MISC - 查看流量出错

xp0int Posted on Jun 6 2021

strings dump | grep '^[[:alnum:]]\{8\}:' > result.txt 提取出hexdump

![enter image description here](https://leanote.com/api/file/getImage?fileId=60af45c8ab644158ab000728)

重新排序组合
```
end = 0x003d7150
file = open("result.txt", "r").readlines()
out = open("recovery.txt", "w")
dic = {}
for line in file:
    s = line.split(": ")
    if len(s[1]) < 39:
        continue
    idx = int(s[0], 16)
    data = s[1][:39]
    dic[idx] = data

for i in range(0, end, 16):
    out.write(dic[i]+'\n')

out.close()
```

![enter image description here](https://leanote.com/api/file/getImage?fileId=60af45faab644158ab00072a)

将排序后的数据复制粘贴到hxd，还原pcap文件

![enter image description here](https://leanote.com/api/file/getImage?fileId=60af4613ab644158ab00072c)

还原后的pcap文件用wireshark打开会报错，点ok可以继续打开，但是看了一下没找到有用的信息，后续用strings recovery.pcap > pcap_str.txt可以发现某些数据中含有/127.0.0.1/RAPID/T_ROB1/Module1/tgPos{}字串，字串后面就是位置信息

![enter image description here](https://leanote.com/api/file/getImage?fileId=60af4634ab644158ab00072d)

grep 'tgPos' -A 2 pcap_str.txt > pos.txt 提取全部位置信息

![enter image description here](https://leanote.com/api/file/getImage?fileId=60af4646ab64415aa600073e)

脚本还原
```
import time

# f = open("pos.txt", 'r').readlines()
# pos = []
# for i in range(2, len(f), 4):
#    pos += eval(f[i])

pos = [92, 81, 0, 92, 81, 0, 93, 81, 0, 93, 80, 0, 95, 80, 0, 98, 80, 0, 100, 80, 0, 102, 80, 0, 107, 80, 0, 111, 81, 0, 114, 82, 0, 117, 83, 0, 119, 85, 0, 121, 86, 0, 123, 87, 0, 124, 88, 0, 125, 90, 0, 127, 91, 0, 129, 94, 0, 129, 96, 0, 130, 98, 0, 131, 99, 0, 132, 102, 0, 133, 105, 0, 133, 108, 0, 134, 113, 0, 134, 115, 0, 134, 118, 0, 136, 124, 0, 136, 128, 0, 136, 133, 0, 136, 139, 0, 136, 144, 0, 136, 148, 0, 136, 151, 0, 135, 158, 0, 135, 162, 0, 135, 164, 0, 134, 167, 0, 134, 169, 0, 134, 170, 0, 133, 174, 0, 133, 176, 0, 133, 178, 0, 132, 179, 0, 132, 180, 0, 131, 180, 0, 130, 179, 0, 130, 178, 0, 129, 176, 0, 129, 174, 0, 129, 170, 0, 129, 168, 0, 129, 165, 0, 129, 161, 0, 129, 156, 0, 129, 150, 0, 130, 147, 0, 130, 141, 0, 131, 138, 0, 133, 133, 0, 135, 128, 0, 136, 123, 0, 139, 119, 0, 139, 115, 0, 141, 113, 0, 142, 111, 0, 145, 107, 0, 148, 104, 0, 152, 100, 0, 156, 97, 0, 160, 94, 0, 163, 93, 0, 167, 92, 0, 170, 91, 0, 172, 91, 0, 172, 90, 0, 173, 90, 0, 174, 90, 0, 175, 90, 0, 177, 89, 0, 179, 89, 0, 180, 89, 0, 181, 89, 0, 182, 89, 0, 182, 89, -10, 156, 85, 0, 156, 84, 0, 156, 84, 0, 156, 83, 0, 155, 83, 0, 154, 82, 0, 153, 82, 0, 151, 81, 0, 150, 81, 0, 149, 81, 0, 148, 81, 0, 146, 81, 0, 142, 81, 0, 139, 81, 0, 133, 81, 0, 128, 81, 0, 125, 81, 0, 121, 81, 0, 118, 81, 0, 117, 82, 0, 114, 83, 0, 112, 84, 0, 112, 85, 0, 111, 85, 0, 110, 87, 0, 110, 88, 0, 108, 89, 0, 106, 93, 0, 104, 96, 0, 103, 98, 0, 102, 100, 0, 100, 105, 0, 99, 108, 0, 98, 110, 0, 96, 114, 0, 96, 116, 0, 95, 120, 0, 94, 124, 0, 94, 127, 0, 94, 132, 0, 93, 135, 0, 93, 139, 0, 93, 142, 0, 93, 145, 0, 93, 147, 0, 93, 150, 0, 93, 152, 0, 93, 155, 0, 94, 156, 0, 94, 159, 0, 97, 161, 0, 97, 164, 0, 99, 165, 0, 99, 166, 0, 101, 169, 0, 103, 171, 0, 106, 173, 0, 109, 175, 0, 111, 177, 0, 116, 178, 0, 120, 179, 0, 123, 179, 0, 127, 180, 0, 130, 180, 0, 133, 180, 0, 138, 180, 0, 141, 180, 0, 145, 180, 0, 148, 179, 0, 152, 177, 0, 155, 175, 0, 157, 173, 0, 159, 172, 0, 162, 170, 0, 164, 169, 0, 165, 167, 0, 165, 164, 0, 166, 163, 0, 166, 161, 0, 167, 158, 0, 167, 155, 0, 168, 153, 0, 168, 150, 0, 168, 146, 0, 168, 143, 0, 169, 140, 0, 169, 137, 0, 169, 134, 0, 169, 130, 0, 169, 125, 0, 169, 123, 0, 169, 119, 0, 169, 117, 0, 169, 114, 0, 169, 111, 0, 169, 108, 0, 169, 106, 0, 169, 103, 0, 169, 100, 0, 169, 98, 0, 169, 96, 0, 168, 94, 0, 167, 93, 0, 166, 91, 0, 165, 90, 0, 164, 89, 0, 162, 88, 0, 161, 87, 0, 160, 86, 0, 159, 86, 0, 158, 85, 0, 156, 85, 0, 155, 84, 0, 154, 84, 0, 153, 83, 0, 152, 83, 0, 150, 83, 0, 148, 83, 0, 147, 83, 0, 146, 83, 0, 146, 82, 0, 145, 82, 0, 145, 82, -10, 95, 9, 0, 95, 9, 0, 95, 10, 0, 95, 12, 0, 95, 15, 0, 96, 20, 0, 96, 28, 0, 96, 32, 0, 96, 36, 0, 97, 40, 0, 97, 44, 0, 97, 52, 0, 97, 58, 0, 97, 66, 0, 97, 73, 0, 97, 79, 0, 98, 86, 0, 98, 93, 0, 99, 100, 0, 99, 103, 0, 100, 108, 0, 101, 115, 0, 102, 120, 0, 102, 123, 0, 102, 127, 0, 103, 130, 0, 103, 136, 0, 103, 139, 0, 103, 142, 0, 103, 147, 0, 103, 150, 0, 103, 154, 0, 103, 158, 0, 105, 162, 0, 105, 167, 0, 106, 172, 0, 106, 176, 0, 107, 183, 0, 107, 186, 0, 108, 190, 0, 108, 192, 0, 108, 194, 0, 108, 197, 0, 108, 198, 0, 108, 199, 0, 108, 200, 0, 108, 199, 0, 108, 196, 0, 108, 194, 0, 108, 191, 0, 108, 189, 0, 108, 185, 0, 108, 181, 0, 108, 174, 0, 108, 170, 0, 108, 163, 0, 108, 158, 0, 108, 152, 0, 108, 147, 0, 108, 140, 0, 109, 131, 0, 109, 125, 0, 109, 118, 0, 109, 115, 0, 110, 111, 0, 111, 104, 0, 111, 102, 0, 111, 99, 0, 111, 97, 0, 111, 95, 0, 112, 95, 0, 112, 94, 0, 112, 93, 0, 113, 92, 0, 114, 90, 0, 116, 90, 0, 117, 88, 0, 119, 87, 0, 122, 85, 0, 126, 85, 0, 128, 83, 0, 129, 82, 0, 133, 82, 0, 135, 82, 0, 138, 82, 0, 140, 82, 0, 142, 82, 0, 144, 82, 0, 146, 82, 0, 148, 82, 0, 149, 84, 0, 151, 85, 0, 153, 86, 0, 154, 88, 0, 155, 89, 0, 156, 92, 0, 160, 95, 0, 161, 97, 0, 162, 99, 0, 164, 103, 0, 164, 105, 0, 166, 107, 0, 166, 109, 0, 167, 112, 0, 167, 114, 0, 169, 118, 0, 169, 121, 0, 169, 123, 0, 169, 126, 0, 170, 128, 0, 170, 130, 0, 170, 132, 0, 170, 135, 0, 170, 138, 0, 170, 140, 0, 168, 143, 0, 167, 145, 0, 165, 148, 0, 165, 151, 0, 163, 153, 0, 162, 157, 0, 158, 159, 0, 157, 161, 0, 154, 164, 0, 152, 167, 0, 148, 169, 0, 146, 171, 0, 144, 173, 0, 142, 174, 0, 139, 176, 0, 137, 177, 0, 136, 178, 0, 133, 179, 0, 130, 180, 0, 127, 182, 0, 125, 183, 0, 121, 185, 0, 118, 186, 0, 115, 187, 0, 111, 189, 0, 110, 190, 0, 109, 190, 0, 109, 190, -10, 135, 87, 0, 135, 87, 0, 134, 87, 0, 133, 87, 0, 131, 87, 0, 129, 87, 0, 127, 87, 0, 126, 87, 0, 124, 87, 0, 121, 87, 0, 119, 87, 0, 117, 87, 0, 114, 88, 0, 110, 90, 0, 107, 91, 0, 104, 95, 0, 101, 97, 0, 99, 99, 0, 97, 101, 0, 96, 104, 0, 95, 106, 0, 94, 109, 0, 91, 113, 0, 91, 115, 0, 90, 118, 0, 89, 125, 0, 88, 128, 0, 88, 131, 0, 88, 135, 0, 88, 138, 0, 88, 140, 0, 88, 144, 0, 90, 147, 0, 91, 150, 0, 93, 153, 0, 94, 155, 0, 98, 160, 0, 101, 164, 0, 104, 167, 0, 106, 169, 0, 110, 174, 0, 114, 176, 0, 117, 178, 0, 120, 179, 0, 127, 179, 0, 130, 179, 0, 135, 179, 0, 137, 178, 0, 140, 176, 0, 143, 175, 0, 149, 168, 0, 152, 166, 0, 156, 161, 0, 158, 159, 0, 160, 156, 0, 161, 154, 0, 163, 151, 0, 163, 149, 0, 163, 147, 0, 165, 144, 0, 165, 141, 0, 166, 140, 0, 166, 139, 0, 166, 137, 0, 166, 135, 0, 166, 133, 0, 166, 131, 0, 166, 128, 0, 166, 125, 0, 166, 123, 0, 166, 122, 0, 166, 119, 0, 164, 116, 0, 163, 115, 0, 163, 114, 0, 162, 111, 0, 162, 110, 0, 161, 108, 0, 161, 106, 0, 158, 103, 0, 158, 101, 0, 155, 98, 0, 154, 97, 0, 152, 94, 0, 151, 92, 0, 149, 90, 0, 146, 87, 0, 143, 86, 0, 140, 84, 0, 138, 83, 0, 135, 82, 0, 134, 82, 0, 131, 80, 0, 129, 80, 0, 127, 80, 0, 126, 80, 0, 125, 80, 0, 124, 80, 0, 123, 80, 0, 122, 80, 0, 121, 80, 0, 121, 81, 0, 121, 81, -10, 202, 197, 0, 202, 197, 0, 202, 196, 0, 202, 195, 0, 203, 195, 0, 208, 194, 0, 210, 193, 0, 212, 192, 0, 216, 191, 0, 220, 191, 0, 222, 190, 0, 226, 189, 0, 228, 188, 0, 231, 188, 0, 237, 187, 0, 241, 187, 0, 247, 185, 0, 253, 184, 0, 258, 183, 0, 260, 182, 0, 262, 182, 0, 264, 181, 0, 266, 181, 0, 267, 181, 0, 269, 180, 0, 270, 180, 0, 272, 180, 0, 274, 180, 0, 275, 180, 0, 276, 180, 0, 278, 180, 0, 279, 181, 0, 281, 181, 0, 282, 181, 0, 282, 182, 0, 284, 183, 0, 285, 184, 0, 286, 186, 0, 287, 186, 0, 289, 187, 0, 290, 187, 0, 290, 188, 0, 291, 189, 0, 292, 189, 0, 292, 190, 0, 293, 190, 0, 293, 191, 0, 294, 191, 0, 294, 192, 0, 296, 192, 0, 296, 193, 0, 296, 193, -10, 296, 83, 0, 296, 83, 0, 296, 84, 0, 298, 85, 0, 300, 85, 0, 303, 85, 0, 307, 85, 0, 309, 85, 0, 312, 85, 0, 316, 85, 0, 319, 85, 0, 326, 85, 0, 331, 85, 0, 336, 85, 0, 343, 85, 0, 345, 85, 0, 349, 85, 0, 351, 85, 0, 354, 85, 0, 356, 85, 0, 358, 85, 0, 359, 85, 0, 360, 85, 0, 361, 85, 0, 362, 85, 0, 364, 85, 0, 365, 85, 0, 366, 85, 0, 368, 84, 0, 369, 84, 0, 369, 83, 0, 371, 83, 0, 373, 83, 0, 374, 83, 0, 375, 82, 0, 376, 82, 0, 377, 81, 0, 379, 81, 0, 380, 81, 0, 381, 81, 0, 382, 81, 0, 382, 81, -10, 340, 15, 0, 340, 15, 0, 340, 16, 0, 341, 18, 0, 341, 19, 0, 341, 20, 0, 342, 22, 0, 342, 24, 0, 342, 26, 0, 342, 28, 0, 342, 30, 0, 342, 34, 0, 342, 36, 0, 343, 40, 0, 343, 46, 0, 343, 49, 0, 344, 54, 0, 344, 61, 0, 344, 68, 0, 345, 71, 0, 345, 76, 0, 345, 82, 0, 345, 89, 0, 345, 93, 0, 345, 98, 0, 345, 101, 0, 345, 104, 0, 345, 107, 0, 345, 110, 0, 345, 112, 0, 345, 116, 0, 345, 118, 0, 345, 121, 0, 345, 125, 0, 345, 129, 0, 345, 132, 0, 345, 136, 0, 345, 139, 0, 345, 143, 0, 345, 145, 0, 346, 148, 0, 346, 150, 0, 346, 153, 0, 346, 155, 0, 346, 157, 0, 346, 159, 0, 346, 162, 0, 346, 164, 0, 346, 165, 0, 346, 167, 0, 346, 170, 0, 346, 172, 0, 346, 174, 0, 348, 176, 0, 348, 179, 0, 348, 180, 0, 348, 183, 0, 348, 184, 0, 348, 185, 0, 348, 186, 0, 349, 187, 0, 349, 188, 0, 350, 189, 0, 351, 189, 0, 352, 189, 0, 354, 189, 0, 356, 189, 0, 357, 189, 0, 358, 189, 0, 359, 188, 0, 360, 187, 0, 361, 186, 0, 362, 185, 0, 364, 184, 0, 365, 183, 0, 366, 182, 0, 366, 181, 0, 366, 180, 0, 367, 178, 0, 367, 176, 0, 368, 175, 0, 368, 174, 0, 369, 171, 0, 370, 169, 0, 370, 168, 0, 372, 166, 0, 373, 164, 0, 373, 163, 0, 373, 161, 0, 373, 160, 0, 374, 160, 0, 374, 159, 0, 374, 158, 0, 374, 157, 0, 374, 156, 0, 374, 155, 0, 374, 154, 0, 374, 153, 0, 374, 153, -10]

from PIL import Image
img = Image.new('1', (400, 400))
idx = 0
for i in range(0, len(pos), 3):
    a, b, c = pos[i:i+3]
    if c == -10:
        img.show()
        time.sleep(1)
        continue
    img.putpixel((a,b), 255)
```

![enter image description here](https://leanote.com/api/file/getImage?fileId=60af46e6ab644158ab000737)

打赏还是打残，这是个问题