Hardware na ECSC2024

Slidy na talks.grsc.cz/hwhx2

ECSC?

European Coal and Steel Community

Eurovision Cover Song Contest

European Cybersecurity Challenge

Organizuje ENISA

Wooo, byrokracie!

Česká kvalifikace je Kybersoutěž

Existuje OpenECSC (každý rok jiné)

CTF?

Capture The Flag

User Argorrath on the TF2 wiki

Jeopardy × Attack/Defence

User Kinu on Wikipedia
David Bohmann @ECSC2022 (stolen from ankhaneko's site)

The hardware equipment necessary to solve the hardware challenges is provided by the organizers; players are not allowed to use any additional tool to solve the hardware challenges apart from their laptops.

:(

The Slice

  • The "multitool" board
  • RP2040
  • 12 GPIOs
  • 2 LEDs
  • BOOTSEL and! RESET
  • Preloaded μPython
  • Do whatever you want with it
  • POWER is GND || +3.3

The Pizza

  • The target board
  • SEcube by Blu5
  • STM32F4 - ARM Cortex-M4
  • MachXO2-7000 FPGA (6864 LUTs)
  • USB-C for power only
  • JTAG for upload only
  • 20 GPIOs for challenge interface
FUNCTION PIN PIN FUNCTION
FPGA_CLOCK 1 2 FPGA_RST
FPGA_I0 3 4 FPGA_O0
FPGA_I1 5 6 FPGA_O1
FPGA_I2 7 8 FPGA_O2
FPGA_I3 9 10 FPGA_O3
N/A 11 12 SLOT_MACHINE_LEVER
N/A 13 14 N/A
CPU_I2C_SDA 15 16 CPU_I2C_SCL
CPU_UART_RX 17 18 CPU_UART_TX
GND 19 20 CPU_RST

UART to I2C

🌍 23 🏳️ 🏛️ 21 🏳️ 🏆 76

🏷️  hardware

I need a UART to I2C converter, use the slice!

📄 Attachments

📩 BOARD.md

📩 SLICE_POWER.jpg

🏳️ Solves

#TimeUser
12024-10-09 10:27:59Team Australia 🧳
22024-10-09 11:11:14Team Luxembourg
32024-10-09 11:14:00Team Austria
42024-10-09 11:22:53Team Poland
52024-10-09 11:35:56Team Switzerland
62024-10-09 11:40:31Team Estonia
72024-10-09 12:06:12Team Cyprus
82024-10-09 12:10:20Team Romania
92024-10-09 12:43:36Team Denmark
102024-10-09 13:50:52Team Czech Republic (Team Czech Republic)
112024-10-09 13:52:57Team Portugal
122024-10-09 13:54:59Team Finland
132024-10-09 14:04:55Team Croatia
142024-10-09 14:07:02Team Slovakia
152024-10-09 14:18:36Team Latvia
162024-10-09 14:20:11Team Sweden
172024-10-09 15:00:58Team Serbia
182024-10-09 15:09:44Team United States 🧳
192024-10-09 15:09:48Team Ireland
202024-10-09 15:27:54Team Italy
212024-10-09 16:04:32Team Bulgaria
222024-10-09 16:24:35Team Netherlands
232024-10-09 17:28:19Team Belgium
PGA Program version: 0x1
Available Program version: 0x1
Welcome to the pizza challenges
                         _______
                        |  ~~--.
                        |%=@%%/
                        |o%%%/
                     __ |%%o/
               _,--~~ | |(_/ ._
            ,/'  m%%%%| |o/ /  `\.
           /' m%%o(_)%| |/ /o%%m `\
         /' %%@=%o%%%o|   /(_)o%%% `\
        /  %o%%%%%=@%%|  /%%o%%@=%%  \
       |  (_)%(_)%%o%%| /%%%=@(_)%%%  |
       | %%o%%%%o%%%(_|/%o%%o%%%%o%%% |
       | %%o%(_)%%%%%o%(_)%%%o%%o%o%% |
       |  (_)%%=@%(_)%o%o%%(_)%o(_)%  |
        \ ~%%o%%%%%o%o%=@%%o%%@%%o%~ /
         \. ~o%%(_)%%%o%(_)%%(_)o~ ,/
           \_ ~o%=@%(_)%o%%(_)%~ _/
             `\_~~o%%%o%%%%%~~_/'
                `--..____,,--'
1. UART to I2C
2. PIN
3. Slot Machine

>
                        
1

SEND THESE MESSAGES VIA I2C TO THE ADDRESS 0x42 (1 MESSAGE PER LINE)
0x88 0x11 0x93 0x13 0xB8 0xE8 0x5F

Secure PIN

🌍 19 🏳️ 🏛️ 19 🏳️ 🏆 96

🏷️  hardware

Look at my new numeric PIN protected flag, you cannot guess it!

Note: the documentation is in the UART to I2C challenge

🏳️ Solves

#TimeUser
12024-10-09 11:00:00Team Australia 🧳
22024-10-09 11:30:18Team Luxembourg
32024-10-09 11:55:38Team Austria
42024-10-09 13:12:12Team Denmark
52024-10-09 13:15:20Team Serbia
62024-10-09 14:13:24Team Iceland
72024-10-09 14:18:32Team Romania
82024-10-09 14:19:15Team Cyprus
92024-10-09 14:35:47Team Belgium
102024-10-09 14:47:13Team Finland
112024-10-09 14:50:13Team United States 🧳
122024-10-09 15:00:10Team Czech Republic (Team Czech Republic)
132024-10-09 15:22:39Team Ireland
142024-10-09 16:05:27Team Latvia
152024-10-09 16:14:10Team Sweden
162024-10-09 16:17:23Team Poland
172024-10-09 16:21:37Team Italy
182024-10-09 16:24:40Team Netherlands
192024-10-09 16:58:20Team Estonia
FPGA Program version: 0x1
Available Program version: 0x1
Welcome to the pizza challenges
                         _______
                        |  ~~--.
                        |%=@%%/
                        |o%%%/
                     __ |%%o/
               _,--~~ | |(_/ ._
            ,/'  m%%%%| |o/ /  `\.
           /' m%%o(_)%| |/ /o%%m `\
         /' %%@=%o%%%o|   /(_)o%%% `\
        /  %o%%%%%=@%%|  /%%o%%@=%%  \
       |  (_)%(_)%%o%%| /%%%=@(_)%%%  |
       | %%o%%%%o%%%(_|/%o%%o%%%%o%%% |
       | %%o%(_)%%%%%o%(_)%%%o%%o%o%% |
       |  (_)%%=@%(_)%o%o%%(_)%o(_)%  |
        \ ~%%o%%%%%o%o%=@%%o%%@%%o%~ /
         \. ~o%%(_)%%%o%(_)%%(_)o~ ,/
           \_ ~o%=@%(_)%o%%(_)%~ _/
             `\_~~o%%%o%%%%%~~_/'
                `--..____,,--'
1. UART to I2C
2. PIN
3. Slot Machine

>
                        
2
Insert PIN:
                        
Insert PIN: 1000
Wrong PIN
Insert PIN: 1001
Wrong PIN
                        
Insert PIN: 1000
Wrong PIN
Insert PIN: 1001
Wrong PIN
Insert PIN: 1002
Wrong PIN
Insert PIN: 1003
Wrong PIN
Insert PIN: 1004
Wrong PIN
Insert PIN: 1005
Wrong PIN
Insert PIN: 1006
Wrong PIN
Insert PIN: 1007
Wrong PIN
Insert PIN: 1008
Wrong PIN
Insert PIN: 1009
Wrong PIN
Too many retries

State Machine

🌍 10 🏳️ 🏛️ 9 🏳️ 🏆 176

🏷️  hardware

We have this FPGA programmed with a finite state machine (FSM), it was outsourced, we lost the documentation and we think the contractor installed a backdoor in order to get the FLAG.

Note: the documentation is in the UART to I2C challenge

📄 Attachments

📩 3.FSM.md

📩 FSM.png

🏳️ Solves

#TimeUser
12024-10-09 12:04:44Team Australia 🧳
22024-10-09 12:11:51Team Czech Republic (Team Czech Republic)
32024-10-09 12:29:19Team Sweden
42024-10-09 14:38:58Team Austria
52024-10-09 14:59:15Team Denmark
62024-10-09 14:59:46Team Switzerland
72024-10-09 15:13:09Team Luxembourg
82024-10-09 15:54:10Team Romania
92024-10-09 17:41:29Team Ireland
102024-10-09 17:48:51Team Italy
  • Objective: find undocumented states
  • FSM.md:
    1. Reach state 1111
    2. This enables second FSM
    3. Starts printing flag
  • FSM prints flag 4 bits per clock
    • Pizza pinout slide
CyberChef

Slot Machine

🌍 2 🏳️ 🏛️ 1 🏳️ 🏆 500

🏷️  hardware

A casino hired you to find out why some players win the slot machine all the time. You're given the source code of the slot machine.

HAL_GPIO_EXTI_Callback is the challback of an interrupt on the pin: SLOT_MACHINE_LEVER

Note: the documentation is in the UART to I2C challenge

📄 Attachments

📩 slot_machine.c

🏳️ Solves

#TimeUser
12024-10-09 15:04:14Team Australia 🧳
22024-10-09 17:27:20Team Denmark
I lied, I didn't solve the last challenge
Take your shoes off, we're learning about the RP2040's Programmable Input Output

Further reading