Skip to content

Camera Access⚓︎

Difficulty:
Direct link: Objective5.zip

⚓︎

image

Objective⚓︎

Request

Gain access to Jack's camera. What's the third item on Jack's TODO list?

Hints⚓︎

Hubris is a Virtue

In his hubris, Wombley revealed that he thinks you won't be able to access the satellite's "Supervisor Directory". There must be a good reason he mentioned that specifically, and a way to access it. He also said there's someone else masterminding the whole plot. There must be a way to discover who that is using the nanosat.

Solution⚓︎

Exploring⚓︎

Upon entering the Ground Station, a vending machine sits consipicuously to the left and when clicked, provides a zip file containing a docker container as well as README.md file and a build_and_run.sh. vendingmachine

README.md

North Pole VNC Workspace Container:
⚓︎

Install docker and then to build the image do:

docker build -t nmf_client .

Then to run it use:

docker run -it --cap-add=NET_ADMIN -p 5900:5900 -p 6901:6901 --rm nmf_client

Can combine them both together using:

./build_and_run.sh

This will open a port on 5900 for you to connect to. On ubuntu you can connect with something like Vinagre. Fedora, vnc viewer.

On Windows you could connect with something like tightvnc:

https://www.tightvnc.com/download.php

If ran locally, you could connect using localhost:5900.

Wireguard How To:⚓︎

Wireguard is already installed in this container during build but you can install it manually elsewhere too:

apt update && apt install -y wireguard-tools

There is many ways to connect wireguard but often times its just 1 to 1 connection.

In this case, a client config would look something like this:

[Interface]
Address = 10.1.1.2/24
PrivateKey = hTCxVDQRxSd5OwGc4TPffcNgmP488+K6j5nn6NloONo=
ListenPort = 51820

[Peer]
PublicKey = 2k45++7JvVLLXwZufPeV8LmzK6IpivWDGdCVi2yhsxI=
Endpoint = 34.172.176.5:51820
AllowedIPs = 10.1.1.1/32

Save the config to the following file /etc/wireguard/wg0.conf using a command like this:

# Copy/Paste works best with gedit in this vnc container
gedit /etc/wireguard/wg0.conf
# OR
nano /etc/wireguard/wg0.conf
# OR
vim /etc/wireguard/wg0.conf

Then we need to take down the interface and bring it back up:

# Bring down
wg-quick down wg0
# Bring up
wg-quick up wg0

Nanosat MO Framework:⚓︎

Documentation on the Nanosat framework can be found at:

https://nanosat-mo-framework.readthedocs.io/en/latest/opssat/testing.html

Can connect to a server using:

maltcp://10.1.1.1:1024/nanosat-mo-supervisor-Directory

Clicking on the main Ground Station console displays a Christmas message and has a green gator icon in the lower right. Clicking on the gator brings up an interface of sorts that has a couple of buttons. Clicking the "Time Travel" button initiates the creation of kronos storage and a timeline (4 hours) and provides the details necessary to create the config file referenced in the README.md document. GateXOR

GateXOR Output 
###BEGIN###
### This is the server's Wireguard configuration file. Please consider saving it for your record. ###

[Interface]
Address = 10.1.1.1/24
PrivateKey = BzIQ8dP+sXlIXDJYtHdw983p2yumr/FodBKIJS996gI=
ListenPort = 51820

[Peer]
PublicKey = pHagiOJRDhr5vzqR3J30UC2/RU2/WWahd4FT4mA0Yks=
AllowedIPs = 10.1.1.2/32


###END####

###BEGIN###
### This is your Wireguard configuration file. Please save it, configure a local Wireguard client, and connect to the Target. ###

[Interface]
Address = 10.1.1.2/24
PrivateKey = Pt/QnKI+Yo0q2dC5P31r0sM4lCDYFwZZLRwJfGxyhZk=
ListenPort = 51820

[Peer]
PublicKey = x61aKMHWgVrPgOlgHZH+HfvlFVXFJ7Jd+i0vtoCysyQ=
Endpoint = 35.223.229.1:51820
AllowedIPs = 10.1.1.1/32


###END####
GateXOR> {end}...[timeline] reverted!
Get Shell for Docker⚓︎

The docker's VNC identifier referenced in the build_and_run.sh output can be used to get a shell.
The VNC desktop is: 5053bbc8efc7:0
PORT=5900

sudo docker exec -it 5053bbc8efc7 /bin/bash
Add Config File⚓︎
nano /etc/wireguard/wg0.conf


[Interface]
    Address = 10.1.1.2/24
    PrivateKey = Pt/QnKI+Yo0q2dC5P31r0sM4lCDYFwZZLRwJfGxyhZk=
    ListenPort = 51820

    [Peer]
    PublicKey = x61aKMHWgVrPgOlgHZH+HfvlFVXFJ7Jd+i0vtoCysyQ=
    Endpoint = 35.223.229.1:51820
    AllowedIPs = 10.1.1.1/32

wg-quick down wg0

wg-quick up wg0

After following the instructions in the README file and using the GateXOR information for the wg0.conf file within the docker container, the docker should be reachable via RealVNC or through the browser. Right-clicking on the desktop reveals some tools.

vnctools

Connecting to Sattelite Server⚓︎

With the host connected to the docker via VNC and the docker's interface set up to be able to communicate with 10.1.1.1, the README file indicates this method for connecting: 

maltcp://10.1.1.1:1024/nanosat-mo-supervisor-Directory
Open the Nanosat MO Base Station Tool, drop the maltcp command into the "Directory Service URI" field and click "Fetch Information."

Then click "Connect to Selected Provider." connectSupervisor

It appears the camera application is not running. runCamera Click runApp. connectingCamera

Camera App⚓︎

cameraConnect

Subscribe to Parameter for Camera Image⚓︎

After examining the various tabs and functions of the Camera App and reading the documentation on the nmf framework, using both the VNC and the cli-tool seemed useful for snapping a picture and then receiving that image output from 10.1.1.1 to the docker container. 

find / -name cli-tool

cd /opt/nmf/cli-tool

Testing CLI Subscription Function and Output 

root@5053bbc8efc7:/opt/nmf/cli-tool# ./cli-tool.sh parameter subscribe -p="App: camera" -r=maltcp://10.1.1.1:1025/camera-Directory Base64SnapImage
Snapped an image, then enabled generation. This output several pieces of information including a repeated Base64 string.

Grabbing Some Help From ChatGPT⚓︎

Chacho

I have a command that outputs several items including a repeated Base64 string. I want to save only one instance of this Base64 string to a file and then convert that string to a jpg file. How can I do that?

ChatGPT

your_command | grep -m 1 'data:image/jpeg;base64,' | awk -F'data:image/jpeg;base64,' '{print $2}' > base64.txt

The Subscription Command⚓︎

This grabs just one base64 string from the subscription output. 

./cli-tool.sh parameter subscribe -p="App: camera" -r=maltcp://10.1.1.1:1025/camera-Directory Base64SnapImage | grep -m 1 'base64snapimage: ' | awk -F 'base64snapimage: ' '{print $2}' > ~/base64.txt

Note

This subscription will stay running until stopped, but it is only necessary for the time it takes to snap and generate the image.

Snap Picture⚓︎

snappic Click submit. successful

Enable Generation⚓︎

enable

In the docker terminal, the subscription can now be terminated. 

CTRL+C

Convert Base64 to JPG⚓︎

cat ~/base64.txt | base64 -d -i > ~/image.jpg

open ~/image.jpg

Review Output⚓︎

jack

Objective Answer

to-do