archaeology
===========

This is the network archaeology category.  Puzzles center around pulling
something out of a pcap file.
 
* Base64-encoded plaintext

* Image in pcap of HTTP
* Image in pcap of SMTP
* Image in pcap of proto b
* Image in pcap of out-of-order proto b
* Image in pcap of out-of-order w/NAK proto b

* Base64-encoded single-byte xor
* Base64-encoded 4-byte xor
* Base64-encoded 16-byte xor

* Image in pcap of 1-byte xor out-of-order w/NAK w/filler proto c
* Image in pcap of proto d, plus a token in the text
* Image in pcap of proto e, token in the text, and token in zip file


proto b
-------

    01      1 octet         SOH
    xxxx    2 octets        chunk number (monotonically increasing)
    xx      1 octet         chunk length
    ...     <256 octets     up to 255 bytes of data
    xx      1 octet         checksum (uint8 sum of all data bytes)

    06      1 octet         ACK
    xxxx    2 octets        chunk number
    00      1 octet         length 0

    15      1 octet         NAK
    xxxx    2 octets        chunk number
    00      1 octet         length 0

    04      1 octet         EOT
    xxxx    2 octets        chunk number
    00      1 octet         length 0


frob
----

* srand(0)
* xor each octet with rand() % argv[1]


proto c
-------

all packets are xored with a per-session randomly-selected key

    offs    len     description
    ----    ----    -----------
    00      2       c0 0c
    02      2       packet length
    04      1       opcode
    05      1       00
    06              data

    opcode  desc    data
    ------  ----    ---------
    01      Hello   hostname(cstring), 60 bytes random
    02      NOP     ∅
    04      Text    Alice in Wonderland
    05      Image   part# (2 octets) + data
    

proto d
-------

all packets are xored with a per-packet randomly-selected key
    
    offs    len     description
    ----    ----    -----------
    00      1       00
    01      1       opcode
    02      2       packet length
    04      2       sequence number
    06              data

    opcode  desc    data
    ------  ----    ---------
    01      Hello   hostname(cstring), 60 bytes random
    02      NOP     ∅
    04      Text    Alice in Wonderland
    05      Image   data


proto e
-------

16-byte xor key, applied to entire packet

    offs    len     description
    ----    ----    -----------
    00      1       opcode
    01      1       compression type (0=none, 1=gzip)
    02      2       packet length
    04      2       sequence number
    06              data

    opcode  desc    data
    ------  ----    ---------
    01      Hello   hostname(cstring), 60 bytes random
    02      C2      interactive shell
    04      fopen   1:mode (0=read, 1=write)
                    1:fd
                    n:path
    05      write   1:fd
                    4:offset
                    n:data
    06      fclose  1:fd
    08      NOP     ∅