Cyberstorm 2025 Writeup: NAAMI CHYAAAAN [by Windows 9/11]

Category: OSINT (Open Source Intelligence)
Difficulty: Easy
Author: Nayanesh
Date: April 01,2025
CTF Writeup: NAAMI CHYAAAAN OSINT Challenge
Challenge Description
Name of Challenge: NAAMI CHYAAAAN
Sanji has been kidnapped! The only Straw hat whom he can contact is Nami-chan, the expert Navigator! Give her Sanji's exact coordinates so she can bring God Usopp to help! Note: Negative coordinates have to be entered with the negative sign
FLAG FORMAT: REDFOX{XX.xxxxxxx_YY.yyyyyyy}
Initial Clues & Analysis
The challenge required finding the exact coordinates of the location. In the image, I noticed a hotel name, "PANADERIA LA INTERNACIONAL," along with a bakery logo, confirming that it was a bakery shop. My initial plan was to locate this place using Google Lens or by searching for the bakery on Google Maps.
Initial Google Search
I began by performing a reverse image search on Google Images to see if it could provide any relevant results. However, after scrolling through multiple results, I reached a dead end.
Next, I searched for the bakery's name on Google Maps. This led to two locations with the same name, requiring further investigation to determine the correct one.
The creator also mentioned that if the co-ordinates are negative, put the co-ordinates along with the negative sign (-) while entering the flag .
Investigation Path
Step 1: Initial Attempt Using Coordinates
At first, I tried entering the coordinates directly, but I realized that we needed to find the exact coordinates where the image was taken, not just the general location.
Step 2: Identifying the Bakery Location
The bakery was situated at an intersection, so I used Google Maps and manually placed a pin by long-pressing the mouse. This provided coordinates with five decimal places. However, the flag format required seven decimal places. To refine this, I right-clicked to retrieve coordinates with up to 14 decimal places, then rounded them to seven decimal places before entering the flag. Unfortunately, this approach didn’t work.
Step 3: Multiple Coordinate Attempts
I attempted different coordinate variations with different rounding methods, but none of them were accepted as the correct flag. Switching to Street View and trying to extract the coordinates from there also didn’t yield the correct result.
Step 4: Analyzing Historical Street View Data
After several failed attempts, I explored the "See more dates" option in Street View. This led me to a past version of the location that featured the same bus and weather conditions as seen in the challenge image.
Step 5: Extracting the Correct Coordinates from the URL
While examining the Street View interface, I noticed that the URL contained coordinates with exactly seven decimal places. This was the key. By extracting these precise coordinates from the URL.
Finding the Flag
The flag was embedded in the URL of the location, including the negative sign. I extracted the exact coordinates from the URL and entered them in the required flag format:
Flag: REDFOX{-34.3459746_-58.7953325}
Tools & Resources Used
Google Maps (for location search and coordinate extraction)
Google Street View (for visual confirmation and historical data analysis)
Browser URL inspection (for retrieving precise coordinates)
Lessons Learned / Takeaways
Precision Matters: Small variations in coordinates can lead to incorrect results.
Street View’s Historical Data is Valuable: Older images can provide context that newer ones might not.
URL Inspection Can Reveal Hidden Information: Some tools embed crucial details in their URLs, which can be leveraged in OSINT investigations.
Subscribe to my newsletter
Read articles from Nayanesh directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
