BTLO - Meta
Hey you and welcome to my blog. Today i’ll be solving a challenge from BTLO called Meta
. It’s under the Digital forensics category but i found it more of OSINT. The challenge was relatively easy.
Here is the brief given for the challenge:
The attached images were posted by a criminal on the run, with the caption “I’m roaming free. You will never catch me”. We believe you can assist us in proving him wrong.
Some of the tools recommended to use for this challenge include:
- Exiftool - a free and open-source software program for reading, writing, and manipulating image, audio, video, and PDF metadata. It is platform independent, available as both a Perl library and command-line application. You can read more about how it works, features, Supported File Types, etc on Phil Harvey’s site
- Reverse Image Search - a content-based image retrieval (CBIR) query technique that involves providing the CBIR system with a sample image that it will then base its search upon; in terms of information retrieval, the sample image is what formulates a search query. In particular, reverse image search is characterized by a lack of search terms. This effectively removes the need for a user to guess at keywords or terms that may or may not return a correct result. Reverse image search also allows users to discover content that is related to a specific sample image, popularity of an image, and discover manipulated versions and derivative works. Source: Wikipedia
With that in mind, lets get started
What is the camera model? (2 points)
Upon downloading and extracting the provided zip file, we get two images. Running exiftool on the first image gives us a ton of information needed to answer question 1-3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
➜ ./exiftool uploaded_1.JPG
ExifTool Version Number : 12.21
File Name : uploaded_1.JPG
Directory : .
File Size : 3.4 MiB
File Modification Date/Time : 2022:02:23 13:14:41-05:00
File Access Date/Time : 2022:02:23 13:14:41-05:00
File Inode Change Date/Time : 2022:02:23 13:14:41-05:00
File Permissions : -rw-r--r--
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
Exif Byte Order : Little-endian (Intel, II)
Compression : JPEG (old-style)
Make : Canon
Camera Model Name : Canon EOS 550D
Orientation : Rotate 90 CW
X Resolution : 72
Y Resolution : 72
Resolution Unit : inches
Modify Date : 2021:11:02 13:20:23
Y Cb Cr Positioning : Co-sited
Exposure Time : 1/1000
F Number : 18.0
Exposure Program : Manual
ISO : 100
Exif Version : 0221
Date/Time Original : 2021:11:02 13:20:23
Create Date : 2021:11:02 13:20:23
Components Configuration : Y, Cb, Cr, -
Shutter Speed Value : 1/1024
Aperture Value : 18.2
Flash : Off, Did not fire
Focal Length : 55.0 mm
Macro Mode : Normal
Self Timer : Off
Quality : Fine
Canon Flash Mode : Off
Continuous Drive : Single
Focus Mode : One-shot AF
Record Mode : JPEG
Canon Image Size : Large
Easy Mode : Manual
Digital Zoom : None
Contrast : Normal
Saturation : Normal
Metering Mode : Evaluative
Focus Range : Not Known
Canon Exposure Mode : Manual
Lens Type : Canon EF-S 55-250mm f/4-5.6 IS
Max Focal Length : 250 mm
Min Focal Length : 55 mm
Focal Units : 1/mm
Max Aperture : 4
Min Aperture : 23
Flash Activity : 0
Flash Bits : (none)
Zoom Source Width : 0
Zoom Target Width : 0
Manual Flash Output : n/a
Color Tone : Normal
Auto ISO : 100
Base ISO : 100
Measured EV : 14.88
Target Aperture : 18
Target Exposure Time : 1/1024
Exposure Compensation : 0
White Balance : Auto
Slow Shutter : None
Shot Number In Continuous Burst : 0
Optical Zoom Code : n/a
Camera Temperature : 50 C
Flash Guide Number : 0
Flash Exposure Compensation : 0
Auto Exposure Bracketing : Off
AEB Bracket Value : 0
Control Mode : Camera Local Control
Measured EV 2 : 17.375
Bulb Duration : 0
Camera Type : EOS High-end
ND Filter : n/a
Canon Image Type : Canon EOS 550D
Canon Firmware Version : Firmware Version 1.0.9
Owner Name :
Serial Number : 1932126681
Flash Metering Mode : Off
Camera Orientation : Rotate 90 CW
Firmware Version : 1.0.9
File Index : 3845
Directory Index : 102
Contrast Standard : 0
Sharpness Standard : 3
Saturation Standard : 0
Color Tone Standard : 0
Contrast Portrait : 0
Sharpness Portrait : 2
Saturation Portrait : 0
Color Tone Portrait : 0
Contrast Landscape : 0
Sharpness Landscape : 4
Saturation Landscape : 0
Color Tone Landscape : 0
Contrast Neutral : 0
Sharpness Neutral : 0
Saturation Neutral : 0
Color Tone Neutral : 0
Contrast Faithful : 0
Sharpness Faithful : 0
Saturation Faithful : 0
Color Tone Faithful : 0
Contrast Monochrome : 0
Sharpness Monochrome : 3
Filter Effect Monochrome : None
Toning Effect Monochrome : None
Contrast User Def 1 : 0
Sharpness User Def 1 : 3
Saturation User Def 1 : 0
Color Tone User Def 1 : 0
Filter Effect User Def 1 : None
Toning Effect User Def 1 : None
Contrast User Def 2 : 0
Sharpness User Def 2 : 3
Saturation User Def 2 : 0
Color Tone User Def 2 : 0
Filter Effect User Def 2 : None
Toning Effect User Def 2 : None
Contrast User Def 3 : 0
Sharpness User Def 3 : 3
Saturation User Def 3 : 0
Color Tone User Def 3 : 0
Filter Effect User Def 3 : None
Toning Effect User Def 3 : None
User Def 1 Picture Style : Standard
User Def 2 Picture Style : Standard
User Def 3 Picture Style : Standard
Canon Model ID : EOS Rebel T2i / 550D / Kiss X4
Thumbnail Image Valid Area : 0 159 7 112
Serial Number Format : Format 2
AF Area Mode : Single-point AF
Num AF Points : 9
Valid AF Points : 1
Canon Image Width : 5184
Canon Image Height : 3456
AF Image Width : 5184
AF Image Height : 3456
AF Area Widths : 518 0 0 0 0 0 0 0 0
AF Area Heights : 691 0 0 0 0 0 0 0 0
AF Area X Positions : 0 0 0 0 0 0 0 0 0
AF Area Y Positions : 0 0 0 0 0 0 0 0 0
AF Points In Focus : 0
AF Points Selected : 0
Original Decision Data Offset : 0
Bracket Mode : Off
Bracket Value : 0
Bracket Shot Number : 0
Raw Jpg Size : Large
Long Exposure Noise Reduction 2 : Off
WB Bracket Mode : Off
WB Bracket Value AB : 0
WB Bracket Value GM : 0
Live View Shooting : On
Focus Distance Upper : 26.1 m
Focus Distance Lower : 19.12 m
Flash Exposure Lock : Off
Lens Model : EF-S55-250mm f/4-5.6 IS
Internal Serial Number : VC1245303
Dust Removal Data : (Binary data 1024 bytes, use -b option to extract)
Crop Left Margin : 0
Crop Right Margin : 0
Crop Top Margin : 0
Crop Bottom Margin : 0
Exposure Level Increments : 1/3 Stop
ISO Expansion : Off
Flash Sync Speed Av : Auto
Long Exposure Noise Reduction : Off
High ISO Noise Reduction : Standard
Highlight Tone Priority : Disable
AF Assist Beam : Emits
Mirror Lockup : Disable
Shutter-AE Lock : AF/AE lock
Set Button When Shooting : Normal (disabled)
LCD Display At Power On : Display
Add Original Decision Data : Off
Tone Curve : Standard
Sharpness : 3
Sharpness Frequency : n/a
Sensor Red Level : 0
Sensor Blue Level : 0
White Balance Red : 0
White Balance Blue : 0
Color Temperature : 5200
Picture Style : Standard
Digital Gain : 0
WB Shift AB : 0
WB Shift GM : 0
Measured RGGB : 1056 1024 1024 1058
VRD Offset : 0
Sensor Width : 5344
Sensor Height : 3516
Sensor Left Border : 152
Sensor Top Border : 56
Sensor Right Border : 5335
Sensor Bottom Border : 3511
Black Mask Left Border : 0
Black Mask Top Border : 0
Black Mask Right Border : 0
Black Mask Bottom Border : 0
Color Data Version : 7 (500D/550D/7D/1DmkIV)
WB RGGB Levels As Shot : 2389 1024 1024 1553
Color Temp As Shot : 5586
WB RGGB Levels Auto : 2389 1024 1024 1553
Color Temp Auto : 5586
WB RGGB Levels Measured : 2386 1024 1023 1552
Color Temp Measured : 5586
WB RGGB Levels Daylight : 2250 1024 1024 1589
Color Temp Daylight : 5200
WB RGGB Levels Shade : 2583 1024 1024 1364
Color Temp Shade : 7000
WB RGGB Levels Cloudy : 2422 1024 1024 1469
Color Temp Cloudy : 6000
WB RGGB Levels Tungsten : 1621 1024 1024 2346
Color Temp Tungsten : 3200
WB RGGB Levels Fluorescent : 2005 1024 1024 2208
Color Temp Fluorescent : 3763
WB RGGB Levels Kelvin : 2250 1024 1024 1589
Color Temp Kelvin : 5200
WB RGGB Levels Flash : 2485 1024 1024 1456
Color Temp Flash : 6215
Average Black Level : 2048 2048 2048 2048
Raw Measured RGGB : 0 0 0 0
Per Channel Black Level : 2047 2047 2048 2048
Specular White Level : 12279
Linearity Upper Margin : 10000
Picture Style User Def : Standard; Standard; Standard
Picture Style PC : None; None; None
Custom Picture Style File Name :
Vignetting Corr Version : 0
Peripheral Lighting : On
Distortion Correction : Off
Chromatic Aberration Corr : Off
Peripheral Lighting Value : 35
Distortion Correction Value : 0
Original Image Width : 5184
Original Image Height : 3456
Peripheral Lighting Setting : On
Peripheral Illumination Corr : Off
Auto Lighting Optimizer : Strong
Sub Sec Time : 32
Sub Sec Time Original : 32
Sub Sec Time Digitized : 32
Flashpix Version : 0100
Color Space : sRGB
Exif Image Width : 5184
Exif Image Height : 3456
Interoperability Index : R98 - DCF basic file (sRGB)
Interoperability Version : 0100
Focal Plane X Resolution : 5728.176796
Focal Plane Y Resolution : 5808.403361
Focal Plane Resolution Unit : inches
Custom Rendered : Normal
Exposure Mode : Manual
Scene Capture Type : Standard
GPS Latitude Ref : South
GPS Longitude Ref : West
Thumbnail Offset : 7902
Thumbnail Length : 6101
Comment : relying on altered metadata to catch me?
Image Width : 5184
Image Height : 3456
Encoding Process : Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:2:2 (2 1)
Drive Mode : Single-frame Shooting
File Number : 102-3845
Lens : 55.0 - 250.0 mm
Shooting Mode : Manual
WB RGGB Levels : 2389 1024 1024 1553
Aperture : 18.0
Blue Balance : 1.516602
Image Size : 5184x3456
Lens ID : Canon EF-S 55-250mm f/4-5.6 IS
Megapixels : 17.9
Red Balance : 2.333008
Scale Factor To 35 mm Equivalent: 1.6
Shutter Speed : 1/1000
Create Date : 2021:11:02 13:20:23.32
Date/Time Original : 2021:11:02 13:20:23.32
Modify Date : 2021:11:02 13:20:23.32
Thumbnail Image : (Binary data 6101 bytes, use -b option to extract)
GPS Latitude : 32 deg 40' 3.87" S
GPS Longitude : 279 deg 29' 31.87" W
Lens : 55.0 - 250.0 mm (35 mm equivalent: 86.5 - 393.2 mm)
Circle Of Confusion : 0.019 mm
Depth Of Field : inf (6.34 m - inf)
Field Of View : 23.5 deg
Focal Length : 55.0 mm (35 mm equivalent: 86.5 mm)
GPS Position : 32 deg 40' 3.87" S, 279 deg 29' 31.87" W
Hyperfocal Distance : 8.80 m
Light Value : 18.3
Canon EOS 550D
When was the picture taken? (2 points)
2021:11:02 13:20:23
What does the comment on the first image says? (3 points)
relying on altered metadata to catch me?
Where could the criminal be? (3 points)
Doing a reverse image search, we get results which shows us that this could be Kathmandu Durbar Square.
Kathmandu Durbar Square (Basantapur Durbar Kshetra) in front of the old royal palace of the former Kathmandu Kingdom is one of three Durbar (royal palace) Squares in the Kathmandu Valley in Nepal, all of which are UNESCO World Heritage Sites. Source: Wikipedia
Kathmandu
Comments powered by Disqus.