HackTheBox Mini Line Challenge
https://app.hackthebox.com/challenges/219
Description
The Investigation after a recent breach revealed that one of our standard firmware flashing tools is backdoored. We also identified the last device that we flashed the firmware onto. We use LPC2148 microcontrollers in our devices. Can you analyze the firmware and see if any data was sent?
Exploitation
arm-none-eabi-binutils
arm-none-eabi-objcopy -I ihex -O binary firmware.hex firmware
arm-none-eabi-objdump -D -b binary -m arm firmware
Decompile firmware
#!/usr/bin/python3
first = [0x52, 0x4e, 0x58, 0x61, 0x78, 0x2e, 0x68, 0x29, 0x45, 0x77, 0x29, 0x6e, 0x2e, 0x76, 0x69, 0x45]
second = [0x1a, 0x96, 0x14, 0xcc, 0xbe, 0x98, 0xae, 0xcc, 0x14, 0x12, 0xba, 0xbe, 0x10, 0x30, 0x30, 0x30, 0x88]
def extract_flag(first, second):
decoded_first = ''.join(chr(i ^ 0x1A) for i in first)
decoded_second = ''.join(chr((j >> 1) ^ 0x39) for j in second)
return decoded_first + decoded_second
print("Decoded Flag:", extract_flag(first, second))
Summary
Mini Line: decode the captured signal, map the bitstream, and recover the flag.