moth/doc/2013-02-TF5/categories/netarch.txt

122 lines
2.9 KiB
Plaintext

archaeology
===========
This is the network archaeology category. Puzzles center around pulling
something out of a pcap file.
* Base64-encoded plaintext
* Image in pcap of HTTP
* Image in pcap of SMTP
* Image in pcap of proto b
* Image in pcap of out-of-order proto b
* Image in pcap of out-of-order w/NAK proto b
* Base64-encoded single-byte xor
* Base64-encoded 4-byte xor
* Base64-encoded 16-byte xor
* Image in pcap of 1-byte xor out-of-order w/NAK w/filler proto c
* Image in pcap of proto d, plus a token in the text
* Image in pcap of proto e, token in the text, and token in zip file
proto b
-------
01 1 octet SOH
xxxx 2 octets chunk number (monotonically increasing)
xx 1 octet chunk length
... <256 octets up to 255 bytes of data
xx 1 octet checksum (uint8 sum of all data bytes)
06 1 octet ACK
xxxx 2 octets chunk number
00 1 octet length 0
15 1 octet NAK
xxxx 2 octets chunk number
00 1 octet length 0
04 1 octet EOT
xxxx 2 octets chunk number
00 1 octet length 0
frob
----
* srand(0)
* xor each octet with rand() % argv[1]
proto c
-------
all packets are xored with a per-session randomly-selected key
offs len description
---- ---- -----------
00 2 c0 0c
02 2 packet length
04 1 opcode
05 1 00
06 data
opcode desc data
------ ---- ---------
01 Hello hostname(cstring), 60 bytes random
02 NOP ∅
04 Text Alice in Wonderland
05 Image part# (2 octets) + data
proto d
-------
all packets are xored with a per-packet randomly-selected key
offs len description
---- ---- -----------
00 1 00
01 1 opcode
02 2 packet length
04 2 sequence number
06 data
opcode desc data
------ ---- ---------
01 Hello hostname(cstring), 60 bytes random
02 NOP ∅
04 Text Alice in Wonderland
05 Image data
proto e
-------
16-byte xor key, applied to entire packet
offs len description
---- ---- -----------
00 1 opcode
01 1 compression type (0=none, 1=gzip)
02 2 packet length
04 2 sequence number
06 data
opcode desc data
------ ---- ---------
01 Hello hostname(cstring), 60 bytes random
02 C2 interactive shell
04 fopen 1:mode (0=read, 1=write)
1:fd
n:path
05 write 1:fd
4:offset
n:data
06 fclose 1:fd
08 NOP ∅