Sous marin

Description

You are invited by a colleague to come and test his new miniature model of a submarine. This model is equipped with a “first person view” (FPV) camera and an adequate system to broadcast this video stream.

To lure you in, your colleague states that his onboard board is based on a Risc-V core. You immediately accept. That evening, you spend several minutes exploring the depth of the campus basin. Nevertheless, after half an hour, the supervision system panics and you lose communication. you lose communication. You throw yourself into the basin to recover the model. Your colleague sees students running off in the distance with radio equipment in hand. But what happened? Could these students have compromised the submarine’s remote system? You offer to help your colleague extract the contents of his Flash memory and analyze it.

The next day, after a shower and a short night’s rest, your colleague drops the submarine’s electronic board on your desk. He confirms that he has implemented a serial port in 8-N-1 mode, but he points out that he that he has potentially made an implementation error in the logic of the synthesized serial port, but he doesn’t remember much about it.

Because the submarine is not underwater, its electronics are not properly cooled. You can’t keep it on for more than a few minutes before it shuts down for safety.

You take a serial port to USB adapter to connect to the system and start investigating…

To interface with the serial port remotely, you will need Telnet.

Your colleague managed to find a backup of the bootloader bootloader.bin and tells you that you can emulate the boot sequence with the command qemu-system-riscv64 -M sifive_u -m 45M -kernel bootloader.bin. (serial port available in View > Serial 0). This allows you to prototype ideas before risking damaging the sub.

You need QEMU 5.1 or later to emulate this challenge.