Forensic

What happen with the flag ? [SPOIL Please do not disclose the flag or part of the flag]
[UPDATE] I used fr keyboard outline as the chall’s setup
[SPOIL]
[SOLVED]

Hi,

I had to edit your message to remove the spoiler. The correct flag is the one generated when the command was typed. Keep it mind it’s a keylogger and it recorded the input of a user at a point in time.

Regards,

Tie21

Is it only for french ? I recovered whole thing, every keystroke but still cannot submit. Do I miss something else that the keylogger cannot record ?

Hi,

"Is it only for french ? "
No.

"Do I miss something else that the keylogger cannot record ?"
Not really, you can entirely reconstruct the flag based on the info in the challenge file.

Tie21

After take a look at file’s metadata, I still cannot submit, tried converting modified time to epoch time format but still not work 😯
[CLOSED]

For those who stuck for hours trying to decode event sream by means of python sample from Stack Overflow (like me)

default "long integer" variable is 8 byte in Linux@64, but 4 byte in Win@64. Details here

So correct code is
“FORMAT = ’QQHHI’
EVENT_SIZE = struct.calcsize(FORMAT)

print("EVENT_SIZE =", EVENT_SIZE)”

"llHHI" gives wrong result on Windows machines, but correct on Linux.