Cyber Security Rumble 2022 - Misc Me Plx
Description:⌗
I like to sniff buses.
Challenge author: Skipper|RedRocket
We get:
90K recording.sr
one unzip
later
10M logic-1-1
10M logic-1-2
10M logic-1-3
10M logic-1-4
10M logic-1-5
10M logic-1-6
10M logic-1-7
10M logic-1-8
7,5M logic-1-9
201 metadata
90K recording.sr
1 version
# cat metadata
[global]
sigrok version=0.5.2
[device 1]
capturefile=logic-1
total probes=8
samplerate=24 MHz
total analog=0
probe1=D0
probe2=D1
probe3=D2
probe4=D3
probe5=D4
probe6=D5
probe7=D6
probe8=D7
unitsize=1
View it in PulseView (GUI of sigrok)
D7 looks like a clock pulse. When googling “clock bus protocol” I²C seems to pop up quite often. I try adding a decoder using the sigrok-cli:
# sigrok -i ~/ctf/csr22/miscmeplx/recording.sr -P i2c:scl=D7:sda=D6 | grep "Data write"
i2c-1: Data write: 69
i2c-1: Data write: 6E
i2c-1: Data write: 69
i2c-1: Data write: 74
i2c-1: Data write: 5F
i2c-1: Data write: 70
i2c-1: Data write: 72
i2c-1: Data write: 6F
i2c-1: Data write: 67
i2c-1: Data write: 5F
...
After converting the bytes to ascii we see:
init_prog_addr__77_1_2_01șCSR{i2c_d0_b3_v3ry_31337}_|>|>|>
Yeah!
Read other posts