secure-communications [Unbreakable 2024]

writeup by: zenbassi

Challenge Description

We captured some pretty bizzare looking communications, but part of them are encrypted.

Can you help?

Flag Format: CTF{sha256}


We opened the .pcapng file in Wireshark. Inspecting the packet’s hierarchy, we see some packets sent over websocket. Sorting by size we find a TLS Secrets Log File. This can be used to decrypt the communications and find the flag.


The payload of the top 2 packets by size contain the TLS Secrets Log File 1. We extracted the payload from the two packets, saved it as a text file and imported the file into Wireshark (Preferences -> Protocols -> TLS -> (Pre)-Master-Secret log filename). The packets are now decrypted. Inspecting them, we find one in particular that holds the flag in plain text.