Decoding the flag for Flare-On 2019 Lvl 4

solution.py

import dpkt
import struct
import socket

def int2ip(addr):
    return socket.inet_ntoa(struct.pack("!I", addr))

def dnsqueries(filename):
	addrs = []
	for ts, pkt in dpkt.pcap.Reader(open(filename,'r')):
		try:
			eth = dpkt.ethernet.Ethernet(pkt)
		except:
			continue
		if eth.type != 2048:
			continue
	    #make sure we are dealing with UDP protocol
		try:
			ip = eth.data
		except:
			continue
		if ip.p != 17:
			continue
		try:
			udp = ip.data
		except:
			continue
		if udp.sport != 53 and udp.dport != 53:
			continue
		try:
			dns = dpkt.dns.DNS(udp.data)
		except:
			continue
		if dns.qr != dpkt.dns.DNS_R:
			continue
		if dns.opcode != dpkt.dns.DNS_QUERY and dns.opcode != dpkt.dns.DNS_R:
	 		continue
		if dns.rcode != dpkt.dns.DNS_RCODE_NOERR:
			continue
		for answer in dns.an:
			addrs.append(struct.unpack("!I", answer.ip)[0])

	return addrs


def getInterestingData(filename):
	return open(filename, 'rb').read()[0x2020:0x2020+30]

def b3(v):
	return (v >> 0) & 0xff

def b2(v):
	return (v >> 8) & 0xff

def b1(v):
	return (v >> 16) & 0xff

def b0(v):
	return (v >> 24) & 0xff

def decode(addrs, data):
	l = 30
	res = ['']*l
	for i in range(l//2):
		addr = None
		for a in addrs:
			if b3(a) & 1 != 0 or i != b2(a) & 0xf:
				continue
			else:
				addr = a
				break
		else:
			print("Not found!")
			break

		idx = i
		addr_b = (b1(addr)) & 0xff
		res[idx*2]     = chr(ord(data[idx*2])    ^ addr_b)
		res[idx*2 + 1] = chr(ord(data[idx*2 +1]) ^ addr_b)

	return ''.join(res)

if __name__=='__main__':
	addrs = dnsqueries('capture.pcap')
	data = getInterestingData('ChessAI.old.so')
	print(decode(addrs, data)+'@flare-on.com')