
So we're presented with a log file with a *ton* of information

..etc
We're looking for three messages that *should* stick out. Let's start trimming this down using grep. We see `244` repeated a lot, so we can probably rule that out
`grep -v 244 candump.log`

Similar to `244` we see `188` quite a bit, so we can rule that one out as well
`cat candump.log | grep -v 244 | grep -v 188`

That leaves us with (hopefully) the `lock`, `unlock` and `lock` messages in that order. We need the `unlock` timestamp, which is the middle one

---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]]
Tags: #car_hacking #canbus #ctf
Related: