Of course I headed STRAIGHT to the OSINT stuff first. Here we have a lovely ocean vista:
Since the question emphasizes the word EXAMINE, I assume there is something in the metadata.
If you right-click your downloaded picture and choose “File Info” in Windows, a map will come up with the location of the photo. Exiftool is another method, but this was much easier.
After that, I was able to find the exact location using Google Maps:
DUCTF{Durrangan_Lookout}
Here is the photo:
This photo did not have location metadata like the last one, but to me it definitely looks like the Golden Gate Bridge in San Fransisco, California. I think I just need to find the right angle for the lookout she was at.
Due to the curve, I think it was taken from the H. Dana Bowers Memorial Vista Point:
DUCTF{H_Dana_Bowers_Memorial_Vista_Point}
Looks like you can use this to craft a JSON request to validate the location of the phone.
I started with a 200,000 radius centered in Melbourne and got a hit. I assume it is in meters.
I will have to get progressively smaller. I lost it at 100,000 meters, so I don’t think they are in Melbourne.
I was using this tool to visualize my circles and move them around. It also had the latitude/longitudes for me to easily grab.
I got a hit for 100,000 over Shepparton.
Reduced it to 50,000 and 25,000 and got hits over Wangaratta.
This worked until about 14,000, when I had to re-position over Tarrawingee. I just kept reducing it by about 1000 meters at this point, trying the API, and quickly repositioning my circle if needed until I got another hit.
Just be aware that the API will only take 10 requests per minute.
At 2000 meters I was right over Milawa, which is as far as I could go:
DUCTF{milawa}
So for this one it looks like we have to find the suburb that this bird is in. All I have to go by is the shark thing and a slightly obscured flag in the back.
A reverse image search for both the shark and the flag proved fruitless for me.
I’ve been trying to figure out what the shark thing actually is. A random decorative post of some kind? It looks like it’s made of wood, so I’m going with post, probably at a boat dock.
Then I looked at the bird. It looked kinda different than the seagulls I am used to, so I searched and found out it MIGHT be an endangered Black-Billed Gull, found only in New Zealand?
I checked out the Wikipedia page for the seagull and saw that they were mostly found on the southern island of New Zealand, so I focused my attention there.
At this point I was simply dropping my map pin on areas that looked like boat docks in New Zealand and checking around for any shark statues.
That got pretty annoying after awhile though, especially since I knew if I could figure out the flag it might narrow down my search. But I was not able to match the flag to any known flags on Google.
Not me in Microsoft Paint trying to re-create this flag…
But that didn’t help at all either.
After all this I finally zoomed in REALLY close, and saw that there are letters carved into the pole.
I played around with the brightness filters and could make out what appears to be “FLOO” on the right side. So to me this means it is probably a flood marker.
After this I searched “shark metal sculpture in pole flood marker” and it immediately came up in Google.
I was easily able to find the exact location with the news article, at the Marine Rescue center in Laurieton.
Here it is!
And wow, look at that, here is that really obscure flag I couldn’t find earlier. It wasn’t actually a Yin-Yang like I thought, it was a wave and an anchor.
The seagull really threw me off there for awhile, lol.
DUCTF{laurieton}
EDIT: After the competition ended people were on Discord trying to figure out why some of us couldn’t get any results on Google with a reverse image search, and some got it right away. It appears to be just a very slight difference in cropping:
I was including the top of the pole so I didn’t get anything. But for those that zoomed right in on the shark, they got it as their first result. It was a very small difference, but apparently that had a huge effect on Google’s algorithm. I will keep this in mind for the future.
Here is the picture:
So this one was super easy, unlike the shark pole, I just did a Google image search and it was the first result.
It’s the old Scotch Pie House, in Maldon, Victoria, Australia.
DUCTF{maldon}
If you listen to the file you can clearly hear beeps like Morse code beneath the music.
So I opened the file in Audacity and switched to spectrogram view:
You can see the long and short tones at the bottom. I took these and manually input them into a Morse decoder and got the flag.
DUCTF{SRINGBACKTHETREES}
Because I wasted 6 hours following the seagull down a rabbit hole, that’s all I had time for this year. But I did learn a lot about the Black-Billed Gull and all of its migratory and breeding patterns, so honestly, I consider this a win.
❤
