ASCyberWargames2020 Qualifications | The-Impossible-Dream | Forensics Challenge Writeup

Welcome to my first Writeup ever!

In this post, I am going to walk you through a Forensics CTF challenge from Arab Security Cyber Wargames 2020 Qualifications, Hope you enjoy reading!

The-Impossible-Dream | 600 points

First of all, Let’s download the File and check the description of the challenge.

Challenge Description

At the first look, nothing interesting in the description, So let’s play with the File, After running it with file command it gives me just data.

Playing with the file with file, xxd commands

So tried to read the signature and seemed to be a WAF file, and seemed Corrupted, Good, let’s fix it!
Checking Wiki for WAV signature and I got it .

signature for the file

Using ghex tool we edit our file and added the new signature.

Now Let’s run file command again to check if we are in the right way!

File command

Great!, After reading some resources about WAV files which are 16 bit and 44100Hz, With the help of my great teammate Amr Mosa, Got these Paper, We can see on page 8 the correct signature of our file, So let’s edit it again with ghex.

correct signature of our file
Fix wav file

Here we go, We have the fixed file, changing the name to The-Impossible-Dream.wav .

Now let’s have some fun with Sonic-Visualiser, Seconds later, and after some analyzing, I realized this isn’t the right way.

Time to extracting hidden files, using DeepSound, I found a hidden file called challenge.img

DeepSound analyzing

let’s see what kind of file is it!

File command

It’s a Linux filesystem data, Let’s mount it!

mount the hidden file
Extracted files

Great, From initial analysis, ju$t_an0th3r_f!l3.rar protected with a password and need to be cracked, and lost+found is an empty folder.

Cracked the password with JohnTheRipper tool for ju$t_an0th3r_f!l3.rar and it has some memes, All said go away from here! This is the wrong file to play with!


I really tried with These images but nothing interesting, Now let’s check Null file, By running file,xxd commands we noticed that we will do the same with the original file, But this time it is a RAR file!

Checking Wiki again !

Wiki List of file signatures [RAR]

let’s Fix it with ghex!

Fix RAR file

Now we have a RAR file BUT it is protected!

null.rar contains the flag

hmmmm let’s crack it with JohnTheRipper, But nothing!, Can’t be cracked with rockyou password list. But for sure Flag.txt contains our Flag!

Back to the files we extracted from challenge.img, There is a text file pastebin.txt, let’s take a look.

reading pastebin.txt

We tried decoding and decrypting this for a long time, But nothing!

Next tomorrow we decided to read the Description carefully, and there are really good hints,

back to the description

RC second model !! Is it referring to RC2 encryption?? Yes, But we need a key!

Again, my teammate, Amr Mosa tried to decrypt it using CyberChef with the key “5” which mentioned in the first line!


Now we have a Pastebin link let’s visit, There is a base32 encoded text!

base32 encoded text

After decoding it, we have a Base64 encoded text!

Base64 encoded text

Decoded it, We have an encoded type like ROT47 encoded text! let’s decode!

Decoded easily with

The result looks like an Instagram or Twitter account! after a search, we found a twitter account with this username

The first tweet looks interesting! it looks like a link but it encoded some way!
let’s try with ROT13

rot13 decode

It’s a mega link with a text file, Downloading it gives us an MD5 hash!

It’s Crackstation time now!

Finally, We got The password for the Zip file, lets get my baby flag!

Great challenge!
Thanks to my awesome teammates Mohammad Mohey, Amr Mosa, Mohamed Ashraf, Abdalla Tarek!

Team: b3y0nd
Rank: 8 — Qualified to finals!

I’m Asem Eleraky, Known as Melotover!
Thanks For Reading,



Computer Engineering Student | Bug Hunter | CTF Player | AKA Melotover

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Asem Eleraky

Computer Engineering Student | Bug Hunter | CTF Player | AKA Melotover