Description
You have an embedded system for decrypting and signing messages using RSA. The private key used is securely stored in this system and is deemed impossible to extract or clone. Unfortunately, following a misadventure, you have damaged it and can now only sign a fixed message.
Your mission, should you accept it, is to extract the RSA private key from this embedded card, then to use it to decrypt the flag. To do this, we provide you with an electromagnetic fault injection bench (EMFI). This fault injection bench is equipped with an electromagnetic fault injector placed on a 2D motorized axis.
To help you, we’re providing you with the same embedded system, but with the code replaced by:
LDR r4, =0xCAFECAFE ; loads 0xCAFECAFE into register r4
ORR R4, R4 ; r4 <- r4 OU r4
ORR R4, R4 ; r4 <- r4 OU r4
ORR R4, R4 ; r4 <- r4 OU r4
; [...] 1000x
ORR R4, R4 ; r4 <- r4 OU r4
ORR R4, R4 ; r4 <- r4 OU r4
ORR R4, R4 ; r4 <- r4 OU r4
J print_r4 ; displays r4, r4 should equal 0xCAFECAFE
We invite you to use this second card to practice.
Connect to the server to begin your adventure.
Files
Author
Challenge Instructions
- First, download docker-compose.yml:
curl https://hackropole.fr/challenges/fcsc2024-hardware-pewpew/docker-compose.public.yml -o docker-compose.yml - Launch the challenge by executing in the same folder:
docker compose up - Then, in another console, access the challenge with Netcat:
nc localhost 4000
In case you encounter problems, please consult the FAQ.
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.
Writeups
There are no public solutions for this challenge yet, but you can submit yours after getting the flag.