Riscure Embedded Hardware CTF

YouTube Playlist

Here you can find my video writeu-ups for the Embedded Hardware CTF by Riscure (rhme.riscure.com/challenges). You can also take your own Arduino Nano and flash the challenges from their github repository here: https://github.com/Riscure/Rhme-2016 and follow along.

Newest videos are at the bottom.

Soldering the arduino board, installing drivers for OSX and flash challenges with avrdude. The CTF will run until the end of February, the other videos will come after that.

Explaining what serial is, debugging it with a Saleae Logic Analyzer and figuring out how to talk to the board.

The first challenge I solved for the embedded hardware CTF by riscure. It implements a Secure Filesystem which prevents you from readeing files without knowing the correct token for a file.

We are looking at the datasheet of the ATmega328p and learn about harvard architecture and how serial communication on an assembler level looks like.

We are using radare2 together with avr-gdb and simavr to reverse engineer the challenge "Jumpy" which implemets a password checking algorithm.

Solving "Photo Manager" from the riscure embedded hardware CTF by bypass a buffer overflow mitigation through bruteforcing a stack cookie.

Using the greatest common divisor (GCD) to factorize the public modulo into the secret primes, so we can forge a RSA signature.

Solving the casino challenge of rhme2 abusing a format string vulnerability.

We overflow a buffer and slowly figure out that we can control memory addresses to leak other data.

Whack the mole was a fun little challenge that was not so much about security, but to figure out how the game works, and then play it and win.

We are going to recover a ECDSA private key from bad signatures. Same issue the Playstation 3 had that allowed it to be hacked.

Search Tags