.zlib 47350.zip BaBump.mp3 Payload Payload.zip

hacker@cybermed$$ file Payload

Payload: ASCII text

hacker@cybermed$ cat Payload

[REDACTED]

Meet the Badge Makers

Hubris

USA

Hubris increases the crushing dread malicious actors fear, provides tranquility to the good people by ensuring that their critical systems are available and patched, and strengthens operational integrity by evoking the best in his team.

At least that's what his mom told us.

Char

USA

Char has designed hardware and software but much prefers undesigning them.