back to home

OGN Challenge #4

This challenge can be found when Sally and Eli get out from their capsule.

The Setup

We've intercepted the network communications between a security sensor near the mass driver and the central control system. See if it detected any suspicious activity ... we might need to get rid of that evidence later.

You will get a .pcap network traffic file.

The Worm

Open the .pcap file in Wireshark to analyze the network traffic.

Examining the ASCII content of the first few packets reveals an anomaly in packet 7:

Integrity violation in memory region 0x7fffffffdab0: detected byte 0x4b (K)

Filter for these messages by entering frame contains "Integrity" in the display filter.

Looking through the filtered packets, you'll notice the memory region addresses increase, the detected bytes change, and the characters in parentheses spell out a KEY{xxxxxx} flag.