Page 1 of 2
Smell as Sweet
Posted: Mon Mar 09, 2009 10:48 am
by PeterS
Wireshark is definately some kick-ass software. It helped me to get the answer within a few minutes.
How did you solve this challenge?
Posted: Mon Mar 09, 2009 11:34 am
by gfoot
I think I manually cut it up by spotting HTTP responses and PNG headers - it didn't take long, but using the right tool would have been more reliable.
Posted: Mon Mar 09, 2009 4:36 pm
by m!nus
wireshark was definitely the easier method :)
Posted: Mon Sep 07, 2009 4:51 pm
by ftfish
i also did it by searching for png headers.
i know i can open the file with wireshark, but i wonder how i can use wireshark to get the answer.
could you please give me a instruction? thanks!
Posted: Sat Sep 12, 2009 3:51 pm
by bearson
m!nus wrote:wireshark was definetly the easier method
agree!
it has 'export' ability.
Posted: Wed Mar 10, 2010 8:42 pm
by basty
Wow, this challenge is one of my favorits. It costs me round about 5 min., but thats not why I like it^^
> file -L file_20080914 give me the right hint. Than open the file in Whireshark and simple export the paket streams: done!
Posted: Tue Jun 15, 2010 9:11 pm
by markobr
Interesting - I didn't know nor find out that wireshark works this way round, too. But I did find out that vim has a mode for binary editing. Getting everything correct this way did take a few minutes more I think, but worked well enough.
Posted: Tue Sep 28, 2010 11:48 pm
by zjorzzzey
Just finished this one simply using a hexeditor.
From the html on top I derived there were a few packages that repeated very often in the file. After removing these it was just splitting the file into the different png, ico and html files.
Wireshark would have been easier though...
Posted: Wed Oct 20, 2010 10:48 pm
by Entropy|Immortal
tcpflow to sort the packages, then foremost to extract the images.
Extracting the html was a bit more tricky:
to find out where to look and
Code: Select all
cat dump | head -n 81 | tail -n +8 > file.htm
to extract these lines.
Wireshark would have been easier though^^
Posted: Mon Nov 08, 2010 6:56 pm
by nighthalk
at first i tried just dumping all the pngs (since the html was obviously a single packet so you knew where to start and stop) but the background image was corrupt. assuming it was important (silly me) i then started writing my throw away program
i wrote my own packet parser from scratch using wireshark as a guide (i didnt know how to import/export packets at the time so i reversed the protocols) and dumped each "file" worth of a packet. lucky for us it didnt do anything tricky like packets out of order or dropped/unsolicited packets though i still havent figured out the first 0x18 bytes but i assume its some kind of router packet protocol, since it only happened once i just ignored it.
Posted: Sun Jul 17, 2011 11:52 am
by moose
This challenge was great! Thanks for it!
Posted: Mon Aug 08, 2011 10:19 am
by AMindForeverVoyaging
So you didn't need the background image at all? Huh.
I guess the easiest and the fastest way to solve this is simply to make one educated guess. Just open file_20080914 in a text editor, read the line "the answer, my friend, is" and from there on you need neither Wireshark nor the C program I wrote to extract the .png files...
By the way, can somebody who understands Javascript explain to me how the "encoding" of the solution actually works here? I thought at first that the images would be moving around on the screen, and in conjunction with the background would reveal the answer when you look at them in the right moment or something... but obviously that is not how it works?
Posted: Mon Sep 12, 2011 4:22 pm
by livinskull
Hexeditor
Extracted html and first 3 pngs, was enough to figure out the answer =)
Posted: Sun Jan 29, 2012 4:23 pm
by aurora
wireshark rocks ... it got the job done.
pngcheck - another possible tool
Posted: Tue Dec 10, 2013 11:21 pm
by yourMom
Wow, I was puzzled on how to extract the png's, but I managed to solve it after finding pngcheck from another challenge (and the funny thing is, I haven't solved that one yet
). Anyway, I haven't heard about wireshark - it definitely sounds promising.