Logo
Overview

CTF Speaker - Bluetooth Forensics & Morse Code

t4mpr t4mpr
January 20, 2025
3 min read
forensics bluetooth morse-code audio-analysis nns-ctf avdtp

🎧 CTF Speaker β€” NNS CTF 2025

Category: Misc
Points: 454
Flag Format: NNS{...}

πŸ“œ Challenge

CTF Speaker Challenge

β€œI heard some strange sounds at the last CTF I attended, so I got out my analyser. You may need the analyser software from:
Ellisys Better Analysis Tool”

File provided: ctf-speaker.btt

πŸ” Step 1 β€” Inspecting the Capture

After extracting the archive, I found a .btt file. This format is a proprietary Bluetooth trace used by Ellisys Bluetooth Analyzer.

I opened the file in the Ellisys Better Analysis software and started examining the captured packets.

  • Filtering the trace showed AVDTP Media Packets, which corresponds to Bluetooth audio streaming.
  • The software’s Audio playback feature let me listen to the captured stream.

Ellisys Bluetooth Analyzer

🎢 Step 2 β€” Finding Suspicious Audio

Listening through the playback, I noticed that around the 65s–100s mark there were beeps that didn’t sound like regular audio. These resembled Morse code tones.

Rather than trying to figure out how to export ONLY this segment of the audio in this software (that I had never used before), I just exported the entire audio capture file.

πŸŽ› Step 3 β€” Audio Processing

To isolate the Morse code section more clearly:

  1. Loaded the exported full audio into Ableton Live 12 Suite.
  2. Trimmed the clip down to only the suspicious beeps.
  3. Verified that the tones were indeed structured enough to be Morse code.
  4. EQ’d the audio so the beeps were more dominant in the audio file.

Ableton Audio Clip

  1. Extracted 65s-100s from original audio export to a smaller, more digestible version.

πŸ”‘ Step 4 β€” Decoding the Morse

I uploaded the clipped audio to morsecode.world’s adaptive decoder.

Morse Code World

  • At first, the live text decoder produced gibberish (random letters).

Morse Code Gibberish

  • However, scrolling further down, the spectrogram output actually drew letters visually.

Morse Code Clear

  • There’s the flag! Watching carefully while the audio played, it spelled out the flag in the correct flag format NNS{...}

Flag Part 1 Flag Part 2 Flag Part 3 Flag Part 4

🏁 Step 5 β€” Submit The Flag!

We got it! After typing the flag into a text editor from watching it draw out while listening to the audio on morsecode.world’s adaptive decoder, I went ahead and submitted the flag.

NNS CTF Solved

That’s it!
Flag: NNS{5n1ff1ng_HCI_tO_pl4y_sOund}

Key Takeaways

  • Bluetooth Forensics: AVDTP (Audio/Video Distribution Transport Protocol) packets can contain hidden messages in audio streams
  • Audio Steganography: Morse code can be embedded in audio files as tone patterns
  • Multi-Tool Analysis: Sometimes the best approach is combining specialized tools (Ellisys for Bluetooth, Ableton for audio editing, online decoders for analysis)
  • Visual Decoding: When automated text decoding fails, visual spectrogram analysis can reveal hidden patterns

I had a great time solving this challenge. Special thanks to my teammates at Lil L3AK and NNS CTF team for putting together some great challenges and overall, a fun and challenging CTF!