Magnet Virtual Summit CTF 2023

Background: Magnet Virtual Summit CTF 2023 by Magnet Forensics took place in March 2023, and I unfortunately missed it. However, the challenge questions are still available from Magnet Forensics, and I am going to try it :D

Cipher Challenges

1. Time to practice our CW.

-.- . -.– —... .–. .. -. . .- .–. .–. .-.. . — -. .–. .. –.. –.. .

This looks like morse code to me, but to be safe, I still chucked the string to dcode.fr's cipher identifier tool which did confirm that it was a morse code cipher.

dcode.fr also did provide with the morse code translator, which gave the flag:

Flag: "KEY:PINEAPPLEONPIZZAISGREAT!"

2. Time to return to the bas(e)ics and eat a salad .

TFk6THBLeHFqdWJMcEt4cWp1Yg==

This was a clear Base64 encrypted text because of the "==" at the end, plus the hint in the question itself - base(e)ics.

I used a Base64 decoder to decrypt this:

I was a little confused by the gibberish at first, but the question did include "salad", which seemed to provide a clue to caesar cipher. Entering that string into dcode.fr's caesar cipher decoder effectively helped me get the flag:

Flag: IV:ImHungryImHungry

3. I understood math till they started adding letters.

(23492930345809345834905890346890456890456804586 + 53453489824379894375555555555555555555555555555555555555555555553894792 / 234890390458349056748396748957698473586974589 * Y) + (23499596346045645896745988623904893753894679834579384579 / o * 2342342342346782025720570023) * u + 34502750923508934758932475898923025027590823759023758932750970789 * (r + e * (1834918237981237469812376491236491263478932176478231647823634789612) / ((203485739804856783474658394753498 – D + 8299578904356797823459238459823476592348759342) * 9827438923465897236498273493 / o + 2394573904853495793847534 – i * (23423489928937498384798 * n) + 392874982374982374983 * g) * (23893473920589267658972347 + G + 520938752348909023423904783490752345734928576 – r – 23498023849234789236723896329784692387 + 234234283746823746782365 / a) = te

Okay. This one really stumped me. I knew this looked like RSA encryption, but there wasn't enough information for me to break it or retrieve any flag. But wait.. why are there so many unknown variables??

Flag: YoureDoingGreat

4. I can’t remember that URL. I wish I could rewind my day and bookmark it!

442%3Dt%3FwcVmRcN%2DKj9%2Feb%2Eutuoy%2F%2F%3Asptth

Since "URL" is mentioned in the question, I looked for a URL decoder. Cyberchef has a pretty neat tool for this.

Putting it through the tool seemed to return a URL but reversed. I simply dragged the "Reverse" tool from Cyberchef into the 'recipe' to reverse the text to get the flag. Flag: "https://youtu.be/9jK-NcRmVcw?t=244"

5. i Am Excited for thiS year’s ctf, no cap(s)

fc52c3f2c74e4f3e745a9042f283c46a28060ea71ec21424ab09c98092fe5efae7f99267a5c5ac55ad8b8e89b0ded9cc

Looking at the question, the letters that are capitalised are A, E and S, which points to the AES encryption method.

Cyberchef does have a tool for AES Decryption too, but I still required a Key and Initialisation vector (IV). But those sound familiar... they were the flags to the previous questions!

Or... not. I am back to being stumped! I had to take many looks at this question to solve it, but I realised the hint was "no cap(s)". So I made all the letters in both the Key and IV lowercase and:

I got the flag after changing HEX to UTF8 too.

Flag: "https://www.youtube.com/watch?v=xm3YgoEiEDc"

If you clicked on the link, congrats :)

But anyway, that is it for the cipher challenges.

iOS Challenges

For the iOS Challenges, the logical data file can be downloaded here (MD5: 067606649297d7adcf6082e5ed0acbb9).

I used iLEAPP, a free tool to analyse iOS logs and events. Just like the android challenges from Magnet User Summit CTF 2023, this was my first time analysing iOS logs. It was pretty exciting as an Apple user!

1. A few too many

How many different email accounts did the user have?

This took a bit of time to find out, since I had to go through the different users and app login data.

The first email: [email protected] found under the account data tab.

The second and third email was also easy to find; under the Chrome Login Data tab.

I then looked through the other app details, and I found the last and final email under the Slack User Data report tab.

I looked through the other data, and I couldn't find any more emails. So I guess

Flag: 4

2. autoFill me in on the deets

Which email, other than their own, was autofilled in Chrome?

Looking throuhg the Chrome Autofill, I could see the emails found for the previous question, and an additional email.

Flag: [email protected]

3. 1 fish 2 fish, red fish blue fish

According to the user’s email accounts, what is his favorite color?

This was the first iOS challenge I found the flag for, and the user's email account could simply be found under the Account Data report tab.

Flag: blue

4. Chef Boyardee 2.0

At which market was the user viewing Chef Pasquale tomato sauce?

5. Staying stylish!

What color shirt did the user chose to put their snapchat bitmoji in?

6. Picking up Steam

What server was the user interested in making?

I did see something related to servers along the way as I was going through the different data in iLEAPP, and it was in the Chrome Keyword Search Terms tab.

There are two servers being addressed here - CSGO and Rust. I'm guessing however, that with the keyword "Steam", CSGO was the server the user was trying to make, which was right.

Flag: CSGO