Work in progress.
Check the OTA folder for updated beta features
├── bin
│ ├── falcon-fire.bin
│ ├── final-unlocked.bin
│ ├── game_of_life.bin
│ ├── initial.bin
│ └── serial-exploitation.bin
├── hw
│ ├── Assembly
│ ├── DrillFiles
│ ├── GerberFiles
│ ├── InCTF_Badge.brd
│ └── InCTF_Badge.sch
├── LICENSE
├── README.md
└── src
├── falcon-fire
├── Final
├── Game-Of-Life
├── initial
│ ├── data
└── serial-exploitation
Software to install:
- For Windows:
- On Linux/Windows:
- pyserial ->
pip install pyserial - esptool ->
pip install esptool- For more info visit esptool.
- miniterm.py (Installed with pyserial)
- pyserial ->
- falcon-fire.bin
- A version of the 80s Asteroid Game.
- final-unlocked.bin
- Firmware with unlocked LEDs and defence against laser attacks.
- game_of_life.bin
- A version of Conway's Game of Life on Falcon.
- initial.bin
- The basic firmware everyone's badge was loaded with.
- serial-exploitation.bin
- Firmware that was designed to teach you serial exploitation.
Make sure you've installed the correct drivers and the esptool.py
Clone the repository and open a terminal in the same directory.
Run the following command with the desired file in the same terminal.
esptool.py write_flash 0x00000 initial.bin
The code is written with the help of Arduino SDK, considering it to be beginner-friendly platform. You can run MicroPython on the same board as well.
The badge has the personal data of the users stored in the SPIFFS system. Hence we use the 4MB flash memory in NodeMCU with 1MB specified for filesystem. If you're interested in learning more about the Filesystem used in ESP8266 Arduino. This filesystem consists of the following files:
data/
├── chall.png -> The forensics challenge desgined by @_f41c0n
├── flag -> For the game
├── id -> Cadet/Padawan/Rebel ID
├── ip -> Static IP Assigned to each badge
├── name -> Username
├── pass -> 5 char of username and 5 char of the phone number
- ThingPulse SSD1306
- Adafruit GFX
- Adafruit SSD1306
- u8g2
- Already included in the base installation
- Wire
- FS
- If you have successfully installed Arduino IDE , you can just clone the code to get started.
You might face an issue of creating a new folder, just press "OK" and continue.
- If you like the makefile approach then I suggest you look at makeEspArduino project.
- To build
make -f makeEspArduino.mk all FLASH_DEF=4M1M - For flashing the code
make -f makeEspArduino.mk flash FLASH_DEF=4M1M - For flashing the filesystem
make -f makeEspArduino.mk flash_fs FLASH_DEF=4M1M
- To build
?id=100 gives the correct flag
There is a base64 text appended to the image. Extracting and decoding it will give a table of 8 columns representing the 8 bits of each character. Extract the binary data and decode it to get the flag.
The challenge starts with a login screen and on choosing the login option requires you to enter a randomly generated OTP. On analysis we can see that the LDR which is connected to the analog pin of the NodeMCU is used as the random seed for generating pseudo-random values.
If we short the analog pin with the VCC the random seed value will remain constant and so the pattern of generated OTP will remain constant. So by using a sample code to generate the OTP pattern or by brute-force you can login to the system.
Once you login, you will get an option to read data from the board. You only have permission to read a maximum of 50 characters. But the array from which you are reading data is a byte array of size 260. The input given is to a signed 8 bit variable and the program first checks if the value is greater less than 50. After the initial condition is passed the value is moved to an unsigned 8 bit variable and then that many number of characters from the array is printed. So if we enter a negative number like ‘-1’ it will bypass the initial check and when the value is moved to the unsigned variable -1 becomes 255 and we can read 255 characters from the array. The flag is stored from the 188th index so the output we get by giving -1 as the input will contain the flag!
FLAG : falcon{y0u_3xtr4ct3d_th3_s3ctr3t_d4t4}
Read More:https://blog.bi0s.in/2020/01/21/Hardware/millenium_falcon/
GameOfLife based on: DrMikeG
Falcon-Fire based on: pauls-3d-things