2023
The link to the challenge: https://github.com/seintpl/osintquiz/tree/main/2023
Running the command echo -n dive | md5sum results in the following output:
b9f5bcd98fe1627e37cd87a27b4a7fd6
This allows us to begin the challenge.
Step 1
I ran the exiftool program on the file and saw the following:
Using https://gps-coordinates.org/ I was able to locate an address: Nord-Torpvegen 778, 2880 Nord-Torpa, Norway.
However, when I used https://www.gps-coordinates.net/, I got the following address: Øyresbrettingen, E 6, 2619 Lillehammer, Norway.
After looking for a while, I ended up finding out that there was possibly a Olympic event that was held there (Source: https://www.triphobo.com/places/lillehammer-norway/lillehammer-olympic-bob-and-luge-track). I double checked this with Wikipedia as well: https://en.wikipedia.org/wiki/1994_Winter_Olympics. Reading on https://logos.fandom.com/wiki/Lillehammer_1994, we can see that the logo is based on the northern lights. After looking into the latin name, I stumbled across https://www.thoughtco.com/classical-origin-of-aurora-borealis-118328, where it mentions it is Aurora Borealis. When I entered aurora borealis (hashed), I was not able to unlock it. Let me do some more research on this.
At this point, I had tried the following:
I then re-read the directions, and I realized that I had to remove the spaces between the words for it to be in the correct format. With auroraborealis, I was able to go to the next step.
Step 2
I searched for the string 4KDB1677355222 on DuckDuckGo and ended up getting nowhere. On Google, I saw the following:
If this is the location, there are multiple cafe's or desert locations around. One of these has the word "Cafe" in it: Cafe Jireh. Looking at their Facebook profile (https://www.facebook.com/cafejirehrarotonga/), I was able to see the mention of the term "squares":
Could the ingredient mentioned in the directions be caramello? Unfortunately, it was not. I then realized that there might be more "squares" mentioned later on. I then found the following:
With that I was able to unlock the next step with custard. I tried to look around and see what "4KDB1677355222" actually meant, but did not end up getting anywhere.
Step 3
I was able to find the same information on two sites: https://takemeback.to/13-October-2012#events and https://en.wikipedia.org/wiki/Portal:Current_events/2012_October_13. They both talk about a move of the U.S. Space Shuttle Endeavor. From there, based on the context of the question, this is what felt like it could be the right rabbit hole to fall into. I searched for U.S. Space Shuttle Endeavor online.
I see a logo on the "strong car":
On their site (https://www.sarens.com/media/851737/press_release_sarens_transports_space_shuttle.pdf), a saw something I felt was interesting:
From the catalog (https://www.sarens.com/media/20200406/115506_SINGLE%20PAGE_%20SMPT(DIG)_compressed.pdf), we see the following:
Based on the the catalog for the Kamag (https://www.sarens.com/media/catalog/SPD/SPMT/Kamag2400/DataKamag2400.pdf), I believe it might be the Kamag. I found this image (on https://en.m.wikipedia.org/wiki/File:Kamag_Transporttechnik_Sarens_Endeavour.jpg) that might correlate this:
The description was "Selbst angetriebene Module von KAMAG transportieren Raumfähre Endeavour für die US-amerikanische Raumfahrtbehörde NASA.", which translated to English is: Self-propelled modules from KAMAG transport the space shuttle Endeavour for the US space agency NASA. This would make the make and model: Sarens and Kamag. The password for this step would be sarenskamag, based on this information. However, I was incorrect. I even tried sarensspmtkamag since it was the SPMT type. I then realized that KAMAG was the German group who had created the SPMT based on reading the article here: https://www.globaltrailermag.com/2013/01/24/special-report-endeavours-last-journey-2/.
After a long time, I saw the following image from https://www.digitaltrends.com/cars/space-shuttle-endeavour-makes-its-final-journey-with-a-little-help-from-toyota/, that made me change my understanding a bit:
The car in front was a Toyota Tundra. Thus, toyotatundra was the answer.
Step 4
This one is a big one, so I'll go step by step. I start off by looking for a sign in the U.S. with four missing letters. My first thought was the Hollywood sign, and based on https://en.wikipedia.org/wiki/Hollywood_Sign, it seems to be a correct hunch. This used to be previously called Hollywoodland.
I went to https://osint-ctf.gitlab.io/docs/osintquiz/2022/, which was the first write-up for the 2022 CTF, and then downloaded the first image. I then realized that the EXIF data would be relative to my system rather than the original EXIF. I saw the hint and it mentioned the following:
I was not sure how it was December 28th. Just as a shot in the dark, I looked this site up on the Wayback Machine, and they currently only had one entry, which was for December 27, 2022. I will take the hint and move on.
Mick and Keith are from The Rolling Stones. If you look at https://en.wikipedia.org/wiki/List_of_songs_recorded_by_the_Rolling_Stones, we can see that there was an album that was dropped in 1997 called "Bridges to Babylon". From there, in the song "Anybody Seen My Baby", we see a time mentioned:
I assume the last remaining letter of the big sign would be "D".
Looking in that direction at 700m apart would most likely be the following:
Link to site above: https://www.suncalc.org/#/34.1341,-118.3215,14/2022.12.28/03:00/1/3
I was able to get the address: 3256 Canyon Lake Dr, Los Angeles, CA, 90068, USA from the aforementioned site. I entered this into Google Maps and came across this image (https://www.google.com/maps/@34.1300539,-118.3268159,3a,21.2y,159.5h,88.99t/data=!3m8!1e1!3m6!1sAF1QipM8Hr3Rsc00XHqfRP2NZGMGa3fDiw_EIWP-I86i!2e10!3e11!6shttps:%2F%2Flh5.googleusercontent.com%2Fp%2FAF1QipM8Hr3Rsc00XHqfRP2NZGMGa3fDiw_EIWP-I86i%3Dw203-h100-k-no-pi-0-ya354.88123-ro-0-fo100!7i8704!8i4352?entry=ttu):
This is Smokey the Bear. This would be smokey as the password.
Step 5
I ended up finding this Wikipedia site on the other Valencias: https://en.wikipedia.org/wiki/Valencia_(disambiguation). I found the same for San Diego as well: https://en.wikipedia.org/wiki/San_Diego_(disambiguation). Same for Barcelona as well: https://en.wikipedia.org/wiki/Barcelona_(disambiguation).
After finding these I re-read the prompt:
This means that the U.S. is out of the picture. I then tested the rest.
A potential answer I found was Columbia. San Diego, Columbia to Barcelona, Columbia is ~214.26 miles. Barcelona, Columbia to Valencia, Columbia is ~217.11, bringing the total to ~431.37. This seems to match the equal distance on both sides.
I got stuck at this point for a while. Big thanks to @hy5b5 on Twitter for the nudge, and changing my mindset about what I should be looking for. I was able to find the location in Venezuela, after looking at https://en.wikipedia.org/wiki/List_of_cities_in_Venezuela_by_population.
If you zoom into the map, you can see where both lines meet:
Based on Google Maps, the distance from San Diego, Venezuela to Barcelona, Anzoategui, Venezuela is 298 miles. From Barcelona, Anzoategui, Venezuela to Valencia, Carabobo, Venezuela it is 299 miles. This aligns with what the hint said.
Now to find out what city they will be meeting in. In the prompt, it mentioned that they will meet after driving 154 miles. We need to find a town that is 154 miles from the start of Valencia (since I assumed the "We" in the prompt meant they started from Valencia). After some playing around on Google Maps, I found Marizapa:
Marizapa ended up being the location.
Step 6
We are also provided this image:
Reverse image searching the cement truck, I learned it is from Japan. After that, I was able to find this location on Google Maps (https://www.google.com/maps/@35.7087537,139.8083084,3a,75y,184.37h,94.49t/data=!3m6!1e1!3m4!1sjBMMKtC7X2XRosUUdvbr-Q!2e0!7i16384!8i8192?entry=ttu):
After some rabbit holes, the answer was in front of my face ... partially. I just had to turn the "camera" on Google Maps to the direction they were looking in:
This is called the Tokyo Skytree. This would make the password: tokyoskytree.
Step 7
Last updated
