As mentioned in a previous post, I participated in the DownUnderCTF2024. The second challenge I solved was Intercepted Transmissions.
Those monsters! They've kidnapped the Quokkas! Who in their right mind would capture those friendly little guys.. We've managed to intercept a CCIR476 transmission from the kidnappers, we think it contains the location of our friends! Can you help us decode it? We managed to decode the first two characters as '##'
NOTE: Wrap the decoded message in DUCTF{}.
Author: Pix
All we are given are the hint about it being CCIR476 and then a string of 1s and 0s.
101101001101101101001110100110110101110100110100101101101010110101110010110100101110100111001101100101101101101000111100011110011011010101011001011101101010010111011100100011110101010110110101011010111001011010110100101101101010110101101011001011010011101110001101100101110101101010110011011100001101101101101010101101101000111010110110010111010110101100101100110111101000101011101110001101101101001010111001011101110001010111001011100011011
From wikipedia:
CCIR 476 is a character encoding used in radio data protocols such as SITOR, AMTOR and Navtex. It is a recasting of the ITA2 character encoding, known as Baudot code, from a five-bit code to a seven-bit code. In each character, exactly four of the seven bits are mark bits, and the other three are space bits. This allows for the detection of single-bit errors.
So that gives us the first part of the solution to the puzzle. We need to break this single line of characters into 7 bit sections.
Since the number of characters in the string is divisible by 7 with no remainder, this is feeling pretty good.
The next piece of the puzzle is to find a lookup table for the 7 bit values to ascii. I found that here: https://friedo.szm.com/krypto/JS/tele03.htm I had found other ones but they were pdf format which was harder for me to use.
In CCIR 476, the same 7 bit sequence can represent multiple values. The way we know which one to use is to know if we are in LTRS (letters) or FIGS (numbers and punctuation) mode. There are 2 special sequences, one for each. So if we see 0110110, everything after that until the next special sequence is in FIGS mode and when we see 1011010, everything after that until the next special sequence is in LTRS mode.
This is all great, but how do we know what we're learning is correct? Let's look at the first few characters.
1011010 LTRS
0110110 FIGS
1101001 #
1101001 #
1011010 LTRS
1110100 T
1101001 H
0110110 FIGS
1010110 3
1011100 [space]
The first 2 sequences tell us to use mode LTRS and then FIGS. The hint tells us the first two characters are supposed to be # and the repeated sequence in characters 3 and 4 match to that symbol under FIGS mode. Sequence 5 says to use letters and the next two sequences give us T and H. We then switch back to FIGS mode and we get 3 and [space].
This looks promising!
We can then go through the rest of the 63 characters, substituting in the ascii as we switch back and forth between LTRS and FIGS modes.
1011010 LTRS
0101110 Q
1001110 U
0110110 FIGS
0101101 0
1011010 LTRS
0011110 K
0011110 K
0110110 FIGS
1010101 4
1001011 '
1011010 LTRS
1001011 S
1011100 [space]
Ok, this is looking good still. We have a reference to Quokkas.
1000111 A
1010101 R
0110110 FIGS
1010110 3
1011100 [space]
1011010 LTRS
1101001 H
0110110 FIGS
1010110 3
1011010 LTRS
1100101 L
1010011 D
1011100 [space]
0110110 FIGS
0101110 1
1011010 LTRS
1011001 N
1011100 [space]
0011011 F
0110110 FIGS
1010101 4
1011010 LTRS
0011101 C
0110110 FIGS
0101110 1
1011010 LTRS
1100101 L
1001101 I
1110100 T
0101011 Y
1011100 [space]
0110110 FIGS
1101001 #
0101110 1
0101110 1
1110001 9
0101110 1
0101110 1
0011011 !
The rest looks good too! The flag is DUCTF{##TH3 QU0KK4'S AR3 H3LD 1N F4C1LITY #11911!}