This weekend took place CSAW17 which is one of the largest student-run cyber-security event in the world, featuring an international online CTF. Our team passed the whole week-end trying to capture the flag. Here is the first write up of some of the challenges we flagged. So the first challenge we solved was Serial (Misc).
After connecting to nc misc.chal.csaw.io 4239 we got :
After some research it seems to correspond to an error control code like this one 8-N-1. 8-N-1 is a common shorthand notation for a serial port parameter setting or configuration in asynchronous mode, in which there are eight (8) data bits, no (N) parity bit, and one (1) stop bit. In this case we have 8-1-1 : 8 data bits, 1 parity bit, 1 stop bit. Chall gaves us 11 bits each time, but first was always 0 so we removed it. So we extracted 8 data and parity bit, xored them if xor is equal to 0 transmission is good and we keep the 8 data bit.
Here is python script solving this challenge :
import socket import re flag = "" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("misc.chal.csaw.io", 4239)) def xor(d): total = 0 for i in range(0,len(d)): total = total ^ int((d[i])) return total while 1: data = s.recv(1024) data = data.replace("\n","") if "8-1-1" in data: data = data.replace("8-1-1 even parity. Respond with '1' if you got the byte, '0' to retransmit.","") if data == "": break print "Received:", repr(data) extracted = data[1:-1] print "Extracted:",extracted x = xor(extracted) print "xor : ", x if x == 0: s.sendall("1") flag += str(data[1:-2]) else: s.sendall("0") data = None print flag print "Connection closed." s.close()
And after few second our script prompt us :