https://app.hackthebox.com/challenges/216

Description

We must retrieve the master key stored on the microSD card that is inside the access control system. The traces connected to the card module are accessible on the top layer of the PCB. This enabled our operative to cut the traces and input a logic capture device in-between them. They could then trigger the read operation of the key that is transmitted over this unprotected serial interface. Can you find out what was read by the microSD card?

Exploitation

Use the Logic2 software to analyze SPI communication with the following default signal mappings:

  • MOSI: Channel 01
  • MISO: Channel 00
  • Clock: Channel 03
  • Enable: Channel 02

Export the analyzed data table as a CSV file, and process it using the following command to extract the flag:

cat test.csv | tr ',' ' ' | tr -d '"' | awk '{print $6}' | tr -d '\n' | grep 'HTB'

Summary

Secure Digital: decode the captured signal, map the bitstream, and recover the flag.