7f454c4648656c7
f454,aoooooooa,c464
8656,oY"c6c6f2c"Yo,2077
0100,oY000003003e0Yo,00c0
0000oo0000000000c00oo0000
0c00oo0000 N0X 0000oo0000
0f05oo5f3cf4ff711fboo20e1
400e`obb0638000100do'1500
ff71`obada545e0ado'f05b
0e73"YoooooooY"1ffe
bdf6f726c64210a
[main] [about me] [writeups] Made with ❤ by n0x
Clock @ bucketctf 2023 (misc)
------ Description --------------------------------------------------------
One of my cybersecurity professors, Dr. Timely, randomly sent my this file
and said if I can decode the message he will give me an A in the class.
Can you help me out?
https://storage.ebucket.dev/clocks_medium.pcap
------ TL;DR --------------------------------------------------------------
In the PCAP file, we have a lot of ICMP requests without any data. We can
notice however that they are sent at very precise delays from each
other, either 1 second interval or 5 seconds.
Having only 2 states, we can imagine binary. Morse code could also have
been a possibility if a third state was present.
------ Solution -----------------------------------------------------------
With tshark I get the different deltas between the requests with a field.
I put them in cyberchef to keep only the number of seconds that I want to parse.
Then i replaced 0.1 with 0 and 0.5 with 1 (i had luck it could have been the other way around).
And finally I decode the binary in my recipe to get the flag.
------ Flag ---------------------------------------------------------------
bucket{look_at_the_times_sometimes}
___________________________________________________________________________
[X] [github] [hackthebox] [root-me] [tryhackme] [ctftime]
I also do some photograhy (pcb/die, animals, landscapes, etc).
Feel free to check my Gurushots and Flickr profile