Chrono Rage

hardware side channel attacks FCSC 2024 solved on

star

Description

Your friend has developed a small local daemon on his server which opens a listening socket on localhost and performs privileged actions when clients connect and authenticate with a PIN. Unfortunately, he recently had his server attacked, despite all the efforts he put into securing his daemon.

He provides you with the source code of this Python daemon: as you’ll see, to secure the communication of the PIN on the socket, he uses rotating AES session keys. It also provides you with a pcap capture corresponding to suspicious activity on the part of a local client detected by its constant monitoring. Unfortunately, he has lost the AES key used at the time of this capture, so he can’t provide it to you. Finally, he has obviously redacted the PIN in the source code: you don’t need to know this sensitive secret!

Can you help him out by explaining how the attacker did it, and that he needs to change his PIN and correct his code as quickly as possible?

Note: the format of the flag is FCSC{PIN} where PIN is the server’s PIN.

Files

  • chrono-rage.pcap
    32.01 KiB – ae36fa1c82d64e0319964d913293f3bcb4e4f3ab236d86fd964725c196a9d868
  • chrono-rage-server.py
    1.78 KiB – 6e5508386366cb7088bbffc46076ec27b5a560181a5c63a21474c8e8b82b8380

Author

rbe

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.