SIGINTCTF 2013 - PROtocol Writeup
In this challenge we have to connect to the server but instead using TCP as transport protocol the server used SCTP. So after connecting to it a wierd output has been provided. You could easly understand that was the flag but every chars has changed his position getting the flag shuffled. Analyzing the traffic with tshark I saw that the chars’ original position was taken by the SID of their data chunk, for example:
-- DATA CHUNK --
...
SID=0x0005
...
Value='N'
This means that char N was at 5th place in the original string. Filtering the SID with tshark is easy:
tshark -R "sctp" -Tfields -e "sctp.data_sid"
Running this while you ar connecting to the server will give you the SID that tshark has obtained. Now we have the SIDs and their corrisponding value (server’s output) now just reconstruct the string with this little perl script:
#!/usr/bin/perl
@int=(0x0058,0x0020,0x003e,0x0013,0x0019,0x0065,0x005f,0x000d,0x0023,0x005e,0x0007,0x004d,0x0012,0x0040,0x000a,0x0039,0x0068,0x0064,0x0046,0x0003,0x002a,0x003c,0x003a,0x0022,0x0063,0x0052,0x0053,0x0034,0x0038,0x002c,0x0018,0x002d,0x0044,0x0001,0x003b,0x0055,0x0042,0x0035,0x005b,0x0056,0x002f,0x0009,0x0043,0x0036,0x0024,0x0067,0x0054,0x001d,0x001e,0x003d,0x0021,0x0016,0x0059,0x0029,0x0032,0x0027,0x004f,0x0069,0x0066,0x0062,0x002b,0x0017,0x0002,0x005c,0x004c,0x0050,0x0051,0x0006,0x0026,0x004a,0x0008,0x0060,0x000f,0x0011,0x001f,0x002e,0x0030,0x003f,0x0047,0x004e,0x0049,0x0048,0x0041,0x005d,0x0004,0x000c,0x0037,0x005a,0x006a,0x0028,0x0057,0x001a,0x0045,0x0015,0x0010,0x0014,0x004b,0x0031,0x0025,0x0000,0x0033,0x001c,0x001b,0x0061,0x000b,0x000e,0x0005);
$str="5cdcf96950d5ec32538I47c3f7a359315Ie0a2045118afc61ff38a92dc24d0Gd029_2b93a6c762abd89eN8dbdd71dcfda0bSbec524T";
@crap=split //,$str;
for($i=0;$i<=$#int;$i++){
for($j=0;$j<=$#int;$j++){
if($i==$int[$j]){
print $crap[$j];
}
}
}
print "\n";
Razor4x