HACKTORIA — Red Star Recon (Write-Up)

rootsechax
5 min readJan 4, 2025

--

BRIEFING

Greetings, Special Agent.

This is a mission vital to national and international security. Recent intelligence has uncovered that North Korea has launched a new type of reconnaissance satellite, capable of advanced surveillance and potentially equipped with offensive capabilities. Your mission is to decipher the intercepted communications from this satellite to prevent a possible threat.

Intelligence reports indicate that the satellite is set to scan and potentially target three specific buildings across the globe. These locations are believed to hold significant strategic value, and their security is paramount. Your first task will be to collaborate with our cyber operations team to decipher North Koreas encrypted transmissions. Furthermore, you will coordinate with the Tiberian Order to ensure the protection of the buildings once identified. Each location will require a tailored approach, considering both the physical and cyber defenses in place.

Your expertise in strategic infiltration and countermeasures will be crucial in thwarting any offensive actions taken by North Korea. This mission demands a combination of stealth, precision, and rapid decision-making under pressure. Success will not only neutralize a potential threat but also provide us with valuable intelligence on North Korean satellite capabilities.

As always, Special Agent, the contract is yours, if you choose to accept.

ANSWER INSTRUCTIONS

Use the answer to unlock the flagfile, this will reward you with your badge.

Submit your findings in the following format in English:

location-one-location-two-location-three-transmission-signature

Answer Example:

northwest-tech-hub-city-hall-blue-tower-m1548

MATERIALS

Location #1
Location #2
Location #3

Besides the location photos, there’s also a PCAP file that can be downloaded here: https://hacktoria.com/wp-content/materials/korean-pcap.zip

GEOLOCATION #1

Performed Reverse Image Search on the picture & 2 interesting locations showed up.

Found the exact location including with the name of the building shown in Spanish. The building is located in Buenos Aires, Argentina.

As the answer requires the name of the building in English, so I translated this building name from Spanish to English.

GEOLOCATION #2

Performed Reverse Image Search on photo of location #2 & showing the building nearby. The photo is located in Brasilia, Brazil. I’ll take a look at Google Maps (3D View) to check the surroundings.

Found the exact location of the photo #2 with the building name written in Brazilian Portuguese.

Did another translation from Brazilian Portuguese to English to get the English version of the building name.

GEOLOCATION #3

It’s quite challenging as the photo is quite blurry & the resolution is small. I performed another Reverse Image Search & it leads me to Miami, Florida. A website showing something related to Downtown Miami / Biscayne Green that can be useful for analysis.

Looks like the photo in the middle showing the same but wider photo of the location #3.

Found the exact building from Google Map (3D View). Just need to find the name of the building.

Changing the layer to Map & zoom around this location. I found the name of this building which considered having strategic value. No need to translate as this building already named in English.

PCAP ANALYSIS

Seeing the PCAP file on Wireshark, the protocols used are ICMP, TCP & UDP. I’ll filter the ICMP to see the contents.

With filtered protocol on ICMP, I found some repetitive chiphered message being sent. I’ll use Cipher Identifier to find out the encoding used.

Inputting the Ciphertext to Cipher Identifier & finds out that it’s encoded in Base 58. Let’s put CyberChef in the action to break this.

Using CyberChef, the encoded message is actually written in Korean. I need to translate it to English so I could understand the context.

After the translation, the message confirmed the location of the 3 photos above. The message is ended with a transmission signal code.

Now you can rearrange the answer following the answer format to get the badge! #OSINTDOJO

-rootsec

--

--

rootsechax
rootsechax

Written by rootsechax

OSINT Enthusiast & Amateur Red Team

No responses yet