Tags: miscellaneous 

Rating: 4.0

So we get quite a big mp4 file from the challenge, with a note saying we should figure out the hidden messages.

I originally thought there'd be corrupt subtitles hidden in the mp4 file, so i spent quite some time in the wrong direction. There is some stuff embedded though, which fueled my folly. When i was finally convinced this wasn't the approach, I went with plan B.

Plan B: Screenshotting every few seconds, running an OCR tool on every image, and grepping on the resulting files.

**Taking screenshots of the video**
```
mplayer -vf framestep=60 -framedrop -nosound ghidra_nsa_training.mp4 -speed 100 -vo jpeg:outdir=video
```

**Running Tesseract OCR to translate the images to text**
```
cd video; ls *.jpg | xargs -t -i tesseract {} {}
```

And we start getting results. I had 23.000 screenshots to parse because i set the interval way too low. Also i was distracted while it was running, so in the end i was stuck with OCRing a ton of images.

**Grepping on the resulting files**
```
$ grep -Ri "flag" *.txt
00005072.jpg.txt:ndiFLAG(1/4): flag{l34‘9e!
00005073.jpg.txt:ngéFLAG(1/4):flag{l34i
00011132.jpg.txt:IisFLAG(2/4); kfr33_nl§7 t
00011133.jpg.txt:prEFLAG(2/4): kfr33_n4
```

Those screenshots look like this:

![](http://bawlsec.com/img/writeups/swamp_ghidra_flag_screenshot.png)

Four parts to the flag:

FLAG(1/4): flag{l34

FLAG(2/4): kfr33_n4

FLAG(3/4): tion4l_s

FLAG(4/4): 3cur1ty}

flag{l34kfr33_n4tion4l_s3cur1ty}