Lost Down Under Writeup
Sometimes it’s hard to connect the dots.
MISSION BRIEFING
Greetings Special Agent K. We need your assistance in an urgent matter. Our client, the Australian Secret Intelligence Agency, ASIS for short, has requested our help to uncover a terrorist organization.
This group, who’s name is yet to be uncovered, has shown intent on bombing several locations around Australia. Their origins are confirmed to be domestic, with money coming in from Chinese non-government actors.
Several hours ago, one of our Red Teams was able to breach one of the terrorist groups’ email accounts. There was a single email, containing a cryptic looking text and a total of seven images.
We need you to figure out what these seven images and text mean. Are they connected? Is this a rabbit hole? With our current information, we have reason to believe these images are directly related to the suspected plans for bombings.
The answer from the text and images leads to the password for unlocking the flagfile. Which contains your contract card.
As always. Special Agent K, the contract is yours, if you choose to accept.
METHODOLOGY
You are first tasked with the process of decrypting an encoded message.
STEPS
- Convert Base32 To ASCII
- Convert ASCII to HEX
- Convert HEX to Human Readable
Decrypted text:
transmission number 458964983 needs multiplication with the answer to unlock the file. We will start operation kangaroo once all bombs are in place.
Location 1
The markings on top of the building indicate that this is a Buddhist temple to locate image 1. I searched for Buddhist Temples in the Melbourne Victoria area of Australia because all the images are within the area of Victoria.
Location 2
The second location has a distinctive marking that immediately stands out, almost certainly giving away the correct location. “St Martins De Porres Parish school”. A catholic school which once inputted into google maps takes you to the correct location.
Location 3
Location number three’s photo was altered during the course of the CTF to make it easier to identify. However, I was one of the individuals who did manage to locate the third location before it’s change. The blue and white sign to the right in the picture is titled as “Vinnies” who are a network of volunteers. Searching all the Vinnies within the Victoria area is how I was able to locate the third location but the street that the Vinnies is located at is not the correct answer it’s the building directly across the street facing the Vinnies that allows for a correct calculation of the password file.
Location 4
During my investigation of all of these locations I thought that there might have been some link between the organizations and I was not wrong. I was able to find this location due to prior information from the third location.
https://www.vinnies.org.au/page/Get_Involved/Become_a_corporate_partner/National_Partners/IGA_Partnership/ I found this link which shows that Vinnies and IGA have a partnership, so I was able to figure out what kind of company the IGA logo represented. Then I typed “IGA warehouse victoria Australia” into Google and found the location.
Location 5
Perhaps the most difficult location to find was number five because initially google lens didn’t work, bing image search didn’t work and yandex wasn’t coming to the correct conclusion. Although it was through bing image search that I did find the location, it was not easy to pinpoint. Bing image search brings up a link with a picture familiar to the one in the photo. https://www.flickr.com/photos/40262251@N03/6087650865
The link mentions that this mock Tudor Villa is within the suburb of Essendon. I searched Essendon 3040 on https://www.ratemyagent.com.au
and found updated pictures of the house.
Location 6
Location number six was really a random find that I came across because I was browsing google street view until I came across a house that was familiar and this took some time but my efforts paid off.
Location 7
Location 7 was found via collaborative efforts between myself and 7069Wrk who really just handed me the details because I was super tired from work. However, here are the steps it took to find this location.
Google lens will ultimately lead to https://www.lemonchickenporfavor.com.au/murals which host information about the artists and the art location.
Location 8
Now number eight was a bit confusing and took some really high level deduction to locate. The beginning subtitle of the writeup is titled “Sometimes it’s hard to connect the dots.” Which is a play on words on how to officially solve this contract challenge. On google maps, I connected the dots of all the previous locations and taught to myself that it would only make sense to land a point in the Richmond area of Victoria.
Searching for distinctive markings in the Richmond area on Google Street View can lead you to the correct location.
CONNECT THE DOTS
Remember what I said about connecting the dots? Well, that’s the most important aspect of this challenge that should have been taken seriously besides all the geolocation.
As stated in the decryption process at the onset of the challenge,
transmission number 458964983 needs multiplication with the **geolocation** answer to unlock the file. **add the first three letters of all streetnames in order at the end of the numbers**. we will start operation kangaroo once all bombs are in place.
The password format is ############abcabcabcabcabcabcabcabc
The original connect the dots is good for locating number eight, but two lines have to be removed in order to find the correct number needed for multiplying and unlocking the contract card. Shout out to myself and 7069Wrk because we really worked together on this part to figure out the correct number.
The number that is revealed is 711 so 711 * 458964983 is 326324102913 and connecting that with the first three letters of all the locations reveals the password which is 326324102913furmildicfitbucwilnorlen
Agent, when you’re ready to test your skills at solving real-world problems checkout.