Rocket Launcher

Description

A missile launch system is operated via an industrial control panel. This panel is controlled by a Siemens S7-300 programmable logic controller (PLC).

The control panel consists of:

• 16 three-position switches connected to the PLC inputs (only 5 are used)
• 16 LEDs connected to the PLC outputs (not used)
• a block of four 10-digit rotary encoders connected to the PLC inputs
• a block of four 7-segment displays connected to the PLC outputs

To validate a missile launch, the command chain, consisting of four people, must take turns entering their 4-digit validation PIN code in the correct order on the rotary encoder and then confirm their entry with the corresponding switch.

The display shows the number of the next code it expects (by default 1 when the first code has not yet been validated). Thus, if the first code is validated, the display increments by 1 to show the value 2, which corresponds to the number of the next expected code. And so on…

If all the codes are validated in the correct order, the missile launch is validated and the display shows the value 7777.

The wiring of the control panel components to the PLC’s digital input and output modules is as follows:

During a verification exercise, it appears that the codes provided to the chain of command did not work, and firing could not be initiated.

Network analysts were able to retrieve a network capture including the latest update of the FC1 block containing the validation program. Using this network capture provided by the analysts, you must find the 4 validation codes.

The expected flag is in the format FCSC{aaaa-bbbb-cccc-dddd}, where aaaa is the first code, bbbb the second, and so on.