secure-communications [Unbreakable 2024]
Challenge Description
We captured some pretty bizzare looking communications, but part of them are encrypted.
Can you help?
Flag Format: CTF{sha256}
Intuition
We opened the .pcapng file in Wireshark. Inspecting the packet’s hierarchy, we see
some packets sent over websocket. Sorting by size we find a TLS Secrets Log File.
This can be used to decrypt the communications and find the flag.
Solution
The payload of the top 2 packets by size contain the TLS Secrets Log File 1. We extracted the payload from the two packets, saved it as a text file and imported the file into Wireshark (Preferences -> Protocols -> TLS -> (Pre)-Master-Secret log filename). The packets are now decrypted. Inspecting them, we find one in particular that holds the flag in plain text.
