TL;DR#

Extract the three fragmented OP_RETURN payloads from blocks 101, 108, and 117, concatenate them in block‐order, XOR each byte with 0x42 (ASCII “B”), and you get the flag.

Solution#

1. Locate the OP_RETURN fragments

Inspecting each block’s transactions, you find three blocks carrying non‐standard data fields:

• Block 101: OP_RETURN → [0, 6, 17, 7, 1, 57, 0, 14, 114, 1]
• Block 108: OP_RETURN → [9, 29, 1, 10, 3, 11, 44, 29, 6, 55]
• Block 117: OP_RETURN → [47, 18, 29, 115, 119, 29, 4, 55, 44, 44, 27, 63]

2. Reassemble the data
   Concatenate the three arrays in ascending block order to get a single byte stream:

1
data = [
2
  0,6,17,7,1,57,0,14,114,1,
3
  9,29,1,10,3,11,44,29,6,55,
4
  47,18,29,115,119,29,4,55,44,44,27,63
5
]

3. Decode with XOR
   The hint (“Poisoned Ledger”) suggests a simple XOR cipher. Using B as the key:

1
xor_key = ord('B')  # 0x42
2
decoded = ''.join(chr(b ^ xor_key) for b in data)
3
print(decoded)

Flag#

BDSEC{BL0CK_CHAIn_DumP_15_FunnY}

TL;DR#

We need to find a company from the router that is being used from the given pcap file

Solution#

We just need to check each of the mac address that is captured from the pcap file and search it on google

Ethernet II, Src: NetisTechnol_47:fa:42 (64:ee:b7:47:fa:42), Dst: LiteonTechno_7e:74:6b (9c:2f:9d:7e:74:6b)

from this website, we know the answer is netis

Flag#

BDSEC{netis}