Hacktoria CTF: The Butcher

Hacktoria CTF: The Butcher
Photo by Rob Griffin / Unsplash

Prerequisites:
You should be familiar with file signatures and data carving. You can learn about data carving here.

Tools:
Before you begin this challenge, you will need a hex editor to view the hex code. I'll be using HxD, but any hex editor will do.

I opened the file called “password-the-butcher” in HxD. I opened the "password-the-butcher" file in HxD. The decrypted text appears to have been written in hexadecimal.

HxD Hex Editor

Next, I searched for a list of file signatures, and found a list on Wikipedia.
I pressed Ctrl-f on the web page and typed “49 44 33”, which is the file signature starting at offset 0. The starting signature indicates that the file is an MP3.

MP3 File Signature at Offset 0

I scrolled down to the bottom of the file to find the ending file signature. The ending signature starts with a “ff f3”.

MP3 end signature in HxD

I went back to the signature file list on Wikipedia and typed “ff f3” in the browser find box. This confirmed that “ff f3” which is an ending file signature for an MP3 file.

MP3 ending signature

I opened the file in Notepad and then copied all the text. I then created a new file in HxD and pasted in the copied text. The new file was saved, as password-the-butcher.mp3

I then played the MP3 file and transcribed the letters which gave me the password to the zip file.

Transcribed password: fgjkaergnadrmgkhngadrgle

Read more