can-you-hear-me-now
This commit is contained in:
parent
f74e6e08cc
commit
a3f496f677
|
@ -8,6 +8,7 @@
|
|||
- [aaaa/spacebook](aaaa/spacebook)
|
||||
- [comms/56k](comms/56k)
|
||||
- [comms/phasors-to-stun](comms/phasors-to-stun)
|
||||
- [ground-segment/can-you-hear-me-now](ground-segment/can-you-hear-me-now)
|
||||
- [ground-segment/i-see-what-you-did-there](ground-segment/i-see-what-you-did-there)
|
||||
- [payload/calendar](payload/calendar)
|
||||
- [payload/leakycrypto](payload/leakycrypto)
|
||||
|
|
|
@ -15,5 +15,6 @@
|
|||
\DeclareTextFontCommand{\textsymbol}{\symbolfont}
|
||||
\newunicodechar{⬡}{\textsymbol{⬡}}
|
||||
\newunicodechar{⊕}{\textsymbol{⊕}}
|
||||
\newunicodechar{↩}{\textsymbol{↩}}
|
||||
|
||||
\setmonofont{Noto Sans Mono}[Scale=0.9]
|
||||
|
|
|
@ -0,0 +1,111 @@
|
|||
# Can you hear me now?
|
||||
|
||||
**Category**: Ground Segment
|
||||
**Points (final)**: 59 points
|
||||
**Solves**: 75
|
||||
|
||||
> LaunchDotCom's ground station is streaming telemetry data from its Carnac 1.0 satellite on a TCP port. Implement a decoder from the XTCE definition.
|
||||
|
||||
**Given files**: `telemetry.zip`
|
||||
|
||||
|
||||
## Write-up
|
||||
by [erin (`barzamin`)](https://imer.in).
|
||||
|
||||
The provided zip file contains `telemetry.xcte`, an [XTCE](https://www.omg.org/xt) file defining the telemetry protocol streaming from the challenge server.
|
||||
|
||||
XTCE is a XML-based protocol description format, used to provide a machine-readable definition of the bit layout in a telemetry stream. I could use COSMOS to load this XTCE definition, but instead I just figured out what the XTCE file meant (without really reading the XTCE specification, because nobody has time for that) and wrote a quick decoder by hand.
|
||||
|
||||
I captured some telmetry data from the server by running
|
||||
```
|
||||
(cat THE_TICKET) | nc hearmenow.satellitesabove.me 5032 > data
|
||||
```
|
||||
|
||||
`telemetry.xtce` describes every packet in the payload is headed by a header of the form (apparently, "abstract" things in XTCE are an instanceable template for a description of parameters; this one gets instanced in every packet as the header):
|
||||
```{.xml}
|
||||
<xtce:SequenceContainer name="AbstractTM Packet Header"
|
||||
shortDescription="CCSDS TM Packet Header"
|
||||
abstract="true">
|
||||
<xtce:EntryList>
|
||||
<xtce:ParameterRefEntry parameterRef="CCSDS_VERSION"/>
|
||||
<xtce:ParameterRefEntry parameterRef="CCSDS_TYPE"/>
|
||||
<xtce:ParameterRefEntry parameterRef="CCSDS_SEC_HD"/>
|
||||
<xtce:ParameterRefEntry parameterRef="CCSDS_APID"/>
|
||||
<xtce:ParameterRefEntry parameterRef="CCSDS_GP_FLAGS"/>
|
||||
<xtce:ParameterRefEntry parameterRef="CCSDS_SSC"/>
|
||||
<xtce:ParameterRefEntry parameterRef="CCSDS_PLENGTH"/>
|
||||
</xtce:EntryList>
|
||||
</xtce:SequenceContainer>
|
||||
```
|
||||
|
||||
The `parameterRef`s point to `xtce:Parameter`s in the `xtce:ParameterSet` nearer the top of the file; the parameters in the header are defined there as
|
||||
```{.xml}
|
||||
<!-- Parameters used by space packet primary header -->
|
||||
<xtce:Parameter parameterTypeRef="3BitInteger" name="CCSDS_VERSION"/>
|
||||
<xtce:Parameter parameterTypeRef="1BitInteger" name="CCSDS_TYPE"/>
|
||||
<xtce:Parameter parameterTypeRef="1BitInteger" name="CCSDS_SEC_HD"/>
|
||||
<xtce:Parameter parameterTypeRef="11BitInteger" name="CCSDS_APID"/>
|
||||
<xtce:Parameter parameterTypeRef="2BitInteger" name="CCSDS_GP_FLAGS"/>
|
||||
<xtce:Parameter parameterTypeRef="14BitInteger" name="CCSDS_SSC"/>
|
||||
<xtce:Parameter parameterTypeRef="2ByteInteger" name="CCSDS_PLENGTH"/>
|
||||
```
|
||||
|
||||
The `{n}BitInteger` parameter types are defined further up in the file as exactly what you'd expect them to be. We now know what packet headers look like; let's look for something flag related. A `Flag Packet` is defined in several places in the file (once as an "abstract" packet, which I don't really understand the significance of); it contains a body of parameters `FLAG1` through `FLAG120`, all defined upfile as 7-bit integers
|
||||
```{.xml}
|
||||
<xtce:Parameter parameterTypeRef="7BitInteger" name="FLAGxxx"/>
|
||||
```
|
||||
|
||||
The header associated with the flag packet is
|
||||
```{.xml}
|
||||
<xtce:BaseContainer containerRef="AbstractTM Packet Header">
|
||||
<xtce:RestrictionCriteria>
|
||||
<xtce:ComparisonList>
|
||||
<xtce:Comparison parameterRef="CCSDS_VERSION" value="0"/>
|
||||
<xtce:Comparison parameterRef="CCSDS_TYPE" value="0"/>
|
||||
<xtce:Comparison parameterRef="CCSDS_SEC_HD" value="0"/>
|
||||
<xtce:Comparison parameterRef="CCSDS_APID" value="102"/>
|
||||
</xtce:ComparisonList>
|
||||
</xtce:RestrictionCriteria>
|
||||
</xtce:BaseContainer>
|
||||
```
|
||||
|
||||
The APID is specific to the flag packet; we can just search for it in the stream and decode from there. I threw together some python (using `bitflags`) to decode the flag from the data I recorded:
|
||||
|
||||
```{.python}
|
||||
from bitstring import Bits, BitArray, ConstBitStream
|
||||
|
||||
b = ConstBitStream(filename='./data')
|
||||
packetlocs = list(b.findall('0x0066'))
|
||||
print(f"found packets: {packetlocs}")
|
||||
|
||||
for loc in packetlocs:
|
||||
b.pos = loc
|
||||
ver = b.read(3).uint
|
||||
ty = b.read(1).bin
|
||||
sec_hd = b.read(1).bin
|
||||
apid = b.read(11).uint
|
||||
gp_flags = b.read(2).bin
|
||||
ssc = b.read(14).uint
|
||||
plength = b.read(16).uint
|
||||
|
||||
print(ver, ty, sec_hd, hex(apid), gp_flags, ssc, plength)
|
||||
|
||||
flag = []
|
||||
for i in range(120):
|
||||
flag.append(chr(b.read(7).uint))
|
||||
print(''.join(flag))
|
||||
```
|
||||
|
||||
Which produced the flag:
|
||||
```
|
||||
λ ~/has/cyhmn
|
||||
» python decode.py
|
||||
found packets: [600, 1904, 3208]
|
||||
0 0 0 0x66 11 1919 94
|
||||
flag{delta98823mike:GAFbfoYquKzWaSFdWeYHGMDosGaBTnMbwD_kqwuj↩
|
||||
MhhNPaA9t7Iay8GY6CdGUwrYVa_AetBJEqJ6XO1XHl0kbHA}OP`P<
|
||||
```
|
||||
|
||||
## Resources and other writeups
|
||||
- https://www.omg.org/xt
|
||||
- https://bitstring.readthedocs.io/
|
|
@ -128,3 +128,4 @@ This gives `3.781315936823621`; pasting this into the contest, we got the flag.
|
|||
- https://www.ibiblio.org/apollo/CMC_data_cards_15_Fabrizio_Bernardini.pdf
|
||||
- https://www.ibiblio.org/apollo/index.html#Playing_with_Colossus_
|
||||
- https://www.ibiblio.org/apollo/Documents/Apollo15_Colossus3_CMC_Data_Cards.pdf
|
||||
- https://bitstring.readthedocs.io/
|
Loading…
Reference in New Issue