Sword of Secrets First Thoughts

Why does this site exist?

I was really impressed with the quality of this CTF, from the packaging, to PCB design, and most critically, to the challenges themselves.

In addition, the author provides two virtual challenges via a web browser interface:

First stage of the initial shipped CTF
Shorter, single-stage Golden Challenge

This way, you can poke at the source code, and try out the interface even without having any of the hardware. In fact, I used the web interface before my unit arrived.

The creator, Gili, put the entire source online on github (of course without the actual encryption keys). This way, you can follow along with what is happening inside the board. In this way, the CTF challenges relate more to understanding C code, learning about cryptographic weaknesses, learning about the flash chip’s functionality, etc. By hiding nothing except the encryption keys, Gili forced himself to create interesting challenges.

What will be posted here?

I’ve written up a full walkthrough in markdown, and am trying publishing via Github Pages.

Expected posts:

General interaction with the Sword.
Primer on how the SPI flash works, how to communicate with it.
For each stage:
- a description of stuff that you’ll need to know, or learn, if solving the stage in the same manner that I have solved it.
- a set of hints … defining the problem, listing what’s known, what’s unknown, and the goal.
- a second set of hints the provide more direct suggestions on how to attack the problem, all the way through explicitly describing how it can be solved.
- a full-blown walkthrough, with explicit commands to be sent, and how to interpret the results.
Finally, for the last stage, I will describe two alternate solutions … each more powerful than the previous one.

When will the posts appear?

I’ll trickle out posts, likely 1-2 per week initially, primarily because I’m still configuring how the GHPages thing works.

While you wait…

Take a look through the source code, and load up the virtual stage 1 challenge, and see what you can figure out.

Of course, if you like the CTF challenge, please consider supporting the creator by purchasing one or more Sword of Secrets.

Note: I am not affiliated with the creator, Gili, except as a satisfied customer of this CTF hardware.