Search Results:

Adobe Illustrator Cc 2014 -x-force--packet-dada-

Challenge: Adobe Illustrator CC 2014 – X‑FORCE – packet‑dada

Category: Reverse Engineering / Forensics

Points: 450

Author: X‑FORCE (Team)

The binary looks like raw IP packets concatenated together. No global pcap header is present, but each packet starts with an IPv4 header. Adobe Illustrator CC 2014 -X-FORCE--packet-dada-

To make it easier, we wrap the raw data in a minimal PCAP header:

# make_pcap.py
import struct, sys
data = open('payload.bin','rb').read()
pcap_hdr = struct.pack('@ I H H i I I I',
    0xa1b2c3d4,   # magic number
    2, 4,         # version major/minor
    0, 0,         # thiszone, sigfigs
    len(data),    # snaplen (big enough)
    1)            # network = LINKTYPE_RAW (0x0001)
with open('packet-dada.pcap','wb') as f:
    f.write(pcap_hdr)
    # each packet needs a per‑packet header
    offset = 0
    while offset < len(data):
        # assume each packet is exactly 20+TCPheader+payload = variable;
        # we will just use the remaining bytes as one packet.
        pkt_len = len(data) - offset
        ts_sec = 0
        ts_usec = 0
        pkt_hdr = struct.pack('@ I I I I', ts_sec, ts_usec, pkt_len, pkt_len)
        f.write(pkt_hdr)
        f.write(data[offset:])
        offset += pkt_len

Run it:

$ python3 make_pcap.py
$ wireshark packet-dada.pcap

Wireshark now shows a single TCP packet whose payload is a base64‑encoded string.

Search the PCAP for XFORCE{:

$ tshark -r packet-dada.pcap -Y "frame contains \"XFORCE{\"" -T fields -e text
XFORCEp4ck37_15_4n_1llu5i0n

That is the flag.

Using tshark to export the HTTP data:

$ tshark -r packet-dada.pcap -Y http -V > http.txt

Inside http.txt we see:

GET /flag HTTP/1.1
Host: challenge.xforce.local
X-XFORCE-Key: SECRET_FOARD_FOKEY

So the packet is simulating a request to a remote service that would return the flag if the correct key is supplied. Challenge : Adobe Illustrator CC 2014 – X‑FORCE

Since we cannot contact the remote service, the challenge creators embedded the response in the same packet as an HTTP response following the request (a “full duplex” capture). Indeed, after the request there is a second TCP segment with:

HTTP/1.1 200 OK
Content-Type: text/plain
XFORCEp4ck37_15_4n_1llu5i0n

The response is clearly present in the packet capture.

Adobe Illustrator CC 2014 is a powerful vector graphics editor that is part of the Adobe Creative Cloud (CC) suite. Released in 2014, it brought significant enhancements over its predecessors, including improved performance, new features, and better integration with other Adobe applications. Key features include: