STORY DRIVEN OSINT CTF

easy
medium
hard
insane

Kidnapped

Briefing

Greetings, Special Agent.

We have an urgent case on our hands. Our friends at the Police Nationale, in Paris France, have reached out for our assistance. Itโ€™s a case concerning the daughter of a US diplomat residing in France. Recently, Jason Anderson, a former officer with the United States Army Rangers, now diplomat assigned as an intelligence liaison in Paris, received a phone call stating his daughter had been taken. Shortly after, Mr Anderson received a written message in cipher text. We have reason to believe they are closely related.

During the phone call, a man with an Arabic accent spoke to Mr Anderson about having his daughter in captivity. Also stating he has 24 hours to figure out where she is, before he would kill her. Now, this interaction happened 6 hours ago, between that time Mr Anderson contacted police, who reached out to us a few hours after getting stuck on the cipher text.

You assignment is simple, over the next several hours, figure out what the message is behind the cipher text. We need answers quickly, so the police is left with enough time to intervene.

As always, Special Agent, the contract is yours, if you choose to accept.

Materials

Y2MgZWQgZWAgZmEgYV8gY0IgZmEgYUMgYV8gY2AgZUMgZWMgZWQgZmEgZmIgZUQgZUMgYUEgXz8gXz8gY2AgZmIgYV8gZmggZUQgZmQgYV8gZUIgZWAgZmggYV8gZUAgZUMgZUQgZmYgYUEgYV8gY2ggYV8gZWcgZWAgZmUgZWQgYV8gZmggZUQgZmQgZmEgYV8gZWMgZWAgZmQgZWYgZWcgZmMgZWQgZmEgYUMgYV8gY2ggZUMgYV8gZmMgZWcgZWQgYV8gZUMgZWQgZmcgZmMgYV8gYmEgYmMgYV8gZWcgZUQgZmQgZmEgZmIgYUEgYV8gZmIgZWcgZWQgYV8gZmYgZWggZUEgZUEgYV8gZWEgZWQgYV8gZUAgZWggZUEgZUEgZWQgZWMgYV8gZWggZUMgYV8gZmMgZWcgZWQgYV8gZUIgZUQgZmIgZmMgYV8gZWYgZmEgZmQgZWQgZmIgZUQgZUIgZWQgYV8gZmYgZWAgZmggYV8gZWggZUIgZWAgZWYgZWggZUMgZWAgZWEgZUEgZWQgYUMgYV8gY2ggYV8gZUAgZUMgZUQgZmYgYV8gZmYgZWcgZWAgZmMgYV8gZmggZUQgZmQgYV8gZWMgZWggZWMgYV8gZmMgZUQgYV8gZUIgZWQgYV8gZWAgZUMgZWMgYV8gZUIgZmggYV8gZWUgZWAgZUIgZWggZUEgZmggYV8gZWggZUMgYV8gY2ggZmEgZWAgZmAgYUEgYV8gZWAgZUMgZWMgYV8gZmIgZUQgYV8gZWMgZUQgYV8gZmggZUQgZmQgYUMgYV8gZGMgZWcgZWQgYV8gZWUgZmQgZUMgZUMgZmggYV8gZmMgZWcgZWggZUMgZWYgYV8gZWggZmIgYUEgYV8gZWQgZmUgZWQgZUMgYV8gZmMgZWcgZUQgZmQgZWYgZWcgYV8gZmggZUQgZmQgYWYgZmEgZWQgYV8gZmIgZmMgZWAgZmEgZWggZUMgZWYgYV8gZWAgZmMgYV8gZmMgZWcgZWggZmIgYV8gZWQgZmcgZWAgZWIgZmMgYV8gZmMgZWQgZmcgZmMgYUEgYV8gZmYgZWcgZWggZWIgZWcgYV8gZmMgZWQgZUEgZUEgZmIgYV8gZmggZUQgZmQgYV8gZWQgZmcgZWAgZWIgZmMgZUEgZmggYV8gZmYgZWcgZWQgZmEgZWQgYV8gZmggZUQgZmQgZmEgYV8gZWMgZWAgZmQgZWYgZWcgZmMgZWQgZmEgYV8gZWggZmIgYUMgYV8gZGMgZWcgZmEgZUQgZmQgZWYgZWcgYV8gZWAgZUEgZUEgYV8gZmMgZWcgZWQgYV8gZUEgZWAgZmggZWQgZmEgZmIgYV8gZUQgZWUgYV8gZWQgZUMgZWIgZUQgZWMgZWggZUMgZWYgYUEgYV8gZmggZUQgZmQgYV8gZmYgZWggZUEgZUEgYV8gZUMgZWQgZmUgZWQgZmEgYV8gZWUgZWggZUMgZWMgYV8gZWcgZWQgZmEgYV8gZWggZUMgYV8gZmMgZWggZUIgZWQgYUMgXz8gXz8gY2AgZWUgZmMgZWQgZmEgYV8gZWAgZUEgZUEgYV8gZmggZUQgZmQgYV8gZWMgZWggZWMgYV8gZmMgZUQgYV8gZUIgZWQgYUEgYV8gY2ggYV8gZmMgZWAgZUAgZWQgYV8gZmIgZUQgYV8gZUIgZmQgZWIgZWcgYV8gZWQgZUMgZT8gZUQgZmggZUIgZWQgZUMgZmMgYV8gZWUgZmEgZUQgZUIgYV8gZUAgZUMgZUQgZmYgZWggZUMgZWYgYV8gZWcgZUQgZmYgYV8gZmggZUQgZmQgYWYgZmEgZWQgYV8gZmIgZmMgZWAgZmEgZWggZUMgZWYgYV8gZWAgZmMgYV8gZmMgZWcgZWggZmIgYV8gZUIgZWQgZmIgZmIgZWAgZWYgZWQgYUMgYV8gY0AgZUMgZUQgZmYgZWggZUMgZWYgYV8gZmMgZWcgZWAgZmMgYV8gZmMgZWcgZWQgYV8gZWAgZUMgZmIgZmYgZWQgZmEgYV8gZUEgZWggZWQgZmIgYV8gZmYgZWggZmMgZWcgZWggZUMgYUEgYV8gZmggZWQgZmMgYV8gZWIgZUQgZUIgZl8gZUEgZWQgZmMgZWQgZUEgZmggYV8gZl8gZUQgZmYgZWQgZmEgZUEgZWQgZmIgZmIgYV8gZmMgZUQgYV8gZWUgZWggZUMgZWMgYV8gZWggZmMgYUMgYV8gZGIgZUQgYV8gZWAgZmIgYV8gZl8gZmEgZUQgZUIgZWggZmIgZWQgZWMgYUEgYV8gZWcgZWQgZmEgZWQgYV8gZWggZmIgYV8gZmggZUQgZmQgZmEgYV8gZWMgZWAgZmQgZWYgZWcgZmMgZWQgZmEgYj8gYV8gZWggZUMgZWIgZWcgZWQgZWMgYUMgZWEgZWAgZmEgZUIgZWAgZUMgYUMgZWUgZWAgZmIgZmMgYV8gY2YgZUQgZUQgZWMgYV8gZUEgZmQgZWIgZUAgYV8gZWUgZWggZUMgZWMgZWggZUMgZWYgYV8gZmQgZmIgYV8gZWggZUMgYV8gZmMgZWggZUIgZWQgYUEgYV8gZmIgZWcgZWQgYWYgZmIgYV8gZmYgZWggZmMgZWcgYV8gZUIgZWQgYV8gZUAgZUMgZUQgZmYgYUMgYV8gY2IgZmEgZmggZWggZUMgZWYgYV8gZWUgZUQgZmEgYV8gZmIgZUQgZUIgZWQgZUQgZUMgZWQgYV8gZmMgZUQgYV8gZWUgZWggZUMgZWMgYV8gZWcgZWQgZmEgYUEgYV8gZmYgZWcgZWggZWIgZWcgYV8gZmggZUQgZmQgYV8gZmYgZWggZUEgZUEgYUEgYV8gZWggZUMgYV8gZl8gZWggZWQgZWIgZWQgZmIgYUMgYV8gZF8gZWggZWQgZWIgZWQgZmIgYV8gZWIgZmEgZWQgZWAgZmMgZWQgZWMgYV8gZUQgZmQgZmMgYV8gZUQgZWUgYV8gZWcgZWQgZmEgYV8gZWUgZUEgZWQgZmIgZWcgYV8gZmYgZWcgZWggZUEgZWQgYV8gZmIgZWcgZWQgYV8gZmYgZWAgZmIgYV8gZmIgZmMgZWggZUEgZUEgYV8gZWAgZUEgZWggZmUgZWQgYUMgYV8gZGMgZWcgZWAgZmMgYWYgZmIgYV8gZmYgZWcgZWAgZmMgYV8gZmggZUQgZmQgYV8gZWYgZWQgZmMgYV8gZWUgZUQgZmEgYV8gZmMgZWcgZWQgYV8gZWcgZUQgZmEgZmEgZUQgZmEgZmIgYV8gZmggZUQgZmQgYV8gZl8gZmQgZmMgYV8gZUIgZWQgYV8gZWAgZUMgZWMgYV8gZUIgZmggYV8gZWUgZWAgZUIgZWggZUEgZmggYV8gZmMgZWcgZmEgZUQgZmQgZWYgZWcgYUMgXz8gXz8gY2UgZmQgZWIgZUAgYV8gZmggZUQgZmQgYUEgYV8gY0IgZmEgYV8gY2AgZUMgZWMgZWQgZmEgZmIgZUQgZUMgYUM=

Answer Instruction

Use the answer to unlock the flagfile, this will reward you with your badge.

The answer is a what3words combination

Sample answer: banana.truck.hairdresser

Flagfile

Be advised, the flagfile is an encrypted ZIP. Make sure your OS supports the ZIP format. Ensure the password contains no hidden characters or formatting, paste in Notepad first if the password doesn’t seem to work.

Download Flagfile here

PS: Don’t forget to claim your Coins and XP, by posting your card in the #card-brag channel in Discord.

Official Write-up

Provided here is the official write-up, it does contain the answer. Use this if you’re stuck, or want to verify if you got the answer correct.

Kidnapped

A US diplomat’s daughter has been kidnapped, and we need to decode an encrypted message to find her location. The message uses multiple layers of encryption, and the answer will be in what3words format.

Available Materials

  1. Encrypted message (Base64 encoded)
  2. Time constraint (18 hours remaining from 24)
  3. Context about the kidnapper’s motives (Iraq war connection)

Solution Path

Step 1: Initial Decoding

Start with Base64 decoding of the original message:

Y2MgZWQgZWAgZmEgYV8gY0IgZmEgYUMgYV8...

Step 2: ROT47 Decryption

After Base64 decoding, the text needs to be decrypted using ROT47, resulting in hex values:

44 65 61 72 20 4q 72 2r 20 41 6r...

Step 3: Hex Decoding with Character Substitution

Key character substitutions needed:

  1. q โ†’ d
  2. r โ†’ e
  3. s โ†’ f
  4. o โ†’ b
  5. p โ†’ c

The decoded text contains encoded locations in what3words format:

inched.barman.fast

Key Components

  1. Base64 decoding
  2. ROT47 decryption
  3. Hex decoding
  4. Character substitution table
  5. what3words format recognition

Common Pitfalls to Avoid

  1. Missing character substitutions
  2. Incomplete decoding steps
  3. Wrong order of operations
  4. Overlooking the what3words format
  5. Incorrect character mapping

Required Tools

  1. Base64 decoder
  2. ROT47 decoder
  3. Hex decoder
  4. Text editor for substitutions
  5. what3words validator

Verification Steps

  1. Check Base64 decoding
  2. Verify ROT47 output
  3. Confirm hex values
  4. Apply all character substitutions
  5. Validate what3words format

Tips for Solvers

  1. Follow decoding steps in order
  2. Pay attention to patterns in substituted characters
  3. Use systematic substitution approach
  4. Check for consistent patterns
  5. Verify what3words format compliance

Remember: The key to this challenge is recognizing the multiple layers of encoding and systematically applying the correct substitutions to reveal the what3words location.

Creator(s): Frank Diepmaat