![b4f858a1a3f7d7720580c13eee371000.png](94094d9c56064b2f834c67e419dfb28a.png)
So we're presented with a log file with a *ton* of information
![24aa8bcc13adb51588999d3164862011.png](1e55e8f521014a8c9cb7c3da62451fda.png)
..etc
We're looking for three messages that *should* stick out. Let's start trimming this down using grep. We see `244` repeated a lot, so we can probably rule that out
`grep -v 244 candump.log`
![ca2d11c50b1fe5590be90c6054a2316e.png](24244a5887d344ce9bfcfd6390ac0100.png)
Similar to `244` we see `188` quite a bit, so we can rule that one out as well
`cat candump.log | grep -v 244 | grep -v 188`
![4d4b3739fed32a0fc448546639de286c.png](2fffbe8c113b4bd7943b019982f7314c.png)
That leaves us with (hopefully) the `lock`, `unlock` and `lock` messages in that order. We need the `unlock` timestamp, which is the middle one
![8f4eac1753d7e0dde585d79cc15a1401.png](4cca74db1dca4ec396c9cee5313a65d5.png)
---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]]
Tags: #car_hacking #canbus #ctf
Related: