Immobilized

Challenge

CAN bus trace analysis challenge. Multiple IDs, temporal relationships, XOR/decrypt probes, and PID inspection.

Solution

Key analysis code:

m = re.match(r'\((\d+\.\d+)\) vcan0 ([0-9A-F]+)#([0-9A-F]+)', line.strip())

# Build 5EC key material
key_5ec_noseq = b''
for ts, data in sorted(frames.get('5EC', []), key=lambda x: x[1][0]):
	key_5ec_noseq += data[1:]

# XOR stream experiments against 0C0 stream
oC0_stream = b''.join(data for _, data in frames.get('0C0', []))
xored = bytes(a ^ b for a, b in zip(oC0_stream, cycle(key_5ec_noseq)))

# Additional brute-force checks for flag-like prefixes
for flag_prefix in [b'flag{', b'ctf{', b'CTF{', b'FLAG{']:
	...

Flag

Not recovered in current notes.

Challenge​

Solution​

Flag​

Challenge

Solution

Flag