Hardware

Write-up of Long Range 2 challenge, RealWorldCTF 2024. Official challenge prompt: Of late, whispers doth persist behind mine back. Yesterday, under the studio tower, a peculiar contraption was found by me. I am most intrigued to discover the content of their discourse. The challenge attachment contains two files: flash_dump (8.0MiB, sha256: 508d328f855d5398aab38cc93bc66bec91dffd2bfff3691c55b096a6d273d972) 486_375MHz-1MSps-1MHz.wav (293MiB, sha256: 1c60c7a45a4d1c279ca334339eecb51043b91b6714dda8382ecdcd3e7d4370f3) flash_dump forensics analysis $ file ./flash_dump ./flash_dump: DOS executable (COM), start instruction 0xe903023f bc983c40 $ binwalk ./flash_dump DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 88595 0x15A13 Neighborly text, "neighbors a simple (0 id) broadcast" 109607 0x1AC27 HTML document header [....

Write-up of the Spacial TOTP challenge of Insomni'hack CTF 2023. Official description I sealed my master phassphrase on this device and protected it using my own TOTP algorithm. Can you recover it ? Once ready, come to the organizers desk to validate your solution on the device. (No connection to the device allowed) We are given a challenge.elf file. Exploration The challenge.elf file First, let’s confirm it is an ELF file: $ file challenge.elf challenge.elf: ELF 32-bit LSB executable, Tensilica Xtensa, version 1 (SYSV), statically linked, with debug_info, not stripped We note that it is not stripped and includes debug information....

Write-up of the ESPMyAdmin of Insomni'hack Teaser CTF 2023. Official description The only prototype of our brand new IoT device was stolen with the laptop containing the application source code… ;( And of course we had no backup ;( ;( For some reasons, the device is still online here, can you help us recover the secret value ? All we can provide is this logic analyzer capture. We are given a capture.dsl file and a URL https://espmyadmin.insomnihack.ch/. Exploration Web service We open https://espmyadmin....

Write-up of the Tuya challenge of CTF Qualifiers for Team Europe Candidates 2023. Official description This is a network forensic challenge. Please analyze the provided network dump. During a forensics mission, CERT was able to identify suspicious traffic from a specific laptop. In fact, by investigating the laptop, it seems that it was compromised and a popular script was used in order to configure Tuya devices inside the internal network. Can you exfiltrate the SSID and password? We are given a network capture trace TuyaDevice....

Write-up of the Engraver challenge of GoogleCTF 2022. Official description You can see pictures of a robot arm laser engraver attached. Can you figure out what it is engraving? Note: the flag should be entered all in upper case. It contains underscores but does not contain dashes. Good luck! We are given a ZIP file containing engraver.pcapng, robot.jpg and robot_engraving.jpg robot_engraving.jpg showing a 6-axis robot drawing G letter with a laser pointer Exploration USB capture Let’s start by opening engraver....

Write-up of the Weather challenge of GoogleCTF 2022. Official description Our DYI Weather Station is fully secure! No, really! Why are you laughing?! OK, to prove it we’re going to put a flag in the internal ROM, give you the source code, datasheet, and network access to the interface. We are given a ZIP file containing Device Datasheet Snippets.pdf and firmware.c. We are also given a server host and port: weather.2022.ctfcompetition.com:1337. Exploration Datasheet snippets Let’s start by reading the datasheet snippets Device Datasheet Snippets....

Write-up of the Myster Mask side-channel analysis challenge of French Cybersecurity Challenge 2022. Official description You will have to analyze the consumption traces of an early implementation of the AES made by Myster Mask. Will you be able to exploit these traces to make the difference? The part to target corresponds to the inversion step in the calculation of the S-box in the first round of the AES. Only this step is implemented, it is not necessary to know the AES since this challenge is specifically focused on the inversion step....

Write-up of the Secure Green Server fault injection challenge of French Cybersecurity Challenge 2022. Official description The MegaSecure company provides a secure server allowing users to compute operations while controlling its energy consumption. The server allows to execute commands in a secure way. Indeed, it relies on a secure element in order to verify the signature of any command received before executing it. The Python code equivalent to the signature process is: 1 2 def sign(self, m): return pow(int(sha256(m), 16), self.d, self.N) and the verification process is equivalent to:...

Write-up of the X-Factor challenge of French Cybersecurity Challenge 2022. Official description You have been asked by a client to recover top secret data from a competing company. You have tried several approaches to find vulnerabilities on the exposed servers, which unfortunately proved unsuccessful: the company’s servers look solid and well protected. Physical intrusion into the premises seems complex given all the necessary access badges and surveillance cameras. One possibility lies in the remote access that the company’s employees have to their collaborative work portal: access to it is done via two authentication factors, a password as well as a physical token to plug into the USB with biometric fingerprint recognition....

On the design of BlobbyFish, a Flappy Bird clone in VHDL. Blobbyfish was implemented for a VHDL academic course project in 8 hours. It is based on Flappy Bird but a little bit simplified for the purpose. This is a team project made with Otthorn. It was a great project to start coding in VHDL and explore all main concepts. Please note that this was implemented for the Digilent Basys 2 using Xilinx ISE. All the code is available there under the GPLv3 license: https://github....