HackTheBox yoU ART Challenge
https://app.hackthebox.com/challenges/778
Description
We’ve discovered that the recent patch deleted critical files from the cybernetic enhancements. To restore functionality, we need to identify which files were removed. Diagnostics checks run during the device’s boot process and should reveal that information. We’ve connected our serial debugger to the device’s debugging interface, capturing the output from the transmitting pin. Can you analyze the data and help us pinpoint the missing files?
Exploitation
#!/usr/bin/python3
from pwn import remote, sys
def get_process():
try:
host, port = sys.argv[1].split(':')
return remote(host, int(port))
except IndexError:
print(f'Usage: python {sys.argv[0]} <ip:port>')
exit(1)
class UARTReceiver:
def __init__(self, connection, baud_rate=100, data_bits=8, parity=True):
self.connection = connection
self.baud_rate = baud_rate
self.data_bits = data_bits
self.parity = parity
def receive_bit(self):
bit = self.connection.recv(1).decode('utf-8')
return int(bit)
def calculate_parity(self, data_bits):
return sum([int(bit) for bit in data_bits]) % 2 == 0
def receive_byte(self):
bit = self.receive_bit()
while bit != 0:
bit = self.receive_bit()
data_bits = []
for _ in range(self.data_bits):
bit = self.receive_bit()
data_bits.append(str(bit))
binary_data = ''.join(data_bits[::-1])
char = chr(int(binary_data, 2))
if self.parity:
parity_bit = self.receive_bit()
expected_parity = 0 if self.calculate_parity(data_bits) else 1
if parity_bit != expected_parity:
print("Error: Parity bit mismatch")
stop_bit = self.receive_bit()
if stop_bit != 1:
print("Error: Stop bit missing or incorrect")
return char
def pwn(connection):
receiver = UARTReceiver(connection, baud_rate=100, data_bits=8, parity=True)
while True:
print(receiver.receive_byte(), end='')
if __name__ == "__main__":
connection = get_process()
pwn(connection)
Summary
yoU ART: decode the captured signal, map the bitstream, and recover the flag.