Post

HackTheBox FF Jump Street Writeup

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the FF Jump Street Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/777

Description

We found a heavily modified module containing legacy hardware merged with corrupted components. We believe the legacy module can access the memory area where the secret key is stored and output it to its console. Unfortunately, the legacy IC we have is unable to reach that address due to a hardware bug.

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

from pwn import args, remote, sys
import os

def get_process():
    try:
        host, port = sys.argv[1].split(':')
        return remote(host, int(port))
    except IndexError:
        print(f'Usage: python {sys.argv[0]} <ip:port>')
        exit(1)

ASSEMBLY = """
        code
        org $8000

        ; main function
        ; jmp ($40ff)
        lda $40ff
        ldx $4100
        sta $3000
        stx $3001
        jmp ($3000)

        ; reset vector
        org $fffc
        dw $8000
        dw $ffff
"""

def assembler(assembly):
    with open("solver.a65", "w") as f:
        f.write(assembly)
    os.system("./as65  -l -m -w -h0 solver.a65 -osolver.rom")
    with open("solver.rom", "rb") as f:
        bytecode = f.read().hex()
    return bytecode

def toAscii(data):
    return data.decode().strip()

def flash_rom(bytecode):
    r.sendlineafter(b"READY.", b"FLASH " + bytecode.encode())

def run_cpu(steps):
    r.sendlineafter(b"READY.", b"RUN " + str(steps).encode())

def print_console():
    r.sendlineafter(b"READY.", b"CONSOLE")

def get_flag():
    r.recvuntil(b"\x1b[94m")
    first = toAscii(r.recvline())
    second = toAscii(r.recvuntil(b"\x1b[0m")[1:-4])
    return first + " " + second

def parse_flag(flag):
    flag = "".join([bytes.fromhex(byte).decode() for byte in flag.split(" ")])
    return flag

def pwn():
    r.recvuntil(b"READY.")
    bytecode = assembler(ASSEMBLY)
    flash_rom(bytecode)
    run_cpu(163)
    print_console()
    flag = get_flag()
    flag = parse_flag(flag)
    print(flag)

if __name__ == "__main__":
    r = get_process()
    pwn()

Summary

FF Jump Street on Hack The Box is an easy-level challenge focused on reverse engineering and custom assembly code to exploit an emulated CPU environment. Participants write 6502 assembly instructions, flash the ROM, and execute the CPU to extract and decode the flag. This challenge highlights skills in low-level programming, emulator interaction, and binary manipulation, providing an engaging introduction to assembly and CPU-based challenges.

challenge
htb challenge writeup linux hardware
This post is licensed under CC BY 4.0 by the author.