NahamCon 2022, A Wild Ride

NahamCon 2022, A Wild Ride: Forensics

gpx.zip (terpassword)

butuh bantuan tools John the Ripper

zip2john gpx.zip > cracked
john --wordlist=/path/to/rockyou.txt cracked

diperoleh files .gpx

jika dibuka salah satu file

dengan melakukan berbagai percobaan, dan dengan bantuan https://gpx.studio/ untuk memvisualisasikan file .gpx, diperoleh solusi

import os

arr = os.listdir('/home/carloz/Documents/CS/CTF/games/nahamcon/Forensic_awildride/')

opening = '''
<?xml version="1.0" encoding="UTF-8"?>
<gpx xmlns="http://www.topografix.com/GPX/1/1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.topografix.com/GPX/1/1 http://www.topografix.com/GPX/1/1/gpx.xsd" version="1.1" creator="gpx.py -- https://github.com/tkrajina/gpxpy">
'''

closing = '''
</gpx>
'''

arr.sort()
# print(arr)

data_total = opening

for i in arr:
    if 'ride' in i:
        data = open(i, 'r').read()
        data = data.split('trk>')
        data_total += '<trk>'
        data_total += data[1][:-2].strip()
        data_total += '</trk>'

data_total += closing

open('ride_total.gpx', 'w').write(data_total)

upload ride_total.gpx ke https://gpx.studio/ dan diperoleh flag