# Hacking Tube

## ASIS CTF Finals 2014 -- TicTac

Description: Find flag in this file

After extracting data in the compressed file, we found a .pcap file. Analyze the file with Wireshark, we found there're lots of ICMP packets in it. After checking those packets with eyes wide-open, we found some interesting stuff : one of the ICMP packet contains the following data: 7069636b206d653a204153

At first I just think that this might be a part of a md5-encrypted string. But then I found that other packets contains similar data, too. I found that there's data like 7069636b206d653a203635, 7069636b206d653a203965...etc. Notice that there's a slight difference between those strings: their last 4 characters are different.

So I take a good look at those strings, and found that those were actually a string represent as hex values. If we convert those hex values into characters, 7069636b206d653a20 will be pick me:. So the string 7069636b206d653a204153 will be pick me: AS. This discovery got my attention, so I kept searching data that contains 7069636b206d653a20, and found that not only ICMP, but also IPv4 protocol contains these data. So I deicided to use strings and grep to get those data out of the file, and here's the result:

Filter out the duplicate one, the final result will be like this:

We can see that there're totally 19 lines of data. Each data contains 2 characters in the flag, which means there're totaly 38 characters. The flag's format is ASIS_md5(xxx), which is a 37-characters string, so we can expect that if we combine the last 2 characters in each data, we'll know what the flag is. To do this, just write a python script and let the program do the rest.

Boom! CTF ;)

flag: ASIS_6d54a67659e45edbe63bbf909e6b183a