If you forgot your floppy reader but want to start playing now, you can get the CTF from our Google Drive here.

Steganography (/ˌstɛɡəˈnɒɡrəfi/ (listen) STEG-ə-NOG-rə-fee) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, message, image, or video is concealed within another file, message, image, or video. The word steganography comes from Greek steganographia, which combines the words steganós (στεγανός), meaning "covered or concealed", and -graphia (γραφή) meaning "writing". Reference to Wikipedia.

Is steganography used in medicine?

"A novel image steganography technique in order to hide the ciphered voice data has been suggested in this work. The doctor’s voice comments belonging to a coronavirus disease 2019 (COVID-19) patient are hidden in a medical image in order to protect the patient information...The results of security analysis have revealed that the presented steganography procedure is able to resist statistical attacks and the chaotic system-based steganography scheme shows the characteristics of the sensitive dependence on the initial condition and the secret key. The proposed steganography method which is based on a chaotic system has superior performance in terms of being robust against differential attack and hiding encrypted voice comments of the doctor. Moreover, the introduced algorithm is also resistant against exhaustive, known plaintext, and chosen plaintext attacks."

Check out the full paper "Steganography-based voice hiding in medical images of COVID-19 patients" here.

"A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage." (Checksum - Wikipedia).

Here's the checksum for our HEART.zip 2853f95348230f3c0ce6247cf0d5f0f0654088dabdd016aa4f3a7e21d64e13f4. This is a sha256sum.

Learn more about verifying checksums on Linux here.

Learn more about verifying checksums on Windows here.

3½-inch disks can't hold even half what USBs can today. We had to compress everything we wanted to send you, so you'll need to do some unpacking.

3½-inch disks can't hold even half what USBs can today. We had to compress everything we wanted to send you, so you'll need to do some unpacking.

Learn more about unzipping files on Linux here.

Learn more about unzipping files on Windows 10 here.

hacker@cybermed$ unzip HEART.zip

Archive:  HEART.zip

  inflating: HEART

hacker@cybermed$ ls

HEART

HEART.zip

What fresh magic is this? No file extension? There must be away to know what kind of file CyberMed sent even without a file extension.

What fresh magic is this? No file extension? There must be away to know what kind of file CyberMed sent even without a file extension.

Learn how to determine files types on Linux here.

Learn how to determine files types online here.

If you're using Windows, you might want to take a moment and update the file name to include the file extension.

hacker@cybermed$ file HEART

HEART: PNG image data, 715 x 1000, 8-bit/color RGBA, non-interlaced

Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras. (Exif - Wikipedia). What can the Exif metadata tell you?

Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras. (Exif - Wikipedia). What can the Exif metadata tell you?

Learn how to read Exif metadata on Linux here.

Learn how to read Exif metadata on Windows 10 here.

Note: "REDACTED" Is not the actual flag ^_=

hacker@cybermed$ exiftool HEART | tail

Exif Byte Order                 : Big-endian (Motorola, MM)

Image Description               : Only you can combine 3 separate flags to unlock the payload

X Resolution                    : 72

Y Resolution                    : 72

Resolution Unit                 : inches

Y Cb Cr Positioning             : Centered

Comment                         : Flag1:[REDACTED]

Warning                         : [minor] Trailer data after PNG IEND chunk

Image Size                      : 715x1000

Megapixels                      : 0.715

Red Team, Blue Team, Purple team -- which team are you on, or do you just see red?

Red Team, Blue Team, Purple team -- which team are you on, or do you just see red?

1. Go to CyberChef.

2. Under Operations, search "colour".

3. Drag "Randomize Colour Palette" to "Recipe".

4. In "Input" click on "Open file as input". This looks like a file with an arrow pointing right.

5. Select the HEART file.

CyberChef will tell you what percent is loaded and automatically start "Baking", which means it's processing the file. When CyberChef finishes baking, you may need to scroll to see Flag2.

Have you got to the heart of the matter? Close your eyes. What do you hear?

Have you got to the heart of the matter? Close your eyes. What do you hear?

You probably didn't hear anything unless you were playing the hidden sound file. You haven't found it? We'll wait while you search the binary.

Have you got to the heart of the matter? Close your eyes. What do you hear?

You probably didn't hear anything unless you were playing the hidden sound file. You haven't found it? We'll wait while you search the binary.

Learn how to search a binary image for embedded files and executable code here.

hacker@cybermed$ binwalk -e HEART 

DECIMAL       HEXADECIMAL     DESCRIPTION

--------------------------------------------------------------------------------

0             0x0             PNG image, 715 x 1000, 8-bit/color RGBA, non-interlaced

499           0x1F3           TIFF image data, big-endian, offset of first image directory: 8

692           0x2B4           Zlib compressed data, best compression

291664        0x47350         Zip archive data, at least v2.0 to extract, uncompressed size: 81693, name: BaBump.mp3

368795        0x5A09B         Zip archive data, at least v2.0 to extract, uncompressed size: 318, name: Payload.zip

369286        0x5A286         End of Zip archive, footer length: 22

hacker@cybermed$ ls

_HEART.extracted 

hacker@cybermed$ cd _HEART.extracted 

hacker@cybermed$ ls

2B4  2B4.zlib  47350.zip  BaBump.mp3  Payload.zip

Have you got to the heart of the matter? Close your eyes. What do you hear?

You probably didn't hear anything unless you were playing the sound file. Oh, you haven't found it? We'll wait while you search the binary.

Ultrasound is a common technology in medicine that converts audios to visuals. (Reference to healthline.com). For those of us without, there's an optical spectrometer, spectrophotometer, spectrograph or spectroscope. This measures properties of light over a specific portion of the electromagnetic spectrum, typically used in spectroscopic analysis to identify materials. (Reference to Wikipedia).

Have you got to the heart of the matter? Close your eyes. What do you hear?

You probably didn't hear anything unless you were playing the sound file. Oh, you haven't found it? We'll wait while you search the binary.

Ultrasound is a common technology in medicine that converts audios to visuals. (Reference to healthline.com). For those of us without, there's an optical spectrometer, spectrophotometer, spectrograph or spectroscope. This measures properties of light over a specific portion of the electromagnetic spectrum, typically used in spectroscopic analysis to identify materials. (Reference to Wikipedia).

"A fetal ultrasound (sonogram) is an imaging technique that uses sound waves to produce images of a fetus in the uterus." (Reference to Mayo Clinic). Messages can be hidden inside and revealed by a spectogram.

Learn more about the spectrogram view for Audacity here. Audacity is a Free, open source, cross-platform audio software.

All 3 flags? You Rock! Did you notice there was not one but two secrets files?

All 3 flags? You Rock! Did you notice there was not one but two secrets files?

Did you get an error when you tried to unzip? That's because we used Advanced Encryption Standard (AES), and unzip doesn't support AES. Try 7-zip.

All 3 flags? You Rock! Did you notice there was not one but two secrets files?

Did you get an error when you tried to unzip? That's because we used Advanced Encryption Standard (AES), and unzip doesn't support AES. Try 7-zip.

Have you put it all together? You can't read the secret messge without putting it all together.

All 3 flags? You Rock! Did you notice there was not one but two secrets files?

Did you get an error when you tried to unzip? That's because we used Advanced Encryption Standard (AES), and unzip doesn't support AES. Try 7-zip.

Note: "REDACTED" Is not the message ^_=

hacker@cybermed$$ 7z x -p[Sup3rS3cr3tREDACTED] Payload.zip 

7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21

p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i5-10310U CPU @ 1.70GHz (806EC),ASM,AES-NI)

Scanning the drive for archives:

1 file, 318 bytes (1 KiB)

Extracting archive: Payload.zip

--

Path = Payload.zip

Type = zip

Physical Size = 318

Would you like to replace the existing file:

  Path:     ./Payload

  Size:     0 bytes

  Modified: 2022-11-09 07:52:20

with the file from archive:

  Path:     Payload

  Size:     85 bytes (1 KiB)

  Modified: 2022-11-09 07:52:20

? (Y)es / (N)o / (A)lways / (S)kip all / A(u)to rename all / (Q)uit? y

Everything is Ok

Size:       85

Compressed: 318

hacker@cybermed$ ls

2B4  2B4.zlib  47350.zip  BaBump.mp3  Payload  Payload.zip

hacker@cybermed$$ file Payload

Payload: ASCII text

hacker@cybermed$ cat Payload

[REDACTED]