HackTheBox Mini Line Challenge
Explore the basics of cybersecurity in the Mini Line Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/219
Description
The Investigation after a recent breach revealed that one of our standard firmware flashing tools is backdoored. We also identified the last device that we flashed the firmware onto. We use LPC2148 microcontrollers in our devices. Can you analyze the firmware and see if any data was sent?
Exploitation
arm-none-eabi-binutils
1
2
arm-none-eabi-objcopy -I ihex -O binary firmware.hex firmware
arm-none-eabi-objdump -D -b binary -m arm firmware
Decompile firmware
1
2
3
4
5
6
7
8
9
10
11
#!/usr/bin/python3
first = [0x52, 0x4e, 0x58, 0x61, 0x78, 0x2e, 0x68, 0x29, 0x45, 0x77, 0x29, 0x6e, 0x2e, 0x76, 0x69, 0x45]
second = [0x1a, 0x96, 0x14, 0xcc, 0xbe, 0x98, 0xae, 0xcc, 0x14, 0x12, 0xba, 0xbe, 0x10, 0x30, 0x30, 0x30, 0x88]
def extract_flag(first, second):
decoded_first = ''.join(chr(i ^ 0x1A) for i in first)
decoded_second = ''.join(chr((j >> 1) ^ 0x39) for j in second)
return decoded_first + decoded_second
print("Decoded Flag:", extract_flag(first, second))
Summary
The Mini Line Challenge explores ARM firmware reverse engineering, utilizing disassembly and bitwise operations to decode encrypted data transmitted via SPI. The challenge highlights hardware security concepts, encryption reversal, and the fundamentals of analyzing microcontroller firmware.