Simplifying via Python
Review
Things you’ve learned
Things you've learned
You’ve already solved stages 1 and 2, so you:
- can erase parts of the flash chip
- can write data to parts of the flash chip
- are somewhat familiar with the source code
- are somewhat familiar with block-based
AES cryptography used in
ECBmode - can check if you’ve progressed via
SOLVEcommand
Definitions:
- cleartext === original data to encrypt
- plaintext === data provided to the encryption routine, typically padded
- ciphertext === the encrypted data corresponding to the plaintext
Programmatic access
Programmatic Access
As I mentioned in the last post, stage 3 essentially requires programmatic interaction with the CTF board communications.
Although not complete, I’d now like to share the helper library I used for this CTF.
Check out the sos_helper repository.
Each stage will have (at least) one module, and there’s a base module that greatly simplifies reading, writing, and erasing the flash.
Each stage’s module has registered commands you can run for that stage … everything from a simple XOR test (for stage 1), ones that walk you through a complex solution (e.g., stage 3), all the way through “autosolve” commands which just bypass that challenge altogether.
The base library and stages 1-2 are already published. I’ll publish the remaining stages as I publish the final steps of the walkthrough.
FIN
With the release of this library, you should have a solid basis for writing your own extensions to investigate and solve stage 3.
My next post will include the deep walkthrough of stage 3 … and it’s a doozy!