# Can you hear me now?
**Category**: Ground Segment
**Points (final)**: 59 points
**Solves**: 75
> LaunchDotCom's ground station is streaming telemetry data from its Carnac 1.0 satellite on a TCP port. Implement a decoder from the XTCE definition.
**Given files**: `telemetry.zip`
## Write-up
by [erin (`barzamin`)](https://imer.in).
The provided zip file contains `telemetry.xcte`, an [XTCE](https://www.omg.org/xt) file defining the telemetry protocol streaming from the challenge server.
XTCE is a XML-based protocol description format, used to provide a machine-readable definition of the bit layout in a telemetry stream. I could use COSMOS to load this XTCE definition, but instead I just figured out what the XTCE file meant (without really reading the XTCE specification, because nobody has time for that) and wrote a quick decoder by hand. I have never touched XTCE before this and only briefly looked at CCSDS during a rocketry project for school before deciding not to use it, so any knowledge I have about it comes from things like "google" and "[NASA presentations from 2008](https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20090017706.pdf)" and "definitely legitimately obtained specification pdfs".
I captured some telmetry data from the server by running
```
(cat THE_TICKET) | nc hearmenow.satellitesabove.me 5032 > data
```
`telemetry.xtce` describes every packet in the payload is headed by a header of the form (apparently, "abstract" things in XTCE are an instanceable template for a description of parameters; this one gets instanced in every packet as the header):
```{.xml}
```
The `parameterRef`s point to `xtce:Parameter`s in the `xtce:ParameterSet` nearer the top of the file; the parameters in the header are defined there as
```{.xml}
```
The `{n}BitInteger` parameter types are defined further up in the file as exactly what you'd expect them to be. We now know what packet headers look like; let's look for something flag related. A `Flag Packet` is defined in several places in the file (once as an "abstract" packet, which I don't really understand the significance of); it contains a body of parameters `FLAG1` through `FLAG120`, all defined upfile as 7-bit integers
```{.xml}
```
The header associated with the flag packet is
```{.xml}
```
The APID is specific to the flag packet; we can just search for it in the stream and decode from there. I threw together some python (using `bitflags`) to decode the flag from the data I recorded:
```{.python}
from bitstring import Bits, BitArray, ConstBitStream
b = ConstBitStream(filename='./data')
packetlocs = list(b.findall('0x0066'))
print(f"found packets: {packetlocs}")
for loc in packetlocs:
b.pos = loc
ver = b.read(3).uint
ty = b.read(1).bin
sec_hd = b.read(1).bin
apid = b.read(11).uint
gp_flags = b.read(2).bin
ssc = b.read(14).uint
plength = b.read(16).uint
print(ver, ty, sec_hd, hex(apid), gp_flags, ssc, plength)
flag = []
for i in range(120):
flag.append(chr(b.read(7).uint))
print(''.join(flag))
```
Which produced the flag:
```
λ ~/has/cyhmn
» python decode.py
found packets: [600, 1904, 3208]
0 0 0 0x66 11 1919 94
flag{delta98823mike:GAFbfoYquKzWaSFdWeYHGMDosGaBTnMbwD_kqwuj
MhhNPaA9t7Iay8GY6CdGUwrYVa_AetBJEqJ6XO1XHl0kbHA}OP`P<
```
## Resources and other writeups
- https://www.omg.org/xt
- https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20090017706.pdf
- https://bitstring.readthedocs.io/