Copyright (C) 2019, Uri Shaked. Released under the MIT license.
Learn more in the blog post: Capture The Flag Shitty Add-On
The ctf-shittyaddon board includes the following hardware:
- ATtiny85 Processor
- A ShittyAddon V1 connector
- Reset button
- Red LED connected to ATtiny85's pin 6 (PB1)
You can also hack a simplified version on a breadboard:
Compile the firmware using the Arduino IDE:
- Install ATTiny Core
- Install the TinyWire Library
- Configure Arduino IDE as follows:
- Board: ATtiny25/45/85
- Processor: ATtiny85
- Clock: Internal 8 MHz
- Set the fuses of the chip to enable self programming (
SELFPRGEN=1). This can be done usingavrdude:avrdude -pattiny85 -cusbtiny -e -Uefuse:w:0xfe:m -Uhfuse:w:0xdf:m -Ulfuse:w:0xe2:m
When building your own firmware, replace SECRET in the string "$FLAG:SECRET"
with your secret value (the flag).
The firmware code implements an I2C slave listening on address 0x23.
The challenge consists of several milestones of increasing difficulty:
- Make the red LED light
- Find the secret flag value (it starts with the string "$FLAG:")
- Make the red LED blink by executing code directly on the ATTiny85
- Replace the secret flag with a new value without bricking the board
All the above milestones can be achieved through I2C communication with the chip.
For more information, check out the blog post