Eavesdrop picoCTF 2022 Solution

Published: July 20, 2023

Description

A packet capture contains an encrypted attachment plus a plaintext conversation describing how to decrypt it. Follow the TCP streams in Wireshark to find the decrypt command, extract the binary data, and run openssl des3 to reveal the flag.

Open the PCAP in Wireshark. Browse packets until you see a TCP stream with readable chat text (port 9001).

Right-click a packet in the chat stream and choose Follow > TCP Stream to read the conversation.

The conversation includes the openssl decrypt command and the password.

Find the binary transfer on port 9002, follow that stream, save the raw data as a hex dump, then convert to binary with xxd.

Run the openssl command from the chat to decrypt the file.

bash
# In Wireshark: follow TCP stream on port 9001 to read the decrypt command
bash
# Follow TCP stream on port 9002, show data as Hex, copy and paste into xxd
bash
xxd -r -p file.hex file.des3
bash
openssl des3 -d -salt -in file.des3 -out flag.txt
bash
cat flag.txt

Solution

Want to try it yourself first?

The guided walkthrough reveals hints one step at a time.

Walk me through it
  1. Step 1
    Follow the chat stream
    Observation
    I noticed the PCAP contained multiple TCP streams on distinct ports, and some packets had small ASCII payloads consistent with a text chat, which suggested following that stream in Wireshark would reveal the plaintext conversation including the openssl command and password.
    In Wireshark, filter by port 9001 or browse packets with 41-byte payloads. Right-click a matching packet and choose Follow > TCP Stream. The conversation contains the openssl command and password in plain text.
    Learn more

    Wireshark's Follow TCP Stream reassembles all TCP segments from a conversation and displays the payload in order. Both sides of the chat are shown with different colors. The password and the exact openssl command to use both appear verbatim - there is no encryption on the chat channel, which is the vulnerability being demonstrated.

    Inside the chat stream, the password appears verbatim in one of the messages where one party tells the other how to decrypt the file. There is no key exchange, no key derivation - it is just typed into a TCP socket in cleartext. That is the entire vulnerability illustrated by this challenge.

  2. Step 2
    Extract the encrypted file and decrypt it
    Observation
    I noticed the chat stream on port 9001 referenced a separate binary transfer and provided an exact openssl des3 decrypt command with a password, which suggested the encrypted attachment was being sent over the other TCP stream on port 9002 and needed to be extracted and decrypted using those credentials.
    In Wireshark, follow the TCP stream on port 9002. Switch the display to Hex and copy the raw hex data. Use xxd -r -p to convert it to binary, saving the result as file.des3. Then run the openssl des3 decrypt command from the chat conversation to produce the plaintext flag file.
    bash
    # In Wireshark: follow TCP stream port 9002, show as Hex, copy all hex
    bash
    xxd -r -p file.hex file.des3
    bash
    openssl des3 -d -salt -in file.des3 -out flag.txt
    bash
    cat flag.txt

    Expected output

    picoCTF{nc_73115_411_0ee72...}
    What didn't work first

    Tried: Save the TCP stream from Wireshark using 'Save as' in raw mode instead of copying the hex manually

    Wireshark's 'Save as' for a TCP stream defaults to ASCII or mixed mode depending on the display setting, which corrupts binary data with newline conversions. You must switch the display to 'Hex Dump' or 'Raw', copy the hex digits, and feed them through xxd -r -p to get a clean binary file.

    Tried: Run openssl des3 -d without the -salt flag because the ciphertext might not have a salt header

    OpenSSL prepends the magic string 'Salted__' followed by 8 salt bytes when encryption uses -salt, which is the default. Omitting -salt on decryption causes openssl to misinterpret the first 16 bytes as IV material and produces garbled output with no error. The -salt flag tells openssl to read and discard that 16-byte header before decrypting.

    Learn more

    Wireshark can show stream data as raw hex. Copying that hex and converting it with xxd -r -p recreates the original binary file without needing tcpflow or tshark. The -r flag reverses the dump (hex to binary) and -p selects plain hex format with no address offsets.

    Triple DES applies DES three times per block. The openssl command the chat specifies uses des3 -d to decrypt, -salt to indicate the ciphertext has a random salt prepended, and -in / -out for the file paths. The deeper lesson: encryption without secure key exchange is useless. TLS solves this with Diffie-Hellman or RSA key exchange so the secret never traverses the wire in cleartext.

Interactive tools
  • Hex ViewerView text or raw hex bytes as a xxd-style hex dump with byte offset, hex columns, and ASCII sidebar. Highlights printable characters and null bytes.
  • Strings ExtractorPull printable text from any binary, library, or image. ASCII and UTF-16 detection, configurable minimum length, flag-like highlight, no command line needed.

Flag

Reveal flag

picoCTF{nc_73115_411_0ee72...}

A perfect example of why you should never discuss crypto keys in plaintext channels.

Key takeaway

Plaintext network protocols expose everything to anyone who can capture the traffic, so a packet capture that includes both an encrypted attachment and an unencrypted conversation about how to decrypt it hands the attacker the key alongside the ciphertext. Wireshark's Follow TCP Stream reassembles a conversation from individual packets into readable content, which is the core skill for protocol forensics. The real-world lesson is that confidentiality requires encryption in transit (TLS), because anything sent in the clear can be reconstructed off the wire.

Related reading

Want more picoCTF 2022 writeups?

Useful tools for Forensics

Do these first

What to try next