The challenge started with a single file m2.gz which would not open as a standard gzip file.
So we tried renaming it a few times to different extensions. No dice. So i had a look at the HEX code and noticed it did say BZ so we tried that and it opened.
That open file allowed us to extract m2.tar and that file opened as well to extract 1.bin.
Another HEX look at 1.bin revealed some SIP headers which looked like a PCAP dump
So we renamed the file to 1.bin.pcap and opened the file with Wireshark.
Wireshark allows you to extract audio from the stream using the Telephony menu. At first, we used the RTP > STREAM ANALYSIS option. That gave us an audio file that was very noisy but you could hear someone talking. Some of us thought it was Korean others thought it was backwards.
We used Audacity to remove the noise as much as possible but nothing helped us determine what was being said aside from a few letters. After an hour or so of listening to noise, we gave up and moved on to other challenges.
After a break and some food, I went back to the RTP menu and noticed the SHOW ALL STREAMS option. I tried that and it revealed two audio streams.
I then realized the first try gave us both audio streams combined into one. So I used this option to separate the audio streams. The result was a computerized voice saying:
“The key is n1c3t0h34r goodbye”
