7f454c4648656c7
f454,aoooooooa,c464
8656,oY"c6c6f2c"Yo,2077
0100,oY000003003e0Yo,00c0
0000oo0000000000c00oo0000
0c00oo0000 N0X 0000oo0000
0f05oo5f3cf4ff711fboo20e1
400e`obb0638000100do'1500
ff71`obada545e0ado'f05b
0e73"YoooooooY"1ffe
bdf6f726c64210a
[main] [about me] [writeups] Made with ❤ by n0x
Clock 2 @ bucketctf 2023 (misc)
------ Description --------------------------------------------------------
One of my cybersecurity professors, Dr. Timely, randomly sent my this file
and said if I can decode the message he will give me an A in the class.
Can you help me out?
https://storage.ebucket.dev/clocks_hard.pcap
------ TL;DR --------------------------------------------------------------
Very similar to the previous challenge but the delta between the requests
are now between 0.1 and 0.10 seconds.
My first attempt was to test decimal to ascii, which did not give anything
conclusive. I then tried to define half of the values = 0 and
another half = 1 to be even closer to the first challenge.
------ Solution -----------------------------------------------------------
With tshark I get the different deltas between the requests with a field.
I put them in cyberchef to keep only the number of seconds that I want to parse.
Then i replaced [0-4] with 0 and [5-9] with 1.
And finally I decode the binary in my recipe to get the flag.
------ Flag ---------------------------------------------------------------
bucket{clocks_are_crazy_sometimes}
___________________________________________________________________________
[X] [github] [hackthebox] [root-me] [tryhackme] [ctftime]
I also do some photograhy (pcb/die, animals, landscapes, etc).
Feel free to check my Gurushots and Flickr profile