← Back to Writeups

misc/ebe | LACTF 2023

Ruien Luo, Sun Feb 12 2023 • Tags: misc, LACTF 2023

This challenge was part of LACTF 2023, where asmhole placed 33rd out of nearly 1,400 teams.

Challenge description

Author: burturt
I was trying to send a flag to my friend over UDP, one character at a time, but it got corrupted! I think someone else was messing around with me and sent extra bytes, though it seems like they actually abided by RFC 3514 for once. Can you get the flag?

Challenge Files Mirror: EBE.pcap

Solution

The first clue for this challenge came in the description. "They actually abided by RFC 3514." RFC 3514 is a joke RFC that proposes for all 'evil' network packets, such as from attacks, 'set' the evil bit in all evil traffic (actually the Reserved bit flag in UDP).

evilbitexp

Pretty self explanatory, actually.

When we looked at the packets in the .pcap we were given in Wireshark, a majority of them had the evil bit set.

evilbitset

The evil bit is set in this packet

evilbitnotset

The evil bit is not set in this packet

I solved this (very inefficiently) by simply ignoring all the evil packets (CTRL/CMD + D in Wireshark) and assembling the flag from the single data byte in each non-evil packet.

databyte

Each non-evil packet has one data byte

Assembling all these together gives us the flag lactf{3V1L_817_3xf1l7R4710N_4_7H3_W1N_51D43c8000034d0c}.

Data bytes, assemble!

Questions/comments?

Send me an email at [email protected].