From 38ccedc85f26ec49f883f2fc502eaff9b6405ea8 Mon Sep 17 00:00:00 2001
From: David Kaufmann <astra@ionic.at>
Date: Wed, 13 Jan 2016 03:35:46 +0100
Subject: [PATCH] solved exercise2

---
 exercise2.tex                        |  4 +++-
 exercise2/task2/parse_stream_data.py | 24 ++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100755 exercise2/task2/parse_stream_data.py

diff --git a/exercise2.tex b/exercise2.tex
index 7dcab36..d9faa04 100644
--- a/exercise2.tex
+++ b/exercise2.tex
@@ -81,5 +81,7 @@ for i in large_flow_*.csv ; do ./../../only_decimal.sh $i > ${i\%.csv}.dehexed.c
 
 ./autocorrelate.sh | grep -v "All values are identical" | sort -k2
 
-./autocorrelate.sh
+-> ./parse_stream_data.py
+
 \section{Rep:2.c}
+Agent South was captured! Aborting operation. (Agent Scott)
diff --git a/exercise2/task2/parse_stream_data.py b/exercise2/task2/parse_stream_data.py
new file mode 100755
index 0000000..997a7e4
--- /dev/null
+++ b/exercise2/task2/parse_stream_data.py
@@ -0,0 +1,24 @@
+#!/usr/bin/python
+
+from pprint import pprint
+
+# field value 17 was UDP, but autocorr.py could not handle strings
+# field value 1 was ICMP
+# cat large_flow_02.dehexed.csv | cut -d, -f 5 | sed 's/"//g' | sed 's/17/0/' > bits
+# looked almost like text, so inverted the bits^^
+fullstr = "000110011001101111001010110110110101110111011011010001111111111100111010111101110100110010101010001010010101010110100111000110001111000100011100011100010100011010000111111001111011100100110001110100001111100000101101011001101111110110000111010000011001101100011101111011011110010000111101101101011110110110100110000011100101110101000100011000011111000001001110110000101000001100011001101011111001110011001111110111001000101111011010000110001010000110011111011000111000001011110000"
+
+bytes = bytearray()
+
+bytelist = [ fullstr[i:i+8] for i in range(0, len(fullstr), 8) ]
+
+solution = ""
+
+for bchar in bytelist:
+    b = int(bchar, 2)
+    bytes.append(b)
+
+with open('stream_encrypted', 'wb') as outfile:
+    outfile.write(bytes)
+
+# openssl enc -d -rc4 -nosalt -k nSa123 -in stream_encrypted
-- 
2.43.0