[OSINT?? 200 pts]

This 200 point “OSINT” problem kind of strange. I would classify this as more of a Forensics problem, since I generally think that they way you solve this one is forensics based… right?

Part of the description reads: ‘Agent. We found a target posting strange images of boarding passes to his Instagram. None of the guys at base can figure it out, but we think he’s been using the images to exfiltrate data.’

An interesting title for an OSINT problem, but whatever.

Everything looks normal, except instead of a map locator like the 5 others, this one had the standard text Flag format

So right away we know we are looking for an actual flag.
Lets take a look at the attached image.

Immediately I began searching for the details on the flier, but found nothing. RAirway does not seem to be any reference to anything, and the flight numbers and details don’t reveal anything. I spent about 15 minutes searching for a way ti solve this using typical OSINT techniques.

I kept on looking at the Enigma code book under the flier, and the numbers and the barcode and the letters, and my mind kept thinking of forensics and cryptography techniques I might be able to use to extract data from the image – but I kept reminding myself, “No no no, this is a OSINT problem – I’m not gonna be able to extract any data that’s hidden under layers of the image.” So I just left it at that.

After thinking for a while, I thought, ‘hmm I might as well check out that barcode anyway’. and so I did. I opened it in Gimp and turned it into a computer-readable barcode.

rotating the image
cropping the image

Now I went to an online reader, selected the type of barcode this is (it appears to match the PDF417 type), uploaded the image, and let it process it.

However, it detected no barcode. Strange, I thought – until I realized that the colors of the barcode may be different.

Comparing this stock PDF417 barcode to ours, it looks like the the color scheme is inverted.

This image has an empty alt attribute; its file name is image-36.png

White-on-Black background ^ instead of Black-on-White background.

This was easily fixable with Gimp’s color-invert function:

After uploading that to the online barcode-reading site, we get the flag.

…Yep, I solved the OSINT problem using standard Forensic tactics…
(In not sure how Open Source Intelligence was supposed to be used to solve this problem, because I sure didn’t use any)

Flag: ractf{B0ard1ngP4ssD4t4}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s