CyberMed Summit 2022 Badge: DOS
The DOS badge is a fully artificial heart embedded with Martyl Langsdorf’s Doomsday Clock, "a metaphor for threats to humanity from unchecked scientific and technological advances". The color is based on horseshoe crab blood. Their blood is used in clinical safety testing and is blue because of the copper-based oxygen carrying protein hemocyanin. Hidden in this badge is a message from the CyberMed Summit Team in the form of a capture the flag (CTF).
Happy hacking!
If you have any technical issues, find someone from the Badge Team. They will be wearing a black-and-yellow "Danger" lanyard. You can also email the team at badge-team@cybermedsummit.org.
DOS
DOS (/dɒs/, /dɔːs/) noun
DoS is an acronym for "denial of service", a cyber attack in which bad actors render devices unavailable to users.
DOS (/dɒs/, /dɔːs/) noun
"a platform-independent acronym for disk operating system which later became a common shorthand for disk-based operating systems on IBM PC compatibles.
"A floppy disk or floppy diskette (casually referred to as a floppy, or a diskette) is a type of disk storage composed of a thin and flexible disk of a magnetic storage medium in a square or nearly square plastic enclosure lined with a fabric that removes dust particles from the spinning disk... By the end of the 1980s, 5¼-inch disks had been superseded by 3½-inch disks."
Need a hint?
Below are the hints and walkthroughs for all the challenges. For a given flag, each successive hint is more revealing than the previous. Not all hints have a walkthrough. Walkthroughs are the "How to" and definitely contains spoilers! Choose your own adventure!
How do I play without a floppy disk reader?
If you forgot your floppy reader but want to start playing now, you can get the CTF from our Google Drive here.
What is Steganography?
Steganography (/ˌstɛɡəˈnɒɡrəfi/ (listen) STEG-ə-NOG-rə-fee) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, message, image, or video is concealed within another file, message, image, or video. The word steganography comes from Greek steganographia, which combines the words steganós (στεγανός), meaning "covered or concealed", and -graphia (γραφή) meaning "writing". Reference to Wikipedia.
Is steganography used in medicine?
"A novel image steganography technique in order to hide the ciphered voice data has been suggested in this work. The doctor’s voice comments belonging to a coronavirus disease 2019 (COVID-19) patient are hidden in a medical image in order to protect the patient information...The results of security analysis have revealed that the presented steganography procedure is able to resist statistical attacks and the chaotic system-based steganography scheme shows the characteristics of the sensitive dependence on the initial condition and the secret key. The proposed steganography method which is based on a chaotic system has superior performance in terms of being robust against differential attack and hiding encrypted voice comments of the doctor. Moreover, the introduced algorithm is also resistant against exhaustive, known plaintext, and chosen plaintext attacks."
Check out the full paper "Steganography-based voice hiding in medical images of COVID-19 patients" here.
Have you checked the integrity of the file?
"A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage." (Checksum - Wikipedia).
Here's the checksum for our HEART.zip 2853f95348230f3c0ce6247cf0d5f0f0654088dabdd016aa4f3a7e21d64e13f4. This is a sha256sum.
Learn more about verifying checksums on Linux here.
Learn more about verifying checksums on Windows here.
<Hint 1> Flag1
3½-inch disks can't hold even half what USBs can today. We had to compress everything we wanted to send you, so you'll need to do some unpacking.
<Hint 1> Walkthrough
3½-inch disks can't hold even half what USBs can today. We had to compress everything we wanted to send you, so you'll need to do some unpacking.
Learn more about unzipping files on Linux here.
Learn more about unzipping files on Windows 10 here.
hacker@cybermed$ unzip HEART.zip
Archive: HEART.zip
inflating: HEART
hacker@cybermed$ ls
HEART
HEART.zip
<Hint 2> Flag1
What fresh magic is this? No file extension? There must be away to know what kind of file CyberMed sent even without a file extension.
<Hint 2> Walkthrough
What fresh magic is this? No file extension? There must be away to know what kind of file CyberMed sent even without a file extension.
Learn how to determine files types on Linux here.
Learn how to determine files types online here.
If you're using Windows, you might want to take a moment and update the file name to include the file extension.
hacker@cybermed$ file HEART
HEART: PNG image data, 715 x 1000, 8-bit/color RGBA, non-interlaced
<Hint 3> Flag1
Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras. (Exif - Wikipedia). What can the Exif metadata tell you?
<Hint 3> Walkthrough
Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras. (Exif - Wikipedia). What can the Exif metadata tell you?
Learn how to read Exif metadata on Linux here.
Learn how to read Exif metadata on Windows 10 here.
Note: "REDACTED" Is not the actual flag ^_=
hacker@cybermed$ exiftool HEART | tail
Exif Byte Order : Big-endian (Motorola, MM)
Image Description : Only you can combine 3 separate flags to unlock the payload
X Resolution : 72
Y Resolution : 72
Resolution Unit : inches
Y Cb Cr Positioning : Centered
Comment : Flag1:[REDACTED]
Warning : [minor] Trailer data after PNG IEND chunk
Image Size : 715x1000
Megapixels : 0.715
<Hint 4> Flag2
Red Team, Blue Team, Purple team -- which team are you on, or do you just see red?
<Hint 4> Walkthrough
Red Team, Blue Team, Purple team -- which team are you on, or do you just see red?
Go to CyberChef.
Under Operations, search "colour".
Drag "Randomize Colour Palette" to "Recipe".
In "Input" click on "Open file as input". This looks like a file with an arrow pointing right.
Select the HEART file.
CyberChef will tell you what percent is loaded and automatically start "Baking", which means it's processing the file. When CyberChef finishes baking, you may need to scroll to see Flag2.
<Hint 5> Flag3
Have you got to the heart of the matter? Close your eyes. What do you hear?
<Hint 6> Flag3
Have you got to the heart of the matter? Close your eyes. What do you hear?
You probably didn't hear anything unless you were playing the hidden sound file. You haven't found it? We'll wait while you search the binary.
<Hint 6> Walkthrough
Have you got to the heart of the matter? Close your eyes. What do you hear?
You probably didn't hear anything unless you were playing the hidden sound file. You haven't found it? We'll wait while you search the binary.
Learn how to search a binary image for embedded files and executable code here.
hacker@cybermed$ binwalk -e HEART
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 PNG image, 715 x 1000, 8-bit/color RGBA, non-interlaced
499 0x1F3 TIFF image data, big-endian, offset of first image directory: 8
692 0x2B4 Zlib compressed data, best compression
291664 0x47350 Zip archive data, at least v2.0 to extract, uncompressed size: 81693, name: BaBump.mp3
368795 0x5A09B Zip archive data, at least v2.0 to extract, uncompressed size: 318, name: Payload.zip
369286 0x5A286 End of Zip archive, footer length: 22
hacker@cybermed$ ls
_HEART.extracted
hacker@cybermed$ cd _HEART.extracted
hacker@cybermed$ ls
2B4 2B4.zlib 47350.zip BaBump.mp3 Payload.zip
<Hint 7> Flag3
Have you got to the heart of the matter? Close your eyes. What do you hear?
You probably didn't hear anything unless you were playing the sound file. Oh, you haven't found it? We'll wait while you search the binary.
Ultrasound is a common technology in medicine that converts audios to visuals. (Reference to healthline.com). For those of us without, there's an optical spectrometer, spectrophotometer, spectrograph or spectroscope. This measures properties of light over a specific portion of the electromagnetic spectrum, typically used in spectroscopic analysis to identify materials. (Reference to Wikipedia).
<Hint 7> Walkthrough
Have you got to the heart of the matter? Close your eyes. What do you hear?
You probably didn't hear anything unless you were playing the sound file. Oh, you haven't found it? We'll wait while you search the binary.
Ultrasound is a common technology in medicine that converts audios to visuals. (Reference to healthline.com). For those of us without, there's an optical spectrometer, spectrophotometer, spectrograph or spectroscope. This measures properties of light over a specific portion of the electromagnetic spectrum, typically used in spectroscopic analysis to identify materials. (Reference to Wikipedia).
"A fetal ultrasound (sonogram) is an imaging technique that uses sound waves to produce images of a fetus in the uterus." (Reference to Mayo Clinic). Messages can be hidden inside and revealed by a spectogram.
Learn more about the spectrogram view for Audacity here. Audacity is a Free, open source, cross-platform audio software.
<Hint 8> Message
All 3 flags? You Rock! Did you notice there was not one but two secrets files?
<Hint 9> Message
All 3 flags? You Rock! Did you notice there was not one but two secrets files?
Did you get an error when you tried to unzip? That's because we used Advanced Encryption Standard (AES), and unzip doesn't support AES. Try 7-zip.
<Hint 10> Message
All 3 flags? You Rock! Did you notice there was not one but two secrets files?
Did you get an error when you tried to unzip? That's because we used Advanced Encryption Standard (AES), and unzip doesn't support AES. Try 7-zip.
Have you put it all together? You can't read the secret messge without putting it all together.
<Hint 10> Walkthrough
All 3 flags? You Rock! Did you notice there was not one but two secrets files?
Did you get an error when you tried to unzip? That's because we used Advanced Encryption Standard (AES), and unzip doesn't support AES. Try 7-zip.
Note: "REDACTED" Is not the message ^_=
hacker@cybermed$$ 7z x -p[Sup3rS3cr3tREDACTED] Payload.zip
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i5-10310U CPU @ 1.70GHz (806EC),ASM,AES-NI)
Scanning the drive for archives:
1 file, 318 bytes (1 KiB)
Extracting archive: Payload.zip
--
Path = Payload.zip
Type = zip
Physical Size = 318
Would you like to replace the existing file:
Path: ./Payload
Size: 0 bytes
Modified: 2022-11-09 07:52:20
with the file from archive:
Path: Payload
Size: 85 bytes (1 KiB)
Modified: 2022-11-09 07:52:20
? (Y)es / (N)o / (A)lways / (S)kip all / A(u)to rename all / (Q)uit? y
Everything is Ok
Size: 85
Compressed: 318
hacker@cybermed$ ls
2B4 2B4.zlib 47350.zip BaBump.mp3 Payload Payload.zip
hacker@cybermed$$ file Payload
Payload: ASCII text
hacker@cybermed$ cat Payload
[REDACTED]
Meet the Badge Makers
Hubris
USA
Hubris increases the crushing dread malicious actors fear, provides tranquility to the good people by ensuring that their critical systems are available and patched, and strengthens operational integrity by evoking the best in his team.
At least that's what his mom told us.
Char
USA
Char has designed hardware and software but much prefers undesigning them.