Skip to main content

artemis_gordon

Challenge

Imported from local notes.md.

Solution

Original Notes

artemis_gordon

Challenge Summary

  • Given: a single PNG, starting_files/moonieface.png, showing a sequence of moon photos.
  • Goal: decode the image into the final all-caps flag text.
  • Constraints: the description only hinted that the moon images were acting like a code.

Initial Recon / Triage

  • Observations:
    • The image visually contains 7 moon symbols.
    • Most are near-full moons, with one obvious crescent.
    • That pattern suggested either a moon-phase substitution cipher or a hidden payload inside an otherwise normal PNG.
  • File identification:
    • file identified the asset as a normal 678x106 RGBA PNG.
    • exiftool showed only a gnome-screenshot software tag.
    • binwalk found no appended archive or embedded secondary file.
  • Entry points:
    • Visual moon-phase decoding.
    • PNG stego checks to rule out LSB/chunk tricks.

Hypotheses & Approach

  • Hypothesis 1: the PNG hid the flag with standard stego.
    • I checked metadata, binwalk, and zsteg. Nothing useful appeared beyond normal false-positive bitplane strings.
  • Hypothesis 2: the moon photos were a symbol-substitution alphabet.
    • Web reference material on dCode pointed to the Leandro Katz Lunar Alphabet, which uses moon-phase photographs as letters.
    • I wrote comparison scripts to segment the 7 moon symbols and match them against reference lunar alphabet images.

Execution Steps (Reproducible)

Stage 1

Commands:

cd /root/dawg2026CTF/artemis_gordon/starting_files
file moonieface.png
exiftool moonieface.png
binwalk moonieface.png
zsteg moonieface.png

Results:

  • The file was a normal PNG screenshot with no useful metadata beyond Software: gnome-screenshot.
  • binwalk found only the expected PNG/zlib data.
  • zsteg produced only generic false-positive text patterns, not a meaningful payload.

Stage 2

Commands:

python3 /root/dawg2026CTF/artemis_gordon/artifacts/analyze_moonieface.py

Results:

  • The script split the image into 7 visible moon symbols.
  • Output saved to artifacts/analyze_moonieface.txt showed the symbol runs:
    • (16, 77) (106, 177) (206, 277) (312, 373) (410, 471) (552, 574) (606, 666)
  • Symbol 6 was the only small crescent; the others were near-full/gibbous moons.

Stage 3

Commands:

python3 /root/dawg2026CTF/artemis_gordon/artifacts/match_lunar_alphabet.py

Results:

  • The matcher downloaded reference symbols from the Leandro Katz Lunar Alphabet and compared each segmented moon against them.
  • Output saved to artifacts/match_lunar_alphabet.txt gave the strongest letters as:
    • 1 = M
    • 2 = O
    • 3 = O
    • 4 = N
    • 5 = M
    • 6 = A
    • 7 = N
  • Decoded plaintext: MOONMAN
  • The crescent at position 6 needed the windowed comparison mode, because cropping only the lit portion distorted the phase shape.

Artifacts Produced

  • artifacts/analyze_moonieface.py - moon segmentation and brightness measurements.
  • artifacts/analyze_moonieface.txt - saved output from the segmentation script.
  • artifacts/match_lunar_alphabet.py - matcher against Leandro Katz lunar alphabet reference symbols.
  • artifacts/match_lunar_alphabet.txt - saved matching scores per symbol.
  • artifacts/katz_refs/ - downloaded reference images used for matching.
  • artifacts/zsteg.txt - saved zsteg output for the PNG.

Flag

DawgCTF{MOONMAN}