Official Prison Escape Discussion

Official discussion thread for Prison Escape. Please do not post any spoilers or big hints.

am i seriously the only one here

@htbapibot said:
Official discussion thread for Prison Escape. Please do not post any spoilers or big hints.

Type your comment> @ClarkeAlex said:

@htbapibot said:
Official discussion thread for Prison Escape. Please do not post any spoilers or big hints.

Not anymore; I’m about to start this chal XD

I have no experience with Hardware hacking.So i don’t even know to start or enumerate.Any hints or any other suggessted prior knowledge I need to have to tackle the Prison Escape Hardware Challenge.Thank You.

@AxHacker said:
I have no experience with Hardware hacking.So i don’t even know to start or enumerate.Any hints or any other suggessted prior knowledge I need to have to tackle the Prison Escape Hardware Challenge.Thank You.

I suggest you to look at Intro to hardware hacking track

Thank you @MrR3boot for a fun challenge. I really enjoyed piecing all of the bits together!

Glad that you enjoyed it :wink:

Need some assistance. I’m able to decode the packets and get the proper CRC on the captured packets. I send the packets with the proper payload + calculated crc in hex uppercase after changing some of them to the values in the PDF and there’s no response.

Feels like it’s ignoring my commands because of CRC, but i’m like 99% sure the CRC is right.

Totally felt like it was going to pop, and nothing happened LOL. Can someone DM me or give me a nudge?

1 Like

Hi, did you manage to get it working ? If so can I get a hint ? I’m stuck here too, found the packets and calculated the CRC but nothing happens when I send the tampered packets.

I’m stuck because of the same reason.

This challenge is weird, i figured out how to calculate the crc.
Although I’m sending the correct message nothing changes.

Another thing i noticed is the fact that the alarm status gets not updated live, although the agent status + drone live capture gets updated.

Maybe I’m failing at the “Bits / Symbol” part … first I thought it is the Bitlength, but that would be “Samples / Bit” .
Now I don’t really know what that really means since 1 bit is basically 1 symbol.
Sadly using 1 in that box does not change a thing :blush:

can you tell me how did u decoded the packets to get CRC?

Same exact issue, I really don’t see what I am doing wrong here. Would love a nudge!

Is this challenge broken? I keep getting the same RF packet over and over again.

Anyone active on this? It’s an infuriating one but determined to crack it.

I am not able to find anything on this challenge for whole year, there is loop and no way to break out this loop I did everything that can I do on these packets but couldn’t send correct packet or I sent but couldn’t get any feedback from server. We need nudge!

I was stuck for a while too till I realized each capture is an individual packet

Load like 6 into urh and think about how it would be broken down if it was any other protcol

HINT: Like in IPV4 there is a source id and destination id (what is broadcast address in ipv4?)

I could give more hints but I think this is more then enough to solve the challenge. Make sure to read all given to you closely and note all information about the protocol and devices.

1 Like

Hey. Still getting stuck on the challenge, for some reason, I can send a POST request from Burp, but not from python requests, which I want to use to cycle the ff byte (the code just hangs at requests.post()). Any ideas?

I have set a timeout of 5 seconds and made it so that the request will be retried on timeout, and it helped me to finally get a response. It’s taking a long time tho, but I’m rn checking if my code works, waiting for the red bulb to appear.

UPD: Took an L, either I have a bug, or I have done something wrong, or it’s just broken. Will update if I figure it out.

I’ve figured out that cycle is not really relevant, however I’m still not getting anything with manual requests, which is kinda weird…