Official discussion thread for Secret Treasures. Please do not post any spoilers or big hints.
Is there anyone I can ask for suggestions?
Type your comment> @brigante said:
Is there anyone I can ask for suggestions?
Feel free to send me a DM if you want some clarification regarding the challenge!
@diogt Great challenge! Really tested me at times.
Hi! any hints? I feel like im very close to the end. I reversed all of the files. And I think I know how the flag is generated, but when I run my Python script it only returns random ascii characters.
@NullByteZero said:
Hi! any hints? I feel like im very close to the end. I reversed all of the files. And I think I know how the flag is generated, but when I run my Python script it only returns random ascii characters.
I wrote my script in Python as well and had some issues until I made sure to see the types correctly.
Type your comment> @snuggles said:
@NullByteZero said:
Hi! any hints? I feel like im very close to the end. I reversed all of the files. And I think I know how the flag is generated, but when I run my Python script it only returns random ascii characters.
I wrote my script in Python as well and had some issues until I made sure to see the types correctly.
I was considering that it should output file format other than text, but then the begining of the file should contain some sort of magic number, right? Or am I missing the point completly?
Just focus on extracting the flag.
I’m getting a flag without } ?
Edit : Done. That was a good one
Hi, I am able to get the same addresses as the embedded_software (checked via debugger), but if i take the content of the flash, I get only garbage, is there any hint?
Edit: I now even put in special breakpoints after heavily modifying the program, just to output the addresses. I checked it against real hw (kind of, did not get hold of the W***128 but only W***64 right now. I get only garbage. What am I doing wrong =( ?
The addresses seem to be correct, I read them directly from the registers.
Of course I get the I********d output, but nopped it away
As I was unable to decode the output anyhow, I finally got my W***128, ran the program with just the check removed and got data, which should be 100% correct. However, I am unable to extract the flag from it. Can anyone maybe give me some final nudge? I really lose sleep on this challenge.
EDIT: Solved. ■■■, I heavily changed the binary, wrote own python scripts, even used real HW, just to find out, I did a mistake with an output setting for the input data in s****e… with the correctly exported inputdata, everything works as expected, both with my scripts and with real HW
Type your comment> @StainBase said:
As I was unable to decode the output anyhow, I finally got my W***128, ran the program with just the check removed and got data, which should be 100% correct. However, I am unable to extract the flag from it. Can anyone maybe give me some final nudge? I really lose sleep on this challenge.
EDIT: Solved. ■■■, I heavily changed the binary, wrote own python scripts, even used real HW, just to find out, I did a mistake with an output setting for the input data in s****e… with the correctly exported inputdata, everything works as expected, both with my scripts and with real HW
Wow looks like a wild ride man haha! GG for pwning it !
Finally got the flag! Word of advice if your exporting your data from the .sal file. Use the export function and don’t copy from the terminal
Nice chal by @diogt , as always. As someone else said, just focus on extracting the flag and nothing else. If you are seeing random ASCII characters, make sure you are reading the right addresses and don’t forget to compute things using the right types. In my case I wrote some C code to solve the challenge, but of course you can also do it in Python.
Can I dm someone about the solution? I’m getting random Bytes from the flash dump
Tried multiple different ways of interpreting the values, still only getting random bytes
That quirk severely threw me off, I had an adequate C recreation of the program and not seeing the flag bamboozled me until I found out that the terminal output has some of it skipped/truncated. Thanks!
I have analyzed the firmware binary, last thing i want to understand is the flash memory dump , how to deal with it ?