Riscure Embedded Hardware CTF

rhme Playlist


Soldering the arduino board, installing drivers for OSX and flash challenges with avrdude. The CTF will run until the end of February, the other videos will come after that.

Explaining what serial is, debugging it with a Saleae Logic Analyzer and figuring out how to talk to the board.

The first challenge I solved for the embedded hardware CTF by riscure. It implements a Secure Filesystem which prevents you from readeing files without knowing the correct token for a file.

We are looking at the datasheet of the ATmega328p and learn about harvard architecture and how serial communication on an assembler level looks like.

We are using radare2 together with avr-gdb and simavr to reverse engineer the challenge "Jumpy" which implemets a password checking algorithm.

Solving "Photo Manager" from the riscure embedded hardware CTF by bypass a buffer overflow mitigation through bruteforcing a stack cookie.

Using the greatest common divisor (GCD) to factorize the public modulo into the secret primes, so we can forge a RSA signature.

Solving the casino challenge of rhme2 abusing a format string vulnerability.

We overflow a buffer and slowly figure out that we can control memory addresses to leak other data.

Whack the mole was a fun little challenge that was not so much about security, but to figure out how the game works, and then play it and win.

We are going to recover a ECDSA private key from bad signatures. Same issue the Playstation 3 had that allowed it to be hacked.

Preparing an arduino nano board to perform a power analysis side channel attack and explaining how that can be used to break RSA. Also proof I can't count.

Terrible DPA explanation and sharing my experience solving the side channel analysis challenge "piece of scake" from the rhme2 CTF.

Generating random numbers on computers is not easy. And while the intended solution was really hard, the challenge had a problem with the random number generation, which allowed me to solve it.

We perform a fault injection on an arduino board to break out of a endless loop. We drop the power for a very short amount of time so the microprocessor calculates something wrong. Skip to 0:56 if you don't want to see my cringy acting.

Search Tags