OverTheWireAdvent Musical Stegano

• Tags: steganography
• Points: 342
• Solves: 34

I found a CD with some relaxing music on it, but one track just sounds completely off. The name of the track is ‘BASS SEVEN TRIGRAPHS IN G MAJOR’. Hint: all the information you need to solve this challenge is audible. In other words, it’s possible to solve with your ears only, though not everyone would be able to do that. An .ogg file is provided along with the .mid, for reference only, but is otherwise not useful. The .mid file is what you should use for the challenge.

Author: hpmv

announcement 2019-12-17 01:22:46 UTC Musical Stegano
Further hints have been added to the end of the Google Doc, in blue.

announcement 2019-12-16 18:41:13 UTC Musical Stegano
Additional hints: https://docs.google.com/document/d/1q0xx6AUigQetMeWrkh_MGXIwAZaCffXSRZYFHxX3IOc/view

Hints for Musical Stegano

• Since it’s probably quite unfair for people with no musical knowledge whatsoever, here is the sheet music used to produce this MIDI. Use MuseScore to open this file. The PDF is also available. There’s nothing important that you don’t visually see on the sheet music itself.
• If you don’t know music, it’s enough to know these concepts:
  • Major scale: https://en.wikipedia.org/wiki/G_major
  • How rhythm works, such as https://en.wikipedia.org/wiki/Eighth_note
• You do NOT need to know additional music theory such as chords.
• Both the treble and bass clefs are important.
• The challenge is tagged as a “stegano” but it’s actually very different from an image stegano - the point of an image stegano is to hide information in a way that does not affect the appearance of the image; this music stegano would sound different if the flag’s contents were changed.
• The flag format is AOTW{} and that wrapper part is embedded in the music as well.
• Consider it irrelevant whether a note is in the treble clef or the bass clef. For example, a middle C could be written on a treble clef (below the lines) or on a bass clef (above the lines) and they would sound exactly the same. When I said “don’t worry about chords”, I meant not to analyze the harmonic interactions between notes that play at the same time, not to ignore the bass clef (and treble clef can also have chords anyway).
• The way to encode notes in base 7 is: G = 0, A = 1, B = 2, …, F# = 6. (If you don’t know what that # means, it does not matter; I’m just being technically accurate).
• The flag is spelled out chronologically, character by character, by special notes in the music, for some definition of “special”, but this definition can be described in just a few words. Non-special notes are irrelevant.

---

Solution

Summary

• Find out how / where the flag is encoded
• Manually decode the flag

Details

After the organiser published hints, it is implied that the flag is encoded in base-7. So we first consider encoding AOTW{ in base-7, and find the number (corresponding to the note) in the music.

• A = 0x41 = 65(10) = 122(7) = ABB
• O = 0x4f = 79(10) = 142(7) = ADB
• T = 0x54 = 84(10) = 150(7) = AEG
• W = 0x57 = 87(10) = 153(7) = AEC
• { = 0x7b = 123(10) = 234(7) = BCD

We opened midi file in a sequencer, and starting to express each note in number. The first some parts sounds like:

(1)      (2)      (3)      (4)      (5)      (6)      (7)      (8)
                                       \:21  /:12 /:12
|2 121-0-|4---    |1 121-0-|5---    |2-\21-4-|/1-/1054|5------.|        |
|========|========|========|========|========|========|========|========|
|    2---|    1---|    1---|0------.|    2---|    1---|2---    |        |
|    0---|    6---|    6---|    5---|    0---|    6---|    6---|        |
|5---    |4------.|4------.|3------.|5---    |4------.|5---4---|5------.|

(9)      (10)     (11)     (12)     (13)     (14)     (15)     (16)
   \:21                     \:54            /:12 \:21 /:45
|2-\21-0-|4-      |1 121-0-|\5-     |0-121-4-|/1-\05/0|5------.|        |
|========|========|========|========|========|========|========|========|
|    2---|    1---|    1---|        |    2---|    1---|2---    |        |
|    0---|    6---|    6---|    5---|    0---|    6---|    6---|        |
|5---    |4------.|4------.|3------.|5---    |4------.|5---4---|5------.|

Then we found that there are tuplets of two 16th notes, and the latter one of each tuplet reads like 1, 2, 2, 1, 4, 2, 1, 5, …, which matches the expected numbers 122, 142, 150, …

We continue to find more tuplets of two 16th notes, and from 1st to 34th part, it looks pretty good:

^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ vv ^^ vv ^^ ^^ ^^^^^^^^^^^^^^ vv  (^: upper track, v: lower track)
BA AB AB BA ED AB BA DE EG BA DE DC AB DC BD GA EDEGABDBGEDBAB DC
 A  B  B  A  D  B  A  E  G  A  E  C  B  C  D  A  D G B B E B B  C
 1  2  2  1  4  2  1  5  0  1  5  3  2  3  4  1  4 0 2 2 5 2 2  3
 122      142      150      153      234      140    225   223
 A        O        T        W        {        M      u     s

However, after 35th part, we begin to see isolated 16th notes, which we don’t know how we can translate them. We tried several patterns (just ignore isolated ones, etc.), but none of them works.

^ ^^ ^^^^ ^^ ^ vv vv ^ ^^ vv ^ vv ^^ ^ ^^ ^^ ^ ^ ^ ^ ^ ^ vv vv
B AG DAGB BD B GF EF A GA DC G DF ED A AG BD B D A B B B DC GF
???

Then we start looking for original music sheet file. In the original file, we found that the isolated notes are actually tied 16th notes, which are merged with other notes in compiled midi file (.mid, SMF). We extract the 16th notes, including tied notes, and applied the same rules.

^^^^ ^^ ^^^^ ^^ ^^ vv vv ^^ ^^ vv ^^ vv ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ vv vv
BAAG AG DAGB BD BA GF EF AB GA DC GA DF ED AB AG BD BA DE AB BA BD BA AB DC GF
 A G  G  A B  D  A  F  F  B  A  C  A  F  D  B  G  D  A  E  B  A  D  A  B  C  F
 1 0  0  1 2  4  1  6  6  2  1  3  1  6  4  2  0  4  1  5  2  1  4  1  2  3  6
 100     124     166      213      164      204      152      141      236
 1       C       a        l        _        f        U        N        }

Thus we successfully got the flag: AOTW{Mus1Cal_fUN}

by Fukutomo