Intro
Recently my team (Project Sekai) and I played idekCTF 2022* (with an asterisk… because it’s 2023), which was an extraordinarily “race against the clock”-esque CTF with a ridiculously large pool of challenges – 58 of them, over a 48-hour runtime. We managed to snag a 1st place finish after countless hours of not touching grass (despite analyzing it throughout this challenge), and I would like to share my personal favorite OSINT challenge of the competition – “NMPZ”, an acronym in the GeoGuessr community for “no moving, panning, or zooming.” Although my team hadn’t 100% correctly solved the challenge (we inferred part of the flag), here was our thought process tackling it. Enjoy!
NMPZ
tree . ├── 1.png ├── 2.png ... ├── 17.png └── |
The provided README
file contains the following:
1 2 3 4 |
Figure out in which country each image was taken. The first letter of every country's name will create the flag. Countries with over 10 million inhabitants will have a capital letter. Countries with less than one million inhabitants become an underscore. |
Here is a table of the provided example flag (idek{TEST_flAg}
), and how the flag construction works:
Image | Country of Origin | Population | Flag |
---|---|---|---|
⠀ | |||
1.png | Turkey | 84,680,273 (2021) | T |
2.png | Ecuador | 18,145,568 (2023) | E |
3.png | Spain | 47,615,034 (2022) | S |
4.png | Thailand | 66,883,467 (2023) | T |
5.png | Vatican City | 825 (2019) | _ |
6.png | Finland | 5,528,796 (2022) | f |
7.png | Lithuania | 2,839,020 (2022) | l |
8.png | Argentina | 47,327,407 (2022) | A |
9.png | Georgia | 3,688,600 (2022) | g |
We’re given… 17 different screenshots of locations on Google Street View. Currently, our goal is to find the country of origin for each and every single one of these screenshots, and to combine each letter together to form the flag (as per the README
). Here’s a quick preview of all of them:
1.png
Captured: March 2022
2.png
Captured: November 2011
3.png
Captured: June 2019
4.png
Captured: December 2014
5.png
Captured: September 2021
6.png
Captured: August 2013
7.png
Captured: November 2014
8.png
Captured: April 2013
9.png
Captured: August 2014
10.png
Captured: November 2014
11.png
Captured: September 2012
12.png
Captured: November 2022
13.png
Captured: October 2020
14.png
Captured: June 2015
15.png
Captured: March 2012
16.png
Captured: June 2016
17.png
Captured: June 2013
Let’s get to work.
1.png
Looks like we’re on a waterfront walkway with a beautiful view of a harbor. A quick Google Lens results in a “Muerta da Urca“ in Rio de Janeiro, Brazil:
Oh, yeah, there’s totally a World Wonder in the background by the way… Christ the Redeemer:
Since Brazil had a population of ~215 million in 2022, it’ll be capitalized in the flag. For brevity’s sake, I’ll be omitting the populations from here on out – however, I’ll still include them (alongside sources) in the upcoming progress tables.
Trivial! 1/17 down.
idek{B
_________________}
2.png
Wow… this is the most Russia photo I’ve ever seen! If you don’t believe me, here’s a Google Lens of the very evident St. Basil’s Cathedral looming in the background:
idek{BR
________________}
3.png
Finally, no more trivial landmarks in the background! Looks like we’re now on the roadside of some European business-y area. I quickly noticed a name on the brown sign attached to the streetlight:
It reads “Kalamaja”, which upon a quick Google results in a small city district in Tallinn, Estonia:
idek{BRe
______________}
4.png
The middle of nowhere… a classic. Let’s see what the Google Lens yields:
The first result identifies a Stuart Highway, which runs straight through central Australia (a.k.a. the middle of nowhere). Also, if you look closely, there’s a reflector sign in the center of the photo which looks exactly like the Australian bollard on geohints.com, a resource for GeoGuessr players:
Additionally, a key “Australian” identifier would be the orangey dirt on the roadsides, which is common around the country.
idek{BReA
____________}
5.png
This one was extraordinarily rough. According to the author themselves:
its hilarious that every single person got one country wrong, but the letter was the same so it didnt matter… you included 😉
…and apparently this was the one that everyone was messing up!
Let’s move on to my approach. I noticed a few things:
- The extraordinarily ambiguous “Third St” on top of the grey SUV in front of us
- The words “Al-Siraad Plaza” plastered to the side of the grey building on the left
- The words “Ab-Furqan” on the poster above the white/green checkered wall on the left
- Arabic script on the walls of the white/green building on the right
- An advertisement for “Peri Peri Pizza” on the far right
- Consistently yellow license plates
All signs point to an Arabic-speaking country. In addition, since we solved each image out of order (and knew the next character would be an underscore) the flag contained the word segment BREA-
, which only had three possibilities to form a proper word: BREAD
, BREAK
, and BREAM
(which we ruled out due to unlikeliness). As a result, we simply guessed the country to be Kazakhstan (even though it doesn’t have official Google Street View coverage and Arabic isn’t a nationally recognized language).
GeoGuessr Meta: The Infamous Snorkel
Now… here is the absolutely crazy part. After solving the challenge, the author revealed to me what the actual country was:
do you see the little snorkel on the right front corner of your car in 5.png?
i implore you to google “geoguessr snorkel” haha
I had no idea what they were talking about, so I zoomed in on the car and lo and behold, snorkel:
I did a quick Google search, and found a tweet from the official GeoGuessr Twitteraccount:
Apparently, this was one of the strategies that GeoGuessr pros use to quickly identify countries: using the car the Photo Sphere was taken from to their advantage, considered to be part of the “meta” game. The “ Kenyan Snorkel” was one of the more infamous ones, and I had no idea it existed. I was absolutely blown away.
idek{BReAK
___________}
6.png
Ah, yes, another “middle of nowhere.” This time, however, it’s a bit easier! Here’s the Google Lens yield:
Yep, that’s definitely Iceland. Here are some things you use to identify Iceland:
- 99% of the time there will be overcast skies
- Off-green, almost yellow-ish grass. Here is an example from GeoHints:
- Bollards! These ones are bright yellow with a diagonally pointed top, and a white reflector:
This character will be an underscore (_
), since the population of Iceland is 376,000 (2022).
idek{BReAK_
__________}
7.png
Wow… I’ve never seen a neighborhood this massive with not a single piece of foliage in sight. Here’s the Google Lens output:
Definitely Ulaanbaatar, Mongolia! We confirmed it with the license plate of the car on the left:
idek{BReAK_m
_________}
8.png
This was arguably one of the hardest to solve (and one that we got incorrect). Here’s the Google Lens output:
No idea! Our original guess was the Philippines or Indonesia, but BReAK_m(P/I)_
didn’t make any sense. We moved on to the next image and discovered it was an underscore (_
), and eventually came to the conclusion that the country had to either start with E
or Y
to make any sense (to make either BReAK_m(Y/y)
or BReAK_m(E/e)
). The only recognized country which starts with Y is Yemen, which was an unlikely guess because of the consistent greenery, foliage, and hills (in the Arabian Peninsula, practically all desert).
In accordance with E
/e
as the only likely character, we eventually settled on either El Salvador or Ecuador, so this character would be either uppercase or lowercase.
idek{BReAK_m(E/e)
________}
9.png
A Photo Sphere in the middle of the sea! Looks like we’re in a pretty large city, and it’s giving off tourist resort-y vibes. Here’s the Google Lens output:
It looks like it’s identified the cityscape as belonging to Monaco. It’s even identified the facade of one of the buildings in the city as the Opéra de Monte-Carlo:
Let’s add an underscore to the flag, since Monaco’s population is 37,308 (2016).
idek{BReAK_m(E/e)_
_______}
10.png
We’re now given a small town in the hills of an assumingly European country (overall house aesthetic). Here’s the Google Lens output:
Lens results are giving me either Switzerland or Norway. My suspicions for Switzerland were confirmed when I saw its recognizable square flag hanging off one of the houses:
idek{BReAK_m(E/e)_s
_______}
11.png
Splat in the middle of an inconspicuous-looking suburb! Here’s the Google Lens output when you focus in on the bollards on the street (since there’s nothing of interest anywhere else):
Scrolling through the outputs results in distinctly Polish bollards:
idek{BReAK_m(E/e)_sP
______}
12.png
More Europe! Here’s the Google Lens output:
It looks like it’s so generically European that Google Lens can’t seem to pin a single country down. Let’s zoom in to see any pertinent details:
The vertical sign reads “ELEKTRO”, whilst the lower horizontal sign reads “Weißensteiner”, two distinctly German words (with the latter being a surname, romanized into “Weissensteiner“). Although we could automatically assume Germany, there are multiple other German-speaking European countries, so we’ll have to narrow it down further.
Here’s the solution: simply Google “Elektro Weißensteiner” and you’ll find that it’s an electronics store based in Austria:
idek{BReAK_m(E/e)_sPa
_____}
Pit Stop
We’ve now come to a completely arbitrary stopping point – from here on out, each .png
will become exponentially harder… so let’s just recap what we’ve gotten so far. Note that incorrect countries will be italicized:
Image | Country of Origin | Population | Flag |
---|---|---|---|
⠀ | |||
1.png | Brazil | 215,652,035 (2023) | B |
2.png | Russia | 146,980,061 (2022) | R |
3.png | Estonia | 1,331,796 (2022) | e |
4.png | Australia | 26,033,493 (2023) | A |
5.png | Kazakhstan | 19,392,112 (2023) | K |
6.png | Iceland | 385,230 (2022) | _ |
7.png | Mongolia | 3,477,605 (2023) | m |
8.png | El Salvador / Ecuador | 6,825,935 (2021) / 18,145,568 (2023) | e /E |
9.png | Monaco | 39,150 (2021) | _ |
10.png | Switzerland | 8,789,726 (2022) | s |
11.png | Poland | 37,796,000 (2022) | P |
12.png | Austria | 9,090,868 (2022) | a |
Let’s proceed with the rest of this challenge.
13.png
This is probably the quintessential “North America” picture ever – impossibly flat land, a random city skyline in the background, and huge fields. A Google Lens search yields nothing we don’t already know:
Currently, our only issue here is telling between either Canada or the United States. Let’s narrow it down a bit more.
The only telling sign here is road markings. Since I live in the US, I know that two-way roads (with one lane per direction) are typically marked with either broken double yellow lines or solid double yellow lines. Although single dashed yellow lines exist in the US, they are much more common in Canada (albeit still existing in the US). Here’s a diagram I threw up, which you can combine with the overall “feel” of an image to make a calculated guess:
Alongside this, not a single common word in English starts with the prefix spau-
, so ruling out the US is a no-brainer. However, the above knowledge about road markings is useful when you have no flag to infer characters from!
idek{BReAK_m(E/e)_sPaC
____}
14.png
This one was actually really, really clever. Although a Google Lens yields nothing of use (since its viewpoint is a random tropical area), take a look at the bottom right-hand corner of the image:
Is that an acute accent mark on top of the letter I (í
)? Inferring from the shape of the other letters, it looks like this segment of the word spells out -íal
, which many Spanish words end with. We can safely narrow this down to a Latin-American/Spanish-speaking country.
Let’s keep inferring from the flag. It currently says BReAK_m(E/e)_sPaC
, so we can safely guess that the next country should start with e
or E
to continue the next likely word, “space.” Ecuador and El Salvador are the only Spanish-speaking countries that start with e
or E
, and I was able to narrow it down to Ecuador solely from the license plate of the car on the right, which looks like a taxi:
idek{BReAK_m(E/e)_sPaCE
___}
15.png
We are now presented with… some dilapidated, snowy houses! This will be difficult to narrow down.
Google Lens yielded nothing of use, but I did identify some Cyrillic writing on the dumpster to the left:
When a Google search for a “KMA” trash company in Eastern Europe/Russia resulted in nothing relevant, I became absolutely stumped with this challenge.
The Guesswork Begins
This was around the time my team started to suspect the flag for the challenge read “break me spacebar”, which is a meme in the GeoGuessr community for how content creator Rainbolt hits his spacebar really loudly when guessing a location on the map:
In accordance with the word “spacebar”, I narrowed the country down to the only Russian-speaking country (in terms of officially recognized languages) with starts with “B”: Belarus.
GeoGuessr Meta: Snow Coverage
So… Belarus was incorrect. However, it had a population under 10 million (similarly to the correct answer), meaning that the letter b
was correct, regardless. The real country this image was taken in was Bulgaria, which a pro player would guess due to the typical snow coverage of Google Street View. According to this GeoGuessr Tips article:
Hungary is one of three European countries that can have similar, bleak, winter scenery with trees without leaves and snowfall beside the road. The other two countries are Bulgaria and small parts of Czechia.
Much of Bulgarian Street View was taken in winter and thus the trees are often without leaves and the Street View scenes in Bulgaria are often fairly bleak. Within Europe, Hungary and parts of Czechia have similar bleak wintery scenery. Bulgaria is one of the poorest countries in Europe and the Bulgarian roads reflect this fact. These roads are commonly crumbling and filled with cracks and holes.
So when you see a combination of dilapidation/bleakness and snowiness, Bulgaria, Hungary, or the Czech Republic would be your best guesses.
idek{BReAK_m(E/e)_sPaCEb
__}
16.png
Beautiful hills and mountains… However, I genuinely have no idea where this could be!
Let’s start off with what little we have, and analyze the black and white chevron marker in the center of the image:
I initially scoured the internet for countries which use this specific chevron and came across this map, courtesy of user u/isaacSW on the r/geoguessr subreddit:
According to this map, the only countries which use white-on-black turn chevrons are the United Kingdom, Switzerland, Italy, Greece, Albania, and occasionally Spain.
Since this part of the flag says “spacebar”, the only choice which starts with “A” is Albania, so we will be using a
for this character.
GeoGuessr Meta: Rifts in the Sky
After the challenge was completed, the author revealed something really interesting about this image… “rifts in the sky“:
Apparently, for countries like Albania, Montenegro, and Senegal, there are camera imperfections in the Photo Sphere which result in creases in the sky:
We can see the rift itself in 16.png
in the top center of the image:
Little meta tricks and trivia like these are what make GeoGuessr such an interesting game.
idek{BReAK_m(E/e)_sPaCEba
_}
17.png
To be honest, we didn’t solve this one at all – we just completed the sentence “break me spacebar” and guessed the last character was either R
or r
. Our original Cambodia guess didn’t make any sense, anyways 😛
GeoGuessr Meta: The Sakhalin Plant
The author of the challenge revealed that the last location was Russia, on the large island of Sakhalin north of Japan:
The intended method of identifying the location was to analyze this patch of particular foliage in the image:
This plant is called butterbur (Petasites japonicus, or simply “The Sakhalin Plant”), and it’s native to Sakhalin, Japan, China, and / Korea. Apparently, GeoGuessr pros can instantly identify this particular area of Russia from this plant alone!
idek{BReAK_m(E/e)_sPaCEbaR}
Afterword
With this, the entire flag is revealed, and was successfully submitted with a lowercase e
for the eighth character (the country was actually Eswatini); the flag is idek{BReAK_me_sPaCEbaR}
.
This challenge would have not been possible if the flag wasn’t made up of recognizable English words. When we were approaching the end, we simply inferred that the last bit spelled “spacebar” – although we could have brute forced all 8 different capitalizations of “bar” (2^3) by the time we finished “sPaCE”, we felt like doing so would have detracted from the fun of the challenge.
Overall, I didn’t just learn more about GEOSINT-style challenges – I came to a greater understanding of how absolutely massive Earth is. I guess that’s part of the fun in playing GeoGuessr!
Here is a final table of all the countries (and what I guessed incorrectly):
Image | Correct Country | Population | Flag | Incorrect Guess |
---|---|---|---|---|
⠀ | ||||
1.png | Brazil | 215,652,035 (2023) | B |
|
2.png | Russia | 146,980,061 (2022) | R |
|
3.png | Estonia | 1,331,796 (2022) | e |
|
4.png | Australia | 26,033,493 (2023) | A |
|
5.png | Kenya | 47,564,296 (2019) | K |
Kazakhstan |
6.png | Iceland | 385,230 (2022) | _ |
|
7.png | Mongolia | 3,477,605 (2023) | m |
|
8.png | Eswatini | 1,202,000 (2021) | e |
El Salvador |
9.png | Monaco | 39,150 (2021) | _ |
|
10.png | Switzerland | 8,789,726 (2022) | s |
|
11.png | Poland | 37,796,000 (2022) | P |
|
12.png | Austria | 9,090,868 (2022) | a |
|
13.png | Canada | 39,082,640 (2023) | C |
|
14.png | Ecuador | 18,146,244 (2023) | E |
|
15.png | Bulgaria | 6,520,314 (2021) | b |
Belarus |
16.png | Albania | 2,829,741 (2021) | a |
|
17.png | Russia | 146,980,061 (2022) | R |
Resources
Here are some of the websites I used throughout the challenge-solving process:
- GeoHints – Provides images and key characteristics of every covered country in Google Street View
- GeoTips – Lots of meta stuff (e.g. camera quality, cars vs. trekkers, etc.)
- r/geoguessr – Useful community diagrams and wiki
- The Digital Labyrinth – GeoGuessr – An absolutely massive blog post with everything you need to know about the game and its tricks
- World License Plates – Scanned license plates of the majority of countries, including old and new designs
- Google Lens – A powerful image recognition tool which can identify objects, text, landmarks, foliage, you name it and provide similar images
原文始发于ENSCRIBE:idekCTF 2022: NMPZ (OSINT)