Home Writeups DBZ OSINT
Easy 🏷 OSINT · CTF · Steganography 📅 20.05.2026 ⏱ ~15 Min Read

DBZ OSINT CTF – Walkthrough

An encrypted signal from the future. Dr. Gero's forgotten laboratory. Four flags hidden across social media, steganography, ZIP archives and CyberChef recipes — Dragon Ball Z meets real OSINT techniques.

0xRoshiSh3ll
0xRoshiSh3llTryHackMe Writeup · English
THM Room ↗

01Introduction

Future Trunks' time machine has intercepted a heavily encrypted transmission. The digital footprint leads straight to the forgotten ruins of Dr. Gero's hidden laboratory. Four flags are waiting to be decoded — scattered across social media, audio files, images and nested archives.

This room is a perfect entry-level OSINT CTF combining real-world techniques like Exiftool analysis, Base64 decoding, steganography with Binwalk and CyberChef recipes — all wrapped inside the Dragon Ball Z universe.

💡
Difficulty: Easy  |  Category: OSINT, Steganography, CTF  |  Flags: 4 + 1 Bonus

02Phase 1 – The Prince on X

We kick things off by analyzing the provided Transmission_1.mp3 with Exiftool. The metadata of the audio file contains a hidden clue — an X profile: @Cyber_Vegeta.

bash
exiftool Transmission_1.mp3
Exiftool Output
File Name                       : Transmission_1.mp3
Comment                         : Check @Cyber_Vegeta on X

→ X Profile found: @Cyber_Vegeta
🤖
On Vegeta's X profile we find clues about an abandoned concrete rock in the sea and a cryptic telemetry log — plus a Base64 string hiding in plain sight.

🔓 Decoding the Base64 String

The Base64 string from Vegeta's profile is decoded directly to reveal the very first flag:

bash
echo "VEVITXV2V0ZJM3lz..." | base64 -d
Base64 Decode — Flag 1
THM{Prince_Of_Saiyans}

→ Flag 1 secured!
👑
Flag 1 — Phase 1
THM{Prince_Of_Saiyans}
🔍
Technique: Exiftool metadata analysis on an MP3 file → Social media OSINT on X → Base64 decode.

03Phase 2 – Muten Roshi & The Red Ribbon Army

Next up is an image of KameHouse — Muten Roshi's iconic island villa. Running Exiftool on the image reveals another social media lead: the Instagram handle capsuletech_.

bash
exiftool kamehouse.jpg
Exiftool Output — KameHouse
Artist                          : capsuletech_
Comment                         : Find me on Instagram

→ Instagram: capsuletech_

📱 Instagram OSINT

The Instagram account capsuletech_ is a goldmine. It provides a second Base64 key and a massive clue about a militarized battleship-shaped island near Nagasaki. Decoding the key unleashes Flag 2:

Base64 Decode — Flag 2
THM{MutenRoshi_is_not_home}

→ Flag 2 secured!
🏝️
Flag 2 — Phase 2
THM{MutenRoshi_is_not_home}

💬 Chat Leak: Bulma vs. Vegeta

We then intercept a chat leak between Bulma and Vegeta. Bulma is furious about Vegeta reusing his passwords. Using the hint "9001", we successfully crack open capsule_backup.zip.

bash
unzip capsule_backup.zip
# Password: 9001
ZIP Contents
Archive:  capsule_backup.zip
  inflating: Transmission_2.mp3
  inflating: red_ribbon.PNG

→ Two new files extracted!

Exiftool on Transmission_2.mp3 points us to Mount Aso and another X account: @RRResearch_09. Hunting down this profile leads to a hidden comment containing Flag 3 and a password format hint: *******_******

Flag 3 — Hidden Comment on X
THM{Red_Ribbon_is_nothing}
Password format: *******_****** 

→ Flag 3 secured!
💀
Flag 3 — Red Ribbon Army
THM{Red_Ribbon_is_nothing}
🔍
Technique: Exiftool on MP3 + JPG → Instagram + X OSINT → ZIP with password 9001 → Comment hunting on social media.

04Phase 3 – Digging Deeper into Hashima

Connecting all the geographical puzzle pieces — coal mining, ghost fortress, battleship-like shape, proximity to Nagasaki — leads us straight to Hashima Island.

🏝️
Hashima Island (端島) — an abandoned Japanese coal island, known as "Battleship Island" due to its silhouette. UNESCO World Heritage Site. Exactly what the clues describe.

🦴 Binwalk on the Red Ribbon Image

Taking the advice to "dig deeper" literally — we run Binwalk on red_ribbon.PNG and strike gold: a hidden 7Zip archive embedded inside the image file.

bash
binwalk red_ribbon.PNG
Binwalk Output
DECIMAL       HEXADECIMAL     DESCRIPTION
-------------------------------------------------------

0             0x0             PNG image, 708 x 530, 8-bit/color RGBA, non-interlaced
91            0x5B            Zlib compressed data, compressed
543009        0x84921         7-zip archive data, version 0.4

→ Hidden 7Zip archive found!
bash
binwalk -e red_ribbon.PNG DONT WORK!

The password format hint from Phase 2 was *******_****** — 7 + 6 characters with an underscore. The context (Hashima Island) leads directly to the solution: hashima_island — and it worked perfectly!

bash
7z x _red_ribbon_image.jpg.extracted/22E09.7z -phashima_island
7Zip Extraction
Extracting: final_transmission.txt, labor_data.zip and more...

=== Dr. Gero's Notebook ===
The truth lies beneath the ash of Mount Aso...
Next password: Android_Factory_Aso_2026

→ Next password found!
Technique: Binwalk reveals hidden 7Zip archive inside JPG → Password derived from OSINT context → Lore text delivers the next password.

05Phase 4 – The Final Transmission

Using Android_Factory_Aso_2026 we unzip the final layers and reach Final_transmission.txt, which contains two distinct encrypted strings.

🔑 String 1: Base64

bash
echo "MTAwOQ==" | base64 -d
Base64 Decode
1009

→ Password for Labor_data.zip: 1009

🏆 String 2: Bonus Flag via CyberChef

The second, heavily obfuscated string required a two-step CyberChef recipe: ReverseFrom Base92 to unlock the bonus milestone:

🍳
CyberChef recipe: Reverse then From Base92 → reveals the bonus flag. You can find also a hint on Tryhackme
CyberChef Output — Bonus Flag
FLAG{MISSION_ACCOMPLISHED_2026}

→ Bonus milestone unlocked!
🌟
Bonus Flag — Mission Accomplished
FLAG{MISSION_ACCOMPLISHED_2026}

🏁 Final: Labor_data.zip

Using the password 1009 we open the final archive Labor_data.zip, concluding the story arc. One last Base64 decode reveals the ultimate final flag:

bash
unzip Labor_data.zip  # Password: 1009
echo"VEhNe0RCWl9pc190aGVfYmVzdF9BbmltZX0KCQkJCQkJCQk= | base64 --decode
Final Base64 Decode — THE Flag
THM{DBZ_is_the_best_Anime}

→ Mission Complete! All flags captured. Access granted. 💀
🐉
FINAL FLAG
THM{DBZ_is_the_best_Anime}
👑
Mission Accomplished. All four flags captured. Dr. Gero's lab is compromised. Future Trunks can rest easy. Access granted. 💀

06All Flags

👑
Flag 1 — Phase 1: The Prince on X
THM{Prince_Of_Saiyans}
🏝️
Flag 2 — Phase 2: Muten Roshi
THM{MutenRoshi_is_not_home}
💀
Flag 3 — Phase 3: Red Ribbon Army
THM{Red_Ribbon_is_nothing}
🌟
Bonus Flag — Mission Accomplished
FLAG{MISSION_ACCOMPLISHED_2026}
🐉
Final Flag — Dr. Gero's Lab
THM{DBZ_is_the_best_Anime}

07Conclusion & Key Takeaways

DBZ OSINT is a perfect room for anyone starting out with OSINT and CTF challenges. No complex exploits needed — just open eyes, systematic enumeration and the knowledge of where to look.

  • Always run Exiftool on every file — metadata leaks are a classic OSINT goldmine
  • Social media is a target surface — profile bios, posts and comments all hide clues
  • Binwalk reveals hidden files — images often contain embedded archives
  • Context solves passwords — OSINT research on the theme gives you the key
  • CyberChef is your Swiss Army knife — chain operations like Reverse + From Base92
  • Password hints matter — format clues like *******_****** narrow it down fast
📚
← All Writeups 📋 Overview Next Writeup →