Writeup DGSE - CTF - Sous l'océan

This article describes my solution for the 50-point challenge called “Sous l’océan”.

Introduction

Nous pensons avoir retrouvé la trace d'Eve Descartes. Nous avons reçu un fichier anonyme provenant d'un smartphone Android (probablement celui de son ravisseur). Retrouvez des informations dans son historique de position.

Le flag est de la forme DGSESIEE{x} avec x une chaine de caractères

memdump.txt (SHA256=29c702ff8dc570319e5e8d05fc4cb96c1536b595b9a4e93d6205774f9afd2bff) : http://challengecybersec.fr/d3d2bf6b74ec26fdb57f76171c36c8fa/memdump.txt

If you want to test it yourself, the memdump.txt file is available here.

Start

It would seem that it is necessary to find the trace of Eve Descartes via the position history of her cellphone. The history of position is found in a rather general way: via GPS coordinates.

Analyzing

By manipulating this file with grep, we can get GPS coordinates. The exact command to extract them is the following.

grep -iA95 "location history" memdump.txt > gps.txt

We also see that there are 15 custom locations. In these custom locations there are between 2 and 7 GPS coordinates (latitude and longitude).

By manipulating the gps.txt file, only the GPS coordinates can be obtained.

head gps.txt
-47,1462046 30,9018186
-47,1963297 30,9012294
-47,1970164 30,8641039
-47,1438013 30,8652827
-47,1448313 30,9642508
-47,0820032 30,8641039
-47,1300684 30,8643986
-47,1304118 30,9006402
-47,0789133 30,9003456
-47,0847498 30,8131067

By connecting these GPS points and returning the image produced via online tools, we see (with difficulty if we have rotten eyes) the flag appear. To validate this flag, the string had to be lowercase.

DGSESIEE{oc34n}