Escape The Chains

hardware secchallenge
Published on 17 Mar 2021

Description

As you wake up, the first thing you notice is a headache. The second one is that you are in the back of a vehicle you do not remember entering. You hear unfamiliar voices outside. Something about an “important device” and “the apocalypse”. While it sounds fairly interesting, you can’t make out the details.

Sitting up, you notice something on your legs. No one seems to be around, so You are free to take a closer look. It looks like a fancy cuff. On the device, You notice what appears to be a connector, labeled UART…

https://escape-the-chains.secchallenge.crysys.hu

Note: If you believe to have successfully connected, but receive no feedback from the device, you might want to ask it to help you.

  • Author: Wintermute, Csf3r3ncz1
  • Difficulty: easy

Solution

When opening the website, we are greeted with what seems like a CLI, and some cables on the top left. From the challenge description it was clear, we had to do some UART stuff, firstly wire the device up. I have done some UART communication before, but if you are unsure what to do, you can always just use google, to search for some wiring.

After this I started looking for commands to connect to the device with. I used to use picocom but had no luck there. Maybe we can look at stuff? The ls command worked, and we see some directories:

bin
dev
boot

Alright, let’s look at the contents of bin, that can surely help us:

ls /bin
ls
id
ttycon
lsusb

Two of them seem interesting, ttycon probably used to actually connect to the device, and lsusb which I haven’t seen before, but should do something right?

Right. lsusb listed some useful information which we could use to later give parameters to the ttycon command after some research. After some researching, I finally managed to connect without recieving random BS (which signals you messed up something with the connection)

ttycon -baud-rate 115200 -data-bits 8 -stop-bits 1 dev/ttyUSB0

We get yet another terminal, but this time, we are giving instructions to the handcuffs, not to our trusty Banana Tau :). After trying a few random commands that came into mind, one finally does something useful, very useful indeed.

help
available commands: check-updates, factory-reset, help, system-info

Hmmmmmmmmmmmmmmm. Factory-resetting a handcuff? What could go wrong honestly. Let’s try that. After issuing the command, we are presented with the flag:

cd21{HIDDEN}

← Back to SecChallenge21

all tags

CTF crypto crysys dnSpy hardware misc pwn reverse secchallenge secchallenge22 web