Kevin sent me a file with some hidden message. Help me recover this secret from this bizzare network.

given : bizz.pcap



In the given file, there are 1093 packets captured.

Some of those have strange contents. (see the picture)

It seems like hex values of ascii letters!

I found three packets (no. 16, 449, 961) which have content that seems like hex value.

As you can see, it starts with 50 4B 03 04 ...

and it is the file signature of zip file!


so I extracted the hex values from three packets and concatenated them, made a file named (with this python script)

# 'text' is concatenated hex stream
a = text.decode('hex').decode('hex')
f = open('', 'w')


but it has an error, so i couldn't unzip the file.

the error was caused by python's file writing system.

the system automatically put '\x0d' just before every '\x0a'!! (sadly, I found out this after the CTF was finished)

after removing all '\x0d' before '\x0a', I succeeded in getting a clean zip file.



in the zip file, I got flag.png!



아니, python은 왜 자기 맘대로 0d를 붙여준걸까 그것만 아니였으면 1000pt 쉽게 땄는데... TT 이것도 다 좋은 경험이 되겠지!


+ Recent posts