Google CTF 2017 – Ascii Art Client (Reverse) – Write-Up

Description : This client displays nice ASCII Art, can it query anything else? The aart_client binary is the source of the traffic that was captured in aart_client_capture.pcap. Understand the network communication protocol and find the flag in the pcap! Provided files : aart_client (ELF 64 bits) aart_client_capture.pcap   [TL;DR] The flag was sent in a protobuf obfuscated communication over HTTP. Using reverse engineering and a bit of guessing, we found the flag in the permuted and xored HTTP response. We were the first to solve this challenge amongst the 31 teams who solved…Read more …