![b4f858a1a3f7d7720580c13eee371000.png](94094d9c56064b2f834c67e419dfb28a.png) So we're presented with a log file with a *ton* of information ![24aa8bcc13adb51588999d3164862011.png](1e55e8f521014a8c9cb7c3da62451fda.png) ..etc We're looking for three messages that *should* stick out. Let's start trimming this down using grep. We see `244` repeated a lot, so we can probably rule that out `grep -v 244 candump.log` ![ca2d11c50b1fe5590be90c6054a2316e.png](24244a5887d344ce9bfcfd6390ac0100.png) Similar to `244` we see `188` quite a bit, so we can rule that one out as well `cat candump.log | grep -v 244 | grep -v 188` ![4d4b3739fed32a0fc448546639de286c.png](2fffbe8c113b4bd7943b019982f7314c.png) That leaves us with (hopefully) the `lock`, `unlock` and `lock` messages in that order. We need the `unlock` timestamp, which is the middle one ![8f4eac1753d7e0dde585d79cc15a1401.png](4cca74db1dca4ec396c9cee5313a65d5.png) --- Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]] Tags: #car_hacking #canbus #ctf Related: