Description
As you pass through customs, the customs officer asks you to hand over your phone and its unlock code. The phone is returned to you a few hours later…
Suspicious, you send your phone to ANSSI’s CERT-FR for analysis. CERT-FR analysts carry out a collection on the phone, consisting of a sysdiagnose and a backup.
Find the name of the malicious tool deployed on the phone, as well as the protocol, IP address and communication port to the C2 server.
The flag is in the format FCSC{<tool>|<protocol>|<IP address>|<port>}. For example, if the tool is Cobalt Strike, the protocol TCP, the IP address 127.0.0.1 and the port 1337: FCSC{Cobalt Strike|TCP|127.0.0.1|1337}.
This challenge is part of a serie. The challenges are independent, except iBackdoor 2/2 whitch depends on iBackdoor 1/2:
Files
-
backup.tar.xz
31.36 MiB – f7e00e4979573e09f582bebb2a64d5daa0ad6151ca7f6971beabbfaa81b400ce -
sysdiagnose_and_crashes.tar.xz
199.10 MiB – 9a7cc0ee4032bc74d2c162562691594fa772f4f57090b7cc72b6efa0e88582cc
Author
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.
Writeups
There are no public solutions for this challenge yet, but you can submit yours after getting the flag.