EN | ZH The audio-related CTF topics mainly use steganographic strategies, which are mainly divided into MP3 steganography, LSB steganography, waveform steganography, spectrum steganography, and so on.

Common means

Information that can be found through binwalk and strings is not detailed.

MP3 steganography


MP3 steganography is mainly using the [Mp3Stego] ( tool for steganography. The basic introduction and usage are as follows:

MP3Stego will hide information in MP3 files during the compression process. The data is first compressed, encrypted and then hidden in the MP3 bit stream.

encode -E hidden_text.txt -P pass svega.wav svega_stego.mp3

decode -X -P pass svega_stego.mp3


ISCC-2016: Music Never Sleep

After the initial observation, no one was found by strings, and there was no abnormal guess in listening to the audio. The steganographic software was used to hide the data.

After getting the password, use Mp3Stego to decrypt it.

decode.exe -X ISCC2016.mp3 -P bfsiscc2016

Get the file iscc2016.mp3.txt:


Get flag after Base64 && Base32.



Generally speaking, in the direction of the waveform, after observing the abnormality, the relevant software (Audacity, Adobe Audition, etc.) is used to observe the waveform law, and the waveform is further converted into a 01 string, etc., thereby extracting and converting the final flag.


ISCC-2017: Misc-04

In fact, the hidden information in this question is in the first part of the audio. If you don't listen carefully, you may mistake it for steganography.

The high is 1 low and 0 is converted to get the 01 string.


Convert to ASCII, decrypt the Morse password and get the flag.


Some of the more complicated ones may first perform a series of processing on the audio, such as filtering. For example [JarvisOJ - Voice of God Writeup] (



Spectral steganography in audio hides strings in the spectrum. Such audio usually has a more pronounced feature that sounds a bit murmur or harsh.



LSB audio steganography


Similar to the LSB steganography in image steganography, there is also a corresponding LSB steganography in the audio. The [Silenteye] ( tool can be used mainly as follows:

SilentEye is a cross-platform application design for an easy use of steganography, in this case hiding messages into pictures or sounds. It provides a pretty nice interface and an easy integration of new steganography algorithm and cryptography process by using a plug-ins system.


> 2015 Guangdong Strong Net Cup - Little Apple

Just use slienteye.