The Asis CTF was taking place this weekend and, although I only looked at two challenges, I really found them interesting and well crafted, especially the second level. The challenges I am talking about are the web Secured Portal and 2nd Secured Portal.
In this write-up, I am covering the second level: 2nd Secured Portal.
The Asis CTF was taking place this weekend and, although I only looked at two challenges, I really found them interesting and well crafted, especially the second level. The challenges I am talking about are the web Secured Portal and 2nd Secured Portal.
In this write-up, I am covering the first level: Secured Portal.
Continuing to play with my ipTIME n704-v3, I wanted to understand how their configuration backup feature was working and in a word: it is very simple. I thought that it could be a good example of how one could proceed in order to reverse similar file formats on other devices.
$ python ipTIME_config.py -e config_n704v3_20000101_010901.cfg PoC for extracting/repacking ipTIME backup configuration file Extracting ipTIME configuration... [+] Extracting outer gzip [+] Dumping extracted header Magic: raw_nv Size of gz (compressed): 3183 Sum of gz bytes: 0x677A4 Max size: 32720 FS id: 0x10000 [+] Extracting inner tar.gz tarball Extraction successful. You can now edit configuration files in ./etc/ Use -c to pack the new configuration
TL;DR: ipTIME .cfg backup file is a mix between a tar.gz of /etc/ and a custom binary header, the whole gzip
once more. See this simple script I cooked up
to unpack and re-pack ipTIME .cfg configuration files.
I recently bought a new toy to play with: an ipTIME n704-v3. ipTIME is the most (or one of the most) common brand in Korea for devices like routers and I was curious to check one out.
When connecting to the n704 UART pins, I could not interact with the device. First because I realized my BusPirate TX was dead (sigh); second, after switching the BusPirate, because n704 would not react to my input. There was no boot menu (e.g. U-Boot) and there was no configuration menu. There was one thing that picked my curiosity when reading the boot log messages though:
=================================================================
press magic key to change default setting ...
That sounds interesting! But what could be the magic key? Since Google couldn't answer my question, I decided to look for the answer myself. Be prepared to learn something not so useful today!
TL;DR: x d i a g
I played the Juniors CTF 2016 this weekend with some friends of mine and it was quite fun! Since we missed the registration deadline, I sneakily joined the Securimag team and played with them.
One of the challenges was a modified NES ROM of Castlevania II - Simon's Quest. The challenge was not really hard after all but @xarkes and I thought that it was refreshing to play with a NES ROM for once :)