The Cyber Investigator CTF was created by Jack Tilson of Cyber Society at Cardiff University. There are over 30 free & predominantly OSINT-based challenges drawing from a range of scenarios, putting your analytical skills to the test!
This OSINT challenge is from the section Signals Intelligence and is worth 500 points.
We’ve been granted authorisation for a wiretap on a phone belonging to a kidnapping victim; no calls have been made since they disappeared however just recently, there was a call made to a bank where the caller inputted a debit card number.
Can you find out the 16 digit card number so that we can trace the spending activity associated with this card? This will be very helpful in our effort to locate who may be a potential suspect in this case.
Expected flag format: ################
For completing this challenge, the audio file recorded_call.wav is provided as an audio file.
In the recorded audio file you hear a phone conversation with a bank. The female computer voice asks for a credit number. The caller is typing the creditcard number on his phone. We can hear the DTMF-tones.
I have To find out the credit number. We have to convert the DMTF tones to numbers. I cut up the audio so that only the DTMF tones are audible. At a single DTMF tone, some GSM interference can be heard. I have cut this away as well as possible. I have done the clean-up through Audacity.
I have found a Python project on Github, which can translate the DTMF tones into human-readable numbers. This project is created by ribt. The script can be downloaded from this URL: https://github.com/ribt/dtmf-decoder.
With the following commands we can clone and install the script.
1 2 3 4 $ git clone https://github.com/ribt/dtmf-decoder.git $ cd dtmf-decoder/ $ sudo python3 -m pip install -r requirements.txt --upgrade $ chmod +x dtmf.py
In Audacity, I have exported the project to a
.wav file. The
.wav file can now be used for the script.
1 2 python3 dtmf.py ../../Desktop/recorded_call.wav 456265984585236D6
The output has one possible false positive, after clean-up the output, I got this credit card number: