From 38ccedc85f26ec49f883f2fc502eaff9b6405ea8 Mon Sep 17 00:00:00 2001 From: David Kaufmann Date: Wed, 13 Jan 2016 03:35:46 +0100 Subject: [PATCH] solved exercise2 --- exercise2.tex | 4 +++- exercise2/task2/parse_stream_data.py | 24 ++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100755 exercise2/task2/parse_stream_data.py diff --git a/exercise2.tex b/exercise2.tex index 7dcab36..d9faa04 100644 --- a/exercise2.tex +++ b/exercise2.tex @@ -81,5 +81,7 @@ for i in large_flow_*.csv ; do ./../../only_decimal.sh $i > ${i\%.csv}.dehexed.c ./autocorrelate.sh | grep -v "All values are identical" | sort -k2 -./autocorrelate.sh +-> ./parse_stream_data.py + \section{Rep:2.c} +Agent South was captured! Aborting operation. (Agent Scott) diff --git a/exercise2/task2/parse_stream_data.py b/exercise2/task2/parse_stream_data.py new file mode 100755 index 0000000..997a7e4 --- /dev/null +++ b/exercise2/task2/parse_stream_data.py @@ -0,0 +1,24 @@ +#!/usr/bin/python + +from pprint import pprint + +# field value 17 was UDP, but autocorr.py could not handle strings +# field value 1 was ICMP +# cat large_flow_02.dehexed.csv | cut -d, -f 5 | sed 's/"//g' | sed 's/17/0/' > bits +# looked almost like text, so inverted the bits^^ +fullstr = "000110011001101111001010110110110101110111011011010001111111111100111010111101110100110010101010001010010101010110100111000110001111000100011100011100010100011010000111111001111011100100110001110100001111100000101101011001101111110110000111010000011001101100011101111011011110010000111101101101011110110110100110000011100101110101000100011000011111000001001110110000101000001100011001101011111001110011001111110111001000101111011010000110001010000110011111011000111000001011110000" + +bytes = bytearray() + +bytelist = [ fullstr[i:i+8] for i in range(0, len(fullstr), 8) ] + +solution = "" + +for bchar in bytelist: + b = int(bchar, 2) + bytes.append(b) + +with open('stream_encrypted', 'wb') as outfile: + outfile.write(bytes) + +# openssl enc -d -rc4 -nosalt -k nSa123 -in stream_encrypted -- 2.43.0