Tools Required
Wireshark: This is a popular open-source network protocol analyzer used for capturing and inspecting data traveling over a network in real-time.
Solution
We are given the following file:
- talktome.pcap: contains network traffic via USB protocol
Open it with Wireshark
We see that the packets use the transfer type URB_ISOCHRONOUS, this transfer type is used for transmitting real-time information such as audio and video data, and must be sent at a constant rate.
Next we’ll want to export all the ISO data from this field with tshark
tshark -r talktome.pcap -T fields -e usb.iso.data | tr -d '\n' | xxd -r -p > audio.rawThen import the raw data we saved to audio.raw into Audacity and adjust the configuration options to hear the sound clearly.
You should get an audio that looks like this, listen to it and put each character together to get the complete flag: MetaCTF{4_l1ttl3_b1rd_t0ld_m3}
