Writeup - WebSDR - HackDay 2022

Decode hidden message in a radio signal.

Subject

At nightfall, everything lights up. A beacon emits a signal in order to be recovered. The signal is transmitted at 3.58 MHz every minute for about 30 seconds. Find the message transmitted. The flag is of the form HACKDAY{...}

Find the transmitted signal

According to the subject, the signal is only transmitted in the evening.

By going to WebSDR F5NKP (for example) we will be able to listen to the different signals transmitted on the radio waves.

We must then go to the good frequency, at 3.58 MHz (3580 kHz).

After having tested the different modes, CW seems to be the most conclusive.

Indeed, it is on this one that we can hear a signal emitted every minute for about 30s quite distinctly.

We could think at first that it looks like morse code.

We can notice that a similar signal is also emitted 400 Hz further.

Decode the signal

For the rest of the analysis, I recorded the two signals to be able to analyze them locally.

After many hours without finding anything, I decided to take a first hint (these cost points and are included in each challenge).

Hint : FSK

Thanks to this one I could understand that it was about signal modulation.

Wikipedia definition:

Frequency shift keying (FSK) is a digital frequency modulation mode in which the frequency of the modulated signal varies between predetermined frequencies.

To make simple, this modulation makes it possible to retranscribe a binary message in the form of signal, in which the 2 predefined frequencies represent the 0 and the 1.

This is visible in the Audacity frequency analyzer with two frequency peaks, one at 470 Hz and the other at 870 Hz. This is the same as the 400 Hz spacing between the two transmitted signals seen above.

Once you zoom in on the signal, you can see the 0 and 1 that "appear".

To decode the whole we can have 2 approaches:

  • manual
  • automated

As I didn't find anything conclusive to automate my task, I decided to do it manually.

Thanks to the first "bits" of the signal (the padding), we can settle on the fact that a bit measures about 2 cm (yes it is quite archaic as a method).

I was then helped by a member of my team who noted the bits while I "read" them on Audacity.

Halfway through (more precisely, at what looked like the padding at the beginning), I started trying to convert the result from binary to ASCII, which was inconclusive.

So I tried to search for "HACKDAY{}", character by character, in all this sequence of 0 and 1, which allowed me to realize that each of them was preceded by a bit and succeeded by 3 bits.

These turned out to be the UART bits.

By identifying the characters one by one, and skipping the ones that were badly decoded, I was able to find the flag and solve the challenge.

Thank you Quentin CHAUVIN for this challenge and for your advice.