Wiretapping 1 - Valentine CTF 2020

Wiretapping 1 - Writeup


The Challenge says that:

His phone was configured to connect automatically to all Bluetooth devices close to it, and it was equipped with a debugging software that he usually uses to troubleshoot connectivity issues in his devices.

He gives us a file with debugging information for further investigation (.pcapng file). So, most probably the flag is a clue about the kidnapper, maybe car’s bluetooth device name, or a kidnapper’s phone name.


Approach

Let’s open the file in Wireshark and investigate the packets.

This packet looks interesting, looks like the guy’s phone is trying to connect to a bluetooth device related to the kidnapper (Apple Device).

Let’s expand the packet and look at it closely:

As we can see, this part of the packet contains information about the destination device (Kidnapper’s car), which leads us to the kidnapper’s car name StevenHarveyCar, so the kidnapper is Steven Harvey, which is the flag.
[/spoiler]