Open in app

Sign up

Sign in

Write

Sign up

Sign in

Write-up Hacktoria’s OSINT CTF — May 2023 — Operation Bloodhound

Jeremy K
OSINT TEAM
Published in
6 min readMay 31, 2023

--

In this write-up, I will explain how I solved Hacktoria’s operation of May 2023.

Operation Bloodhound

Summary of the prologue (by chatGPT) :

Maksim, a skilled operative for the clandestine organization called the Order, receives a mysterious assignment. With his expertise honed through rigorous training, Maksim eagerly prepares for the mission. At an airport, he meets an enigmatic contact who hands him a plain envelope containing crucial information. As Maksim examines the contents, he realizes the perilous and adventurous path that lies ahead. With unwavering loyalty, he embraces the challenges and remains committed to the cause of the Order.

Summary of the instructions (by chatGPT) :

Maksim Kotova, a target of interest, has escaped and evaded capture. A GPS tracker and camera were attached to his jacket, but the GPS function is jammed. Photos taken by the device, uploaded via public Wi-Fi, must be used to locate Maksim. Once located, field agent Ricardo Alvarez, known as the Bloodhound, will be deployed to apprehend him swiftly.

Material and instructions:

5 images retracing Maksim’s travel to the hotel. The images are sorted chronologically, the first one being his departure at the airport, the last one being the hotel to geolocate.

The password is formatted as follows: hotel-name-city-phonenumber

Example: summerset-hotel-london-+442055512345

View of the 5 images:

From top-left to bottom, image 1 to image 5

Geolocation of image 1

Image 1

This is an easy one.

A simple reverse image search on Google gives you Berlin airport. Besides, in March, the operation ended in Germany between Augsburg and Munich, so it seems logical he would leave Germany.

However, this is only the departure airport, and it does not help much to solve the operation.

Geolocation of image 2

Image 2

This one is much trickier.

The resolution is too low to read any of the inscriptions. A reverse image search will not give any significant results.

A reverse image search on Yandex will even give misleading results:

Text extracted by Yandex

Indeed, there is no Starbucks coffee in the picture.

It took me time and a hint to find the right way to geolocate that picture. If you look closely, there is one element that is unique enough.

The white structure with 4 pillars joining at their base

After many reverse image searches, adjusting the cropping as much as possible, I found one airport that had the same structure: Ankara.

iStock image of Ankara airport

To confirm I was right, I looked at the shops in this airport and found that one:

Caffè Nero at Ankara airport

Great. We know where Maksim has landed.

Geolocation of image 3

Image 3

What can we see in this picture:

  • A mosque with a blue roof, two minarets with two “floors” each;
  • A big white building;
  • A sign with a crown and a word ending in “end”

That’s pretty much it.

Things that did not work:

  • Reverse image search: will at best tell you this is in Turkey because this type of mosque is typical of Ottoman architecture;
  • Overpass turbo (https://overpass-turbo.eu/): I spent hours trying to find mosques close to a hotel in Ankara. The thing is: the building is not a hotel (I found out afterwards);
  • osm-search from Bellingcat (https://osm-search.bellingcat.com/): basically Overpass turbo but without having to write the queries yourself and a feature to see aerial views of all matching elements;
  • Artificial intelligence to locate the picture at https://labs.tib.eu/geoestimation/
Results with osm-search
Result with AI GeoEstimation

After a while, I tried to guess the word on the sign. Given its size, it should be a 5-letter word. Let’s go to https://www.crosswordsolver.org/solve/--end

The most plausible word is “trend”.

Let’s type “VIP Trend Ankara” on Google. Surprise, we find this website: https://www.viptrendresidence.com/

Searching for the address and going to street view, we finally find (link to street view):

VIP Trend residence inAnkara

Geolocation done. Let’s move to image 4.

Geolocation of image 4

Image 4

I tried a few things, which did not work, and figured out that one could only be found after having geolocated the hotel. So I skipped it.

Geolocation of image 5

Image 5

This is a balcony view from the hotel.

What can we see in this picture:

  • A major trunk link;
  • Several tall buildings, one being very close on the left;
  • A sign with a word that looks like “Özol”;
  • Several skycrapers in the background, very far away.

Things I tried without success:

  • Google Earth. I spent a considerable amount of time on Google Earth trying to locate the skycrapers in the background. The resolution is not sufficient to identify them but there is a typical series of towers. However, at some point, I realised most buildings were flat in Google Earth and I could not find the alignment I was looking for;
  • Flight simulator on Google Earth: fly a plane above Ankara to identify the buildings. My flying skills were not good enough to achieve anything significant;
  • Google Maps: no success;
  • Skydb (https://www.skydb.net/): a database of tall buildings. Could be useful but not for me here;
  • Overpass turbo: looking for a hotel close to a trunk link. Never found it.

For information, this is the query on Overpass Turbo to search hotels 300m away from trunk links:

// Get all hotels
( nwr[tourism=hotel]({{bbox}});
)->.hotels;
// Get all trunk links around those hotels
way(around.hotels:500)[highway=trunk_link]->.links;
// Get all hotels around the trunk links
( nwr.hotels(around.links:500);
)->.matchinghotels;
// display result
(.matchinghotels; .links;);
out geom;

If you are curious about the flight simulator mode on Google Earth, you can watch this tutorial.

Tutorial Flight Simulator Google Earth

OK, so what can we do if we can’t find up-to-date 3D images? We can use drones!

Searching for “drone video Ankara” on Youtube, I found this video: https://www.youtube.com/watch?v=IaP_4Fb6wLE

At 5'27'’, this is what you can see:

Drone image around the Kotacepe mosque in Ankara

The building on the right seems familiar, doesn’t it? This is actually the one on the left here:

The building we see on the drone video

Now, things become easy.

Let’s head to BingMaps, rotate the map so that the big tower is behind the Kotacepe mosque and try to find that building. This is what we see:

Satellite image of Kotacepe mosque in Ankara

Two buildings look familiar: the tower we were looking for and the one with the green roof we can see below. Moreover, we can also see the trunk link on the aerial view.

2 buildings can be easily identified

The hotel we are searching for is this one:

Latanya hotel in Ankara

The answer is: latanya-hotel-ankara-+903124168800

Conclusion

A very good CTF challenge to test your GEOINT skills. I used lots of different tools but, in the end, it’s sometimes the most basic ones that work.

PS: the image I found in the drone video is what you see when you type “Ankara” on GoogleMaps:

Ankara on GoogleMaps

So much effort when the solution was right in front of me.

#OSINT #CTF #Geolocation #Hacktoria

Osint
Geoint
Geolocation
Ctf
Hacktoria

--

--

Jeremy K
OSINT TEAM
Follow

Written by Jeremy K

152 Followers

Innovation specialist, AI expert, passionate about OSINT and new technologies. Sharing knowledge and concrete use cases matter to me.

Follow

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams