Thursday, May 30, 2013

Hack.Lu CTF 2010 : Chip Forensic

Hack.Lu CTF 2010 : Chip Forensic


Hints given to us:
Your co-worker has found a suspicious USB device on his desk, but wouldn't dare trying to plug it in:

Instead he removed the case and found some flash memory on the board. After having removed the memory chip and used up all his electrical engineering skills he finally found out what was stored. Now he asks you to find out how to interpret the chip's memory:

0B 12 0F 0F 1C 4A 4C 0D 4D 15 12 0A 08 15
gold: 200 +3 (1st), +2 (2nd), +1 (3rd)


Recommended Tools:
1. Google-Fu - Don't leave home without it.

More Information:
There should be an image showing you the USB device that the co-worker found but as i don't have a copy of it so you can't do a search on Google to check what usb device it is.


After some time googling for the image, i found out that it's a USB keylogger.
So probably the codes could be the scan-codes for a USB keyboard just like how a normal software keylogger in Windows have scan-codes.
Again, let's google to check whether there is a separate scan-codes for USB keyboard.

Using the following search terms, "USB-keyboard scan-codes", the top search hit, http://www.win.tue.nl/~aeb/linux/kbd/scancodes-14.html contained something similar.


Solution:
using the newly acquired information, we got the following information.
0B 12 0F 0F 1C 4A 4C 0D 4D 15 12 0A 08 15
H O L L Y Home Delete J End R O G E R

Result:
JOLLYROGER

Bingo, challenge completed. :D

cheers
0x4a61636f62

No comments:

Post a Comment