Smell as Sweet

[PeterS]

Wireshark is definately some kick-ass software. It helped me to get the answer within a few minutes.
How did you solve this challenge?

[gfoot]

I think I manually cut it up by spotting HTTP responses and PNG headers - it didn't take long, but using the right tool would have been more reliable.

[m!nus]

wireshark was definitely the easier method :)

[ftfish]

i also did it by searching for png headers.
i know i can open the file with wireshark, but i wonder how i can use wireshark to get the answer.
could you please give me a instruction? thanks!

[bearson]

wireshark was definetly the easier method

agree!
it has 'export' ability.

[basty]

Wow, this challenge is one of my favorits. It costs me round about 5 min., but thats not why I like it^^
> file -L file_20080914 give me the right hint. Than open the file in Whireshark and simple export the paket streams: done!

[markobr]

Interesting - I didn't know nor find out that wireshark works this way round, too. But I did find out that vim has a mode for binary editing. Getting everything correct this way did take a few minutes more I think, but worked well enough.

[zjorzzzey]

Just finished this one simply using a hexeditor.
From the html on top I derived there were a few packages that repeated very often in the file. After removing these it was just splitting the file into the different png, ico and html files.

Wireshark would have been easier though...

[Entropy|Immortal]

tcpflow to sort the packages, then foremost to extract the images.

Extracting the html was a bit more tricky:

Code: Select all

cat -v dump | grep -n html

to find out where to look and

Code: Select all

cat dump | head -n 81 | tail -n +8  > file.htm

to extract these lines.


Wireshark would have been easier though^^

[nighthalk]

at first i tried just dumping all the pngs (since the html was obviously a single packet so you knew where to start and stop) but the background image was corrupt. assuming it was important (silly me) i then started writing my throw away program

i wrote my own packet parser from scratch using wireshark as a guide (i didnt know how to import/export packets at the time so i reversed the protocols) and dumped each "file" worth of a packet. lucky for us it didnt do anything tricky like packets out of order or dropped/unsolicited packets though i still havent figured out the first 0x18 bytes but i assume its some kind of router packet protocol, since it only happened once i just ignored it.

[moose]

This challenge was great! Thanks for it!

[AMindForeverVoyaging]

So you didn't need the background image at all? Huh.

I guess the easiest and the fastest way to solve this is simply to make one educated guess. Just open file_20080914 in a text editor, read the line "the answer, my friend, is" and from there on you need neither Wireshark nor the C program I wrote to extract the .png files...

By the way, can somebody who understands Javascript explain to me how the "encoding" of the solution actually works here? I thought at first that the images would be moving around on the screen, and in conjunction with the background would reveal the answer when you look at them in the right moment or something... but obviously that is not how it works?

[livinskull]

Hexeditor

Extracted html and first 3 pngs, was enough to figure out the answer =)

[aurora]

wireshark rocks ... it got the job done.

[yourMom]

Wow, I was puzzled on how to extract the png's, but I managed to solve it after finding pngcheck from another challenge (and the funny thing is, I haven't solved that one yet ). Anyway, I haven't heard about wireshark - it definitely sounds promising.