Secure Green Server

hardware fault attacks FCSC 2022 solved on

star star

Description

The MegaSecure company provides a secure server allowing to execute operations while controlling its energy consumption.

The server allows to execute commands in a secure way. Indeed, it relies on a secure component to verify the signature of any received command before executing it.

The Python code equivalent to the signature is as follows:

def sign(self, m):
    return pow(int(sha256(m), 16), self.d, self.N)

and its verification is done as follows:

def verif(self, m, s):
    return int(sha256(m), 16) == pow(int(s), self.e, self.N)

However, being still in development, only two commands (ls -la flag.txt and cat flag.txt) are available. Also, it has been noticed that the server presents strange behaviours in some configurations.

Files

Author

Ker

Challenge Instructions

  1. First, download docker-compose.yml:
    curl https://hackropole.fr/challenges/fcsc2022-hardware-secure-green-server/docker-compose.public.yml -o docker-compose.yml
  2. Launch the challenge by executing in the same folder:
    docker compose up
  3. Then, in another console, access the challenge with Netcat:
    nc localhost 4000
⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags Vote
2023-11-05
erdnaxe
🇬🇧
TeamFrance