idekCTF 2022: NMPZ (OSINT)

ctfsidekosint

Banner

Intro

Recently my team (Project Sekai) and I played idekCTF 2022* (with an asterisk… because it’s 2023), which was an extraordinarily “race against the clock”-esque CTF with a ridiculously large pool of challenges - 58 of them, over a 48-hour runtime. We managed to snag a 1st place finish after countless hours of not touching grass (despite analyzing it throughout this challenge), and I would like to share my personal favorite OSINT challenge of the competition - “NMPZ”, an acronym in the GeoGuessr community for “no moving, panning, or zooming.” Although my team hadn’t 100% correctly solved the challenge (we inferred part of the flag), here was our thought process tackling it. Enjoy!

NMPZ Banner

NMPZ

author: jazzzooo
genre: osint
points: 474
files: nmpz.zip
Are you as good as Rainbolt at GeoGuessr? Prove your skills by geo-guessing these 17 countries. 
$ tree
.
├── 1.png
├── 2.png
...
├── 17.png
└── README

The provided README file contains the following:

README(.txt)
1
2
3
4
Figure out in which country each image was taken.
The first letter of every country's name will create the flag.
Countries with over 10 million inhabitants will have a capital letter.
Countries with less than one million inhabitants become an underscore.

Here is a table of the provided example flag (idek{TEST_flAg}), and how the flag construction works:

Image Country of Origin Population Flag
1.png Turkey 84,680,273 (2021) T
2.png Ecuador 18,145,568 (2023) E
3.png Spain 47,615,034 (2022) S
4.png Thailand 66,883,467 (2023) T
5.png Vatican City 825 (2019) _
6.png Finland 5,528,796 (2022) f
7.png Lithuania 2,839,020 (2022) l
8.png Argentina 47,327,407 (2022) A
9.png Georgia 3,688,600 (2022) g

We’re given… 17 different screenshots of locations on Google Street View. Currently, our goal is to find the country of origin for each and every single one of these screenshots, and to combine each letter together to form the flag (as per the README). Here’s a quick preview of all of them:

1.png

Captured: March 2022

1.png

2.png

Captured: November 2011

2.png

3.png

Captured: June 2019

3.png

4.png

Captured: December 2014

4.png

5.png

Captured: September 2021

5.png

6.png

Captured: August 2013

6.png

7.png

Captured: November 2014

7.png

8.png

Captured: April 2013

8.png

9.png

Captured: August 2014

9.png

10.png

Captured: November 2014

10.png

11.png

Captured: September 2012

11.png

12.png

Captured: November 2022

12.png

13.png

Captured: October 2020

13.png

14.png

Captured: June 2015

14.png

15.png

Captured: March 2012

15.png

16.png

Captured: June 2016

16.png

17.png

Captured: June 2013

17.png

Let’s get to work.

1.png

1.png

Looks like we’re on a waterfront walkway with a beautiful view of a harbor. A quick Google Lens results in a “Muerta da Urca“ in Rio de Janeiro, Brazil:

1-lens.png

Oh, yeah, there’s totally a World Wonder in the background by the way… Christ the Redeemer:

Since Brazil had a population of ~215 million in 2022, it’ll be capitalized in the flag. For brevity’s sake, I’ll be omitting the populations from here on out - however, I’ll still include them (alongside sources) in the upcoming progress tables.

Trivial! 1/17 down.

Flag Progress: idek{B_________________}

2.png

2.png

Wow… this is the most Russia photo I’ve ever seen! If you don’t believe me, here’s a Google Lens of the very evident St. Basil’s Cathedral looming in the background:

2-lens.png

Flag Progress: idek{BR________________}

3.png

3.png

Finally, no more trivial landmarks in the background! Looks like we’re now on the roadside of some European business-y area. I quickly noticed a name on the brown sign attached to the streetlight:

It reads “Kalamaja”, which upon a quick Google results in a small city district in Tallinn, Estonia:

3-google.png

Flag Progress: idek{BRe______________}

4.png

4.png

The middle of nowhere… a classic. Let’s see what the Google Lens yields:

4-lens.png

The first result identifies a Stuart Highway, which runs straight through central Australia (a.k.a. the middle of nowhere). Also, if you look closely, there’s a reflector sign in the center of the photo which looks exactly like the Australian bollard on geohints.com, a resource for GeoGuessr players:

Zoomed in bollard

GeoHints Australian bollard

Additionally, a key “Australian” identifier would be the orangey dirt on the roadsides, which is common around the country.

Flag Progress: idek{BReA____________}

5.png

5.png

This one was extraordinarily rough. According to the author themselves:

its hilarious that every single person got one country wrong, but the letter was the same so it didnt matter… you included ;)

- jazzzooo

…and apparently this was the one that everyone was messing up!

Let’s move on to my approach. I noticed a few things:

5-lettered.png

  1. The extraordinarily ambiguous "Third St" on top of the grey SUV in front of us
  2. The words "Al-Siraad Plaza" plastered to the side of the grey building on the left
  3. The words "Ab-Furqan" on the poster above the white/green checkered wall on the left
  4. Arabic script on the walls of the white/green building on the right
  5. An advertisement for "Peri Peri Pizza" on the far right
  6. Consistently yellow license plates

All signs point to an Arabic-speaking country. In addition, since we solved each image out of order (and knew the next character would be an underscore) the flag contained the word segment BREA-, which only had three possibilities to form a proper word: BREAD, BREAK, and BREAM (which we ruled out due to unlikeliness). As a result, we simply guessed the country to be Kazakhstan (even though it doesn’t have official Google Street View coverage and Arabic isn’t a nationally recognized language).

GeoGuessr Meta: The Infamous Snorkel

Now… here is the absolutely crazy part. After solving the challenge, the author revealed to me what the actual country was:

do you see the little snorkel on the right front corner of your car in 5.png?
i implore you to google “geoguessr snorkel” haha

- jazzzooo

I had no idea what they were talking about, so I zoomed in on the car and lo and behold, snorkel:

I did a quick Google search, and found a tweet from the official GeoGuessr Twitter account:

Apparently, this was one of the strategies that GeoGuessr pros use to quickly identify countries: using the car the Photo Sphere was taken from to their advantage, considered to be part of the “meta” game. The “ Kenyan Snorkel” was one of the more infamous ones, and I had no idea it existed. I was absolutely blown away.

Flag Progress: idek{BReAK____________}

6.png

6.png

Ah, yes, another “middle of nowhere.” This time, however, it’s a bit easier! Here’s the Google Lens yield:

6-lens.png

Yep, that’s definitely Iceland. Here are some things you use to identify Iceland:

  • 99% of the time there will be overcast skies
  • Off-green, almost yellow-ish grass. Here is an example from GeoHints:

6-geohints.png

  • Bollards! These ones are bright yellow with a diagonally pointed top, and a white reflector:

Zoomed in bollard

GeoHints Icelandic bollard

This character will be an underscore (_), since the population of Iceland is 376,000 (2022).

Flag Progress: idek{BReAK____________}

7.png

7.png

Wow… I’ve never seen a neighborhood this massive with not a single piece of foliage in sight. Here’s the Google Lens output:

7-lens.png

Definitely Ulaanbaatar, Mongolia! We confirmed it with the license plate of the car on the left:

Zoomed in plate

Generic Mongolian plate

Flag Progress: idek{BReAK_m__________}

8.png

8.png

This was arguably one of the hardest to solve (and one that we got incorrect). Here’s the Google Lens output:

8-lens.png

No idea! Our original guess was the Philippines or Indonesia, but BReAK_m(P/I)_ didn’t make any sense. We moved on to the next image and discovered it was an underscore (_), and eventually came to the conclusion that the country had to either start with E or Y to make any sense (to make either BReAK_m(Y/y) or BReAK_m(E/e)). The only recognized country which starts with Y is Yemen, which was an unlikely guess because of the consistent greenery, foliage, and hills (in the Arabian Peninsula, practically all desert).

In accordance with E/e as the only likely character, we eventually settled on either El Salvador or Ecuador, so this character would be either uppercase or lowercase.

Flag Progress: idek{BReAK_m(E/e)________}

9.png

9.png

A Photo Sphere in the middle of the sea! Looks like we’re in a pretty large city, and it’s giving off tourist resort-y vibes. Here’s the Google Lens output:

9-lens.png

It looks like it’s identified the cityscape as belonging to Monaco. It’s even identified the facade of one of the buildings in the city as the Opéra de Monte-Carlo:

9-facade.png

Let’s add an underscore to the flag, since Monaco’s population is 37,308 (2016).

Flag Progress: idek{BReAK_m(E/e)_________}

10.png

10.png

We’re now given a small town in the hills of an assumingly European country (overall house aesthetic). Here’s the Google Lens output:

10-lens.png

Lens results are giving me either Switzerland or Norway. My suspicions for Switzerland were confirmed when I saw its recognizable square flag hanging off one of the houses:

10-zoom.png

Flag Progress: idek{BReAK_m(E/e)_s_______}

11.png

11.png

Splat in the middle of an inconspicuous-looking suburb! Here’s the Google Lens output when you focus in on the bollards on the street (since there’s nothing of interest anywhere else):

11-lens.png

Scrolling through the outputs results in distinctly Polish bollards:

Zoomed in bollard

GeoHints Polish bollard

Flag Progress: idek{BReAK_m(E/e)_sP______}

12.png

12.png

More Europe! Here’s the Google Lens output:

12-lens.png

It looks like it’s so generically European that Google Lens can’t seem to pin a single country down. Let’s zoom in to see any pertinent details:

12-zoom.png

The vertical sign reads “ELEKTRO”, whilst the lower horizontal sign reads “Weißensteiner”, two distinctly German words (with the latter being a surname, romanized into “Weissensteiner“). Although we could automatically assume Germany, there are multiple other German-speaking European countries, so we’ll have to narrow it down further.

Here’s the solution: simply Google “Elektro Weißensteiner” and you’ll find that it’s an electronics store based in Austria:

12-google.png

Flag Progress: idek{BReAK_m(E/e)_sPa_____}

Pit Stop

We’ve now come to a completely arbitrary stopping point - from here on out, each .png will become exponentially harder… so let’s just recap what we’ve gotten so far. Note that incorrect countries will be italicized:

Image Country of Origin Population Flag
1.png Brazil 215,652,035 (2023) B
2.png Russia 146,980,061 (2022) R
3.png Estonia 1,331,796 (2022) e
4.png Australia 26,033,493 (2023) A
5.png Kazakhstan 19,392,112 (2023) K
6.png Iceland 385,230 (2022) _
7.png Mongolia 3,477,605 (2023) m
8.png El Salvador / Ecuador 6,825,935 (2021) / 18,145,568 (2023) e/E
9.png Monaco 39,150 (2021) _
10.png Switzerland 8,789,726 (2022) s
11.png Poland 37,796,000 (2022) P
12.png Austria 9,090,868 (2022) a

Let’s proceed with the rest of this challenge.

13.png

13.png

This is probably the quintessential “North America” picture ever - impossibly flat land, a random city skyline in the background, and huge fields. A Google Lens search yields nothing we don’t already know:

13-lens.png

Currently, our only issue here is telling between either Canada or the United States. Let’s narrow it down a bit more.

The only telling sign here is road markings. Since I live in the US, I know that two-way roads (with one lane per direction) are typically marked with either broken double yellow lines or solid double yellow lines. Although single dashed yellow lines exist in the US, they are much more common in Canada (albeit still existing in the US). Here’s a diagram I threw up, which you can combine with the overall “feel” of an image to make a calculated guess:

13-streets.svg

Alongside this, not a single common word in English starts with the prefix spau-, so ruling out the US is a no-brainer. However, the above knowledge about road markings is useful when you have no flag to infer characters from!

Flag Progress: idek{BReAK_m(E/e)_sPaC____}

14.png

14.png

This one was actually really, really clever. Although a Google Lens yields nothing of use (since its viewpoint is a random tropical area), take a look at the bottom right-hand corner of the image:

14-bottom.png

Is that an acute accent mark on top of the letter I (í)? Inferring from the shape of the other letters, it looks like this segment of the word spells out -íal, which many Spanish words end with. We can safely narrow this down to a Latin-American/Spanish-speaking country.

Let’s keep inferring from the flag. It currently says BReAK_m(E/e)_sPaC, so we can safely guess that the next country should start with e or E to continue the next likely word, “space.” Ecuador and El Salvador are the only Spanish-speaking countries that start with e or E, and I was able to narrow it down to Ecuador solely from the license plate of the car on the right, which looks like a taxi:

Zoomed in plate

Ecuadorian plate for commercial vehicles (taxis, buses)

Flag Progress: idek{BReAK_m(E/e)_sPaCE___}

15.png

15.png

We are now presented with… some dilapidated, snowy houses! This will be difficult to narrow down.

Google Lens yielded nothing of use, but I did identify some Cyrillic writing on the dumpster to the left:

15-bin.png

When a Google search for a “KMA” trash company in Eastern Europe/Russia resulted in nothing relevant, I became absolutely stumped with this challenge.

The Guesswork Begins

This was around the time my team started to suspect the flag for the challenge read “break me spacebar”, which is a meme in the GeoGuessr community for how content creator Rainbolt hits his spacebar really loudly when guessing a location on the map:

15-spacebar.png

In accordance with the word “spacebar”, I narrowed the country down to the only Russian-speaking country (in terms of officially recognized languages) with starts with “B”: Belarus.

GeoGuessr Meta: Snow Coverage

So… Belarus was incorrect. However, it had a population under 10 million (similarly to the correct answer), meaning that the letter b was correct, regardless. The real country this image was taken in was Bulgaria, which a pro player would guess due to the typical snow coverage of Google Street View. According to this GeoGuessr Tips article:

Hungary is one of three European countries that can have similar, bleak, winter scenery with trees without leaves and snowfall beside the road. The other two countries are Bulgaria and small parts of Czechia.

Much of Bulgarian Street View was taken in winter and thus the trees are often without leaves and the Street View scenes in Bulgaria are often fairly bleak. Within Europe, Hungary and parts of Czechia have similar bleak wintery scenery. Bulgaria is one of the poorest countries in Europe and the Bulgarian roads reflect this fact. These roads are commonly crumbling and filled with cracks and holes.

So when you see a combination of dilapidation/bleakness and snowiness, Bulgaria, Hungary, or the Czech Republic would be your best guesses.

Flag Progress: idek{BReAK_m(E/e)_sPaCEb__}

16.png

16.png

Beautiful hills and mountains… However, I genuinely have no idea where this could be!

Let’s start off with what little we have, and analyze the black and white chevron marker in the center of the image:

16-zoom.png

I initially scoured the internet for countries which use this specific chevron and came across this map, courtesy of user u/isaacSW on the r/geoguessr subreddit:

16-map.webp

According to this map, the only countries which use white-on-black turn chevrons are the United Kingdom, Switzerland, Italy, Greece, Albania, and occasionally Spain.

Since this part of the flag says “spacebar”, the only choice which starts with “A” is Albania, so we will be using a for this character.

GeoGuessr Meta: Rifts in the Sky

After the challenge was completed, the author revealed something really interesting about this image… “rifts in the sky“:

Apparently, for countries like Albania, Montenegro, and Senegal, there are camera imperfections in the Photo Sphere which result in creases in the sky:

16-rift.png

We can see the rift itself in 16.png in the top center of the image:

16-rift2.png

Little meta tricks and trivia like these are what make GeoGuessr such an interesting game.

Flag Progress: idek{BReAK_m(E/e)_sPaCEba_}

17.png

17.png

To be honest, we didn’t solve this one at all - we just completed the sentence “break me spacebar” and guessed the last character was either R or r. Our original Cambodia guess didn’t make any sense, anyways :P

GeoGuessr Meta: The Sakhalin Plant

The author of the challenge revealed that the last location was Russia, on the large island of Sakhalin north of Japan:

The intended method of identifying the location was to analyze this patch of particular foliage in the image:

This plant is called butterbur (Petasites japonicus, or simply “The Sakhalin Plant”), and it’s native to Sakhalin, Japan, China, and / Korea. Apparently, GeoGuessr pros can instantly identify this particular area of Russia from this plant alone!

Flag Progress: idek{BReAK_m(E/e)_sPaCEbaR}

Afterword

With this, the entire flag is revealed, and was successfully submitted with a lowercase e for the eighth character (the country was actually Eswatini); the flag is idek{BReAK_me_sPaCEbaR}.

This challenge would have not been possible if the flag wasn’t made up of recognizable English words. When we were approaching the end, we simply inferred that the last bit spelled “spacebar” - although we could have brute forced all 8 different capitalizations of “bar” (2^3) by the time we finished “sPaCE”, we felt like doing so would have detracted from the fun of the challenge.

Overall, I didn’t just learn more about GEOSINT-style challenges - I came to a greater understanding of how absolutely massive Earth is. I guess that’s part of the fun in playing GeoGuessr!

Here is a final table of all the countries (and what I guessed incorrectly):

Image Correct Country Population Flag Incorrect Guess
1.png Brazil 215,652,035 (2023) B
2.png Russia 146,980,061 (2022) R
3.png Estonia 1,331,796 (2022) e
4.png Australia 26,033,493 (2023) A
5.png Kenya 47,564,296 (2019) K Kazakhstan
6.png Iceland 385,230 (2022) _
7.png Mongolia 3,477,605 (2023) m
8.png Eswatini 1,202,000 (2021) e El Salvador
9.png Monaco 39,150 (2021) _
10.png Switzerland 8,789,726 (2022) s
11.png Poland 37,796,000 (2022) P
12.png Austria 9,090,868 (2022) a
13.png Canada 39,082,640 (2023) C
14.png Ecuador 18,146,244 (2023) E
15.png Bulgaria 6,520,314 (2021) b Belarus
16.png Albania 2,829,741 (2021) a
17.png Russia 146,980,061 (2022) R

Resources

Here are some of the websites I used throughout the challenge-solving process:

  • GeoHints - Provides images and key characteristics of every covered country in Google Street View
  • GeoTips - Lots of meta stuff (e.g. camera quality, cars vs. trekkers, etc.)
  • r/geoguessr - Useful community diagrams and wiki
  • The Digital Labyrinth - GeoGuessr - An absolutely massive blog post with everything you need to know about the game and its tricks
  • World License Plates - Scanned license plates of the majority of countries, including old and new designs
  • Google Lens - A powerful image recognition tool which can identify objects, text, landmarks, foliage, you name it and provide similar images