CTFtime.org

flashme 2

by grechnik / MELTDOWN

Rating:

The first part gives a way to decrypt the flash memory at any position, but this way is too slow to dump everything. We need to figure out what to dump. Fortunately, the wallet allows to modify the storage even without a password. Ask Gerard to dump the flash memory before and after a modification to find an approximate area where the storage is:
```
Waiting for your instructions!
ask-gerard: desolder
I will desolder this chip for you...
Powering the heat-gun...
VOOOOUUUMM....................
Done! Be careful it's still hot!
ask-gerard: read 0 1048576
93870f0c838ea2f998e66ff40088863390224e19219d600308c560d0beb1910d
...
33dfe7b395cc0accd7160e0235b925058fb20b1d9928317647a61ac45913f8a1
ask-gerard: solder
I will solder this chip for you...
Powering the heat-gun...
VOOOOUUUMM....................
Done! Hope wallet still works!
ask-gerard: on
Turning wallet ON...
Booting...
________ __ _ __ ____ __
/ ____/ /___ ______/ /_| | / /___ _/ / /__ / /_
/ /_ / / __ `/ ___/ __ \ | /| / / __ `/ / / _ \/ __/
/ __/ / / /_/ (__ ) / / / |/ |/ / /_/ / / / __/ /_
/_/ /_/\__,_/____/_/ /_/|__/|__/\__,_/_/_/\___/\__/

Welcome!
Unlock files using unlock command.
Type help to get the list of available commands.
flashwallet> ls
size perm rm name
32 0 n password
1 0 n settings
256 2 n seed
20 1 n name
flashwallet> write name 0 12345678
flashwallet> $
Turning off wallet power supply...
ask-gerard: desolder
I will desolder this chip for you...
Powering the heat-gun...
VOOOOUUUMM....................
Done! Be careful it's still hot!
ask-gerard: read 0 1048576
93870f0c838ea2f998e66ff40088863390224e19219d600308c560d0beb1910d
...
33dfe7b395cc0accd7160e0235b925058fb20b1d9928317647a61ac45913f8a1
ask-gerard: solder
I will solder this chip for you...
Powering the heat-gun...
VOOOOUUUMM....................
Done! Hope wallet still works!
```
Two blocks differ only in line 4114, offset 0x20240; it is close to a round number 0x20000 which is probably start of the storage. Applying the script from Part 1 to offset 0x20000, we indeed see the data: `airiiweif2Aike2k` as `password`, `brain dignity afford brick dish dance inject depend jungle park shaft sting` as `seed`. The flag is `CTF{brain dignity afford brick dish dance inject depend jungle park shaft sting}`.

(Actually, this is simpler and faster than Part 1 - reading 0x150 bytes of data (the seed ends at 0x14d) is much faster than 0x7200 bytes before the first flag, I have actually completed this part before Part 1. I suppose this is not the intended solution, and the intended solution actually looks into the code dumped along with Part 1. But looking for all available information before rushing into a disassembler is also an important part of reverse engineering...)

Comments