HTB Cyber Apocalypse 2021 Writeup — Off the grid
This is one of my favorite challenges, so I decided to write the writeup :)
Challenge info
One of our agents managed to store some valuable information in an air-gapped hardware password manage and delete any trace of them in our network before it got compromised by the invaders but the device got damaged during transportation and its OLED screen broke. We need help to recover the information stored in it! [Download]
Given a .sal file and a schematic which is shown below:
Solution
From the schematic, an OLED display is connected with an analyzer, so the goal is to extract the flag from data that the OLED screen received.
First, let’s take a look at how the OLED display works. After doing some research, we found that SH1306 OLED screens have the size of 128 x 64 pixels and they communicate by I2C or SPI protocol.
The display is divided into 8 pages, each page contains 128 columns and each column contains 8 pixels.
Open the .sal file with Saleae logic analyzer software and analyze the signal with SPI protocol and then select Channel 0 to “MOSI” and Channel 1 to “Clock”, as the schematic hints. The result would be like the image below:
There are 6 sequences of the signal and there is a one-second interval between each of them. That means the display module showed 6 frames on the screen in total. Let’s take a closer look at each frame.
Each frame has 1048 bytes of data (we ignore the first 25 bytes). Therefore, each page would contain 1048 / 8 = 131 bytes. Shouldn’t it be 128 bytes? I guess the first 3 bytes of each page are some kind of sync data. To make the code simple, we ignore them and just add extra 3 columns into our display.
Finally, we know how the display works! Export the data as .csv, write the code to interpret the data, and figure out what did the display show.
Flag: CHTB{013d_h4ck1n9_f7w!2^25#}
