pwnduino

Description

An AVR board is used in a SCADA access control system. It contains a dedicated firmware that implements computations on a secret stored in the internal memory of the microcontroler: this secret must not leave it. In order to execute these computations, it is necessary to prove an authentication password. The console will be disconnected after 10 seconds of inactivity.

During an audit mission, you are asked to evaluate the security of this system, and to validate that the sensitive secret does not leak. You have been able to access a development server containing a debug binary and its source code. Using this information, you are confident that it is possible to recover the production firmware secret!

Files

docker-compose.yml
firmware_debug.bin
1.33 KiB – e72f39c7d91c2cd7a24fdf55fb08ebcfbc4336797c1fd1dbc7c4ea03e9db5f8e
pwnduino-src-debug.tar.xz
1.43 KiB – a0dd4b6f0de229b13f624a5fd9002cd439dc5f6c11cebb3b39d0026ca1f33401

Author

rbe

Challenge Instructions

First, download docker-compose.yml:
curl https://hackropole.fr/challenges/fcsc2023-pwn-pwnduino/docker-compose.public.yml -o docker-compose.yml
Launch the challenge by executing in the same folder:
docker compose up
Then, in another console, access the challenge with Netcat:
nc localhost 4000

⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: eb3e0786acb3e8fabdaaff616353271ba0f75c43b08f63a18f15d3a707f6fd34

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

Date	Author	Language	Tags	Vote
2023-11-06	numb3rss	🇬🇧	TeamFrance