Tags: miscellaneous
Rating: 4.0
So we get quite a big mp4 file from the challenge, with a note saying we should figure out the hidden messages.
I originally thought there'd be corrupt subtitles hidden in the mp4 file, so i spent quite some time in the wrong direction. There is some stuff embedded though, which fueled my folly. When i was finally convinced this wasn't the approach, I went with plan B.
Plan B: Screenshotting every few seconds, running an OCR tool on every image, and grepping on the resulting files.
**Taking screenshots of the video**
```
mplayer -vf framestep=60 -framedrop -nosound ghidra_nsa_training.mp4 -speed 100 -vo jpeg:outdir=video
```
**Running Tesseract OCR to translate the images to text**
```
cd video; ls *.jpg | xargs -t -i tesseract {} {}
```
And we start getting results. I had 23.000 screenshots to parse because i set the interval way too low. Also i was distracted while it was running, so in the end i was stuck with OCRing a ton of images.
**Grepping on the resulting files**
```
$ grep -Ri "flag" *.txt
00005072.jpg.txt:ndiFLAG(1/4): flag{l34‘9e!
00005073.jpg.txt:ngéFLAG(1/4):flag{l34i
00011132.jpg.txt:IisFLAG(2/4); kfr33_nl§7 t
00011133.jpg.txt:prEFLAG(2/4): kfr33_n4
```
Those screenshots look like this:
![](http://bawlsec.com/img/writeups/swamp_ghidra_flag_screenshot.png)
Four parts to the flag:
FLAG(1/4): flag{l34
FLAG(2/4): kfr33_n4
FLAG(3/4): tion4l_s
FLAG(4/4): 3cur1ty}
flag{l34kfr33_n4tion4l_s3cur1ty}