¡¾ÎÀÐÇ°²È«ÏµÁÐ¶þ¡¿HAS-BUSÈüÌâ¸´ÏÖ

admin ·¢±íÓÚ 2024-3-1 21:14:49

ÌâÄ¿½éÉÜ£º


There's a very busy bus we've tapped a port onto,surely there is some juicy information hidden in the device memory...somewhere...


»·¾³´î½¨


ÏÈ´ÓGitHubÉÏÀÈ¡ÌâÄ¿£ºhttps://github.com/cromulencellc/hackasat-qualifier-2020ÌâÄ¿ÎÄ¼þ¼Ð½á¹¹´óÖÂÈçÏÂ


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/1-1701421040.png"><img width="553" height="424" src="http://cobjon.com/w/php/upload/202403/01/3836fe5f.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a>


ÌâÄ¿²ÉÓÃÁËdockerÀ´´î½¨»·¾³£¬ÆäÖÐchallengeÊÇÌâÄ¿ÎÄ¼þ¼Ð£¬solverÊÇ½âÌâÎÄ¼þ¼Ð£¬·Ö±ð¶¼´æÔÚÒ»¸öDockerfileÀ´Éú³É¶ÔÓ¦µÄ¾µÏñ¡£Ò»°ãÀ´ËµÎÒÃÇ¸´ÏÖÊ±£¬Ö±½ÓÖ´ÐÐÈçÏÂÃüÁî¶Ô»·¾³½øÐÐ²âÊÔ¡£ÓÉÓÚ¸ÃÏµÁÐÌâÄ¿ÊÇ2020ÄêµÄ£¬¿ÉÄÜ´î½¨»·¾³Ê±´æÔÚÄ³Ð©ÎÊÌâ£¬ÔÚ±¾Ìâµ±ÖÐÃ»ÓÐÓöµ½£¬ºóÐøÓöµ½Ê±ÔÙ¸ø³ö¶ÔÓ¦µÄ·½·¨¡£


sudo make build 
sudo make test


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/9-1701421041.png"><img width="554" height="143" src="http://cobjon.com/w/php/upload/202403/01/9cd166bc.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a>


ÈçÉÏÍ¼Ôò»·¾³´î½¨³É¹¦¸´ÏÖÊ±£¬ÎÒÃÇÖ»ÐèÒªÊ¹ÓÃÈçÏÂÃüÁîÆô¶¯challengeµÄ·þÎñ¼´¿É


socat -v tcp-listen:31340,reuseaddr exec:"docker run --rm -i -e SEED=1234 -e FLAG=flag{skIpn1MnWtBC1DkTFhKBO8yMofVTRU8qUuMxc52jzss1XrnNva6Td2Ex84XJZCoNa6RQKoFYhKPNItMpHtocOxD}  bus:challenge"


Ö®ºóÊ¹ÓÃncÁ¬½Ó·þÎñÖ¸¶¨µÄipºÍ¶Ë¿Ú¼´¿É


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/3-1701421041.png"><img width="554" height="250" src="http://cobjon.com/w/php/upload/202403/01/c000e5c4.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a>


µ±ÎÒÃÇncÁ¬½ÓÉÏÈ¥ÒÔºó£¬¿´¼ûÒ»ÏµÁÐµÄ×Ö·û£¬ÊéÉÏµÄ½âÊÍÊÇËµÕâÊÇI²CÐÒé£¬Ñ§¹ýI²CµÄ²»ÖªµÀÄÜ¿´³öÀ´²»


Ïà¹Ø±³¾°ÖªÊ¶


I²CÐÒé¼òµ¥ÁË½â


I²C½ö½öÊ¹ÓÃÁ½ÌõÏßÔÚÁ¬½Óµ½×ÜÏßµÄÉè±¸¼ä´«ÊäÐÅÏ¢£¬Ò»ÌõÎª´®ÐÐÊý¾ÝÏß(SDA)£¬ÁíÒ»ÌõÎª(SCL)¡£×ÜÏßÉÏµÄµØÖ·ÓÉÎ¨Ò»µØÖ·Çø·Ö¡£Í¨³£I²CÔÚÓ²¼þÉè±¸ÖÐ×÷Îª´«¸ÐÆ÷½Ó¿ÚºÍEEPROM´æ´¢Æ÷µÄ½Ó¿ÚÊ¹ÓÃ¡£I²CÐÒéµÄ»ù´¡ÐÅºÅÓÐËÄÖÖ£¬·Ö±ðÊÇÆðÊ¼ÐÅºÅ(START)¡¢Í£Ö¹ÐÅºÅ(STOP)¡¢Ó¦´ðÐÅºÅ(ACK)ºÍ·ÇÓ¦´ðÐÅºÅ(NAK)¡£

<ul style="margin-top:0cm;" type="disc">
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
STARTÐÅºÅºÍSTOPÐÅºÅ¶¼ÓÉÖ÷Éè±¸²úÉú¡£ËùÓÐÐÅºÅÒÔSTARTÐÅºÅ¿ªÊ¼£¬ÒÔSTOPÐÅºÅ½áÊø¡£STARTÐÅºÅºÍSTOPÐÅºÅÖ®¼äµÄÊ±¼äÈÏÎªI²C×ÜÏß´¦ÓÚÃ¦Âµ(busy)½×¶Î¡£
</li>
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
I²CÓÐ×ÅÍêÉÆµÄÓ¦´ð»úÖÆ£¬Ã¿¸ö×Ö½ÚºóÃæ±ØÐë¸úÒ»¸öACKÐÅºÅ»òÕßNAKÐÅºÅ¡£
</li>
</ul>

Í¨ÐÅ¸ñÊ½

<ul style="margin-top:0cm;" type="disc">
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
ÓÉÓÚSTARTºÍSTOPÊÇÖ÷Éè±¸·¢³öµÄ£¬ËùÔÚSTARTºóµÄ7bitÊÇ´ÓÉè±¸µØÖ·£¬È»ºóÓÐ1bitµÄ¶Á/Ð´±êÖ¾Î»£¬¸Ã±êÖ¾Î»ËµÃ÷ÁËÖ÷Éè±¸Òª¶Ô´ÓÉè±¸½øÐÐ¶Á(¡°1¡±)»òÕßÐ´(¡°0¡±)²Ù×÷£¬Èç¹û¶ÔÓ¦µÄ´ÓÉè±¸ÔÚ×ÜÏßÉÏ£¬ÄÇ¸Ã´ÓÉè±¸½«ÒÔACKÐÅºÅÓ¦´ð¡£
</li>
</ul>

ÏòÄ³¸öÉè±¸Ð´ÈëÊý¾ÝÈçÏÂÍ¼£º


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/5-1701421042.png"><img width="554" height="225" src="http://cobjon.com/w/php/upload/202403/01/e0e622f6.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a>


´ÓÄ³¸öÉè±¸¶ÁÈ¡Êý¾Ý


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/6-1701421043.png"><img width="554" height="209" src="http://cobjon.com/w/php/upload/202403/01/2f466def.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a>


Í¬Ê±Ó¦ÎªÖ÷°ì·½ÔÚÉè¼ÆÌâÄ¿Ê±£¬½«flagµÄ³¤¶È×÷ÎªÒ»¸öÓÐÒâÒåµÄ±äÁ¿²ÎÊý²ÎÓëÁË¶ÁÈ¡EEPROMµÄÄÚÈÝ¼ÆËã£¬¶øEEPROMµÄ´óÐ¡ÊÇÓÐÏÞµÄ£¬ËùÒÔ¿ÉÄÜ»á³öÏÖÒÔÏÂÇé¿ö(ÕâÀï²Î¿¼Ô´Âë)


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/8-1701421043.png"><img width="553" height="191" src="http://cobjon.com/w/php/upload/202403/01/9af18318.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a>


µ±FlagµÄÄÚÈÝ¹ý³¤Ê±£¬ÔòflagÇ°ºóµÄÄÚ´æ¿Õ¼äÏÔÈ»»á±äÐ¡£¬ÕâÊ±ºò½«Òª¶ÁÈ¡µÄÄÚÈÝµÄ·¶Î§ºÜ¿ÉÄÜÓëflagµÄ·¶Î§ÖØµþ£¬Òò´Ë¿ÉÄÜ»áÔì³ÉFlagµÄÐ¹Â¶¡£


·ÖÎö½âÌâ


½â·¨Ò»£º


½«ncÁ¬ÉÏÈ¥µÄ²úÉúµÄ»ØÏÔÐÅÏ¢ÖÐµÄÌØÊâ·ûºÅ¡±+^.¡±È¥µô£¬È»ºó½«Ê®Áù½øÖÆ×ª»»ÎªASCII×Ö·û´®¡£µÃµ½ÈçÏÂ


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/2-1701421044.png"><img width="554" height="293" src="http://cobjon.com/w/php/upload/202403/01/a6debfde.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a>


¿ÉÒÔ¿´¼û°üº¬flag×Ö·û´®£¬½«ÕâÐ©×Ö·û´®Æ´½ÓÈ¥µôÖØ¸´µÄÓÐ¼¸ÂÊ¿ÉÒÔµÃµ½ÕýÈ·µÄflag¡£


½â·¨¶þ


¶Ô»ØÏÔÐÅÏ¢½øÐÐ·ÖÎö£¬·¢ÏÖ¶¼ÊÇÒÔ^ºÍ.À´Çø·ÖÊý¾ÝµÄ¡£ÄÇÃ´ÈÏÎª¡±^¡°¾ÍÊÇI²CµÄSTARTÐÅºÅ£¬¶ø¡±.¡°¾ÍÊÇI²CµÄSTOPÐÅºÅ,ÄÇÃ´ÎÒÃÇ°´ÕÕÇ°ÃæµÄ·ÖÎö¶Ô»ØÏÔ½øÐÐ·ÖÎö¡£


^82+00+00+1f+00+00+00+12+47+40+41+c6+97+e1+3f+89+81+3f+c1+99+1d+a1+c0+20+18+a1+40+5e+42+ac+3c+. 
^83+00+00+3f+. 
^82+00+00+3f+00+00+00+20+fa+3f+41+c8+da+e2+3f+a6+64+3f+c1+ff+33+a1+c0+a4+d2+a0+40+de+50+55+40+. 
^b4+01+a9+94+c7+59+78+58+87+6b+d3+8e+04+be+2a+47+d4+cc+f8+6e+6c+26+67+a6+98+5e+4a+75+69+63+79+20+44+61+74+61+20+30+33+. 
^83+00+00+1f+. 
^82+00+00+1f+00+00+00+1d+ec+3f+41+d8+04+e5+3f+67+4e+40+c1+38+1b+a1+c0+e1+dd+a0+40+b9+91+91+3c+.


ÎÒÃÇÖªµÀ¡±^¡°ÐÅºÅÊÇSTARTÐÅºÅ£¬Ôò½ô¸úÆäºóµÄÒ»¸ö×Ö½ÚÎª´ÓÉè±¸µØÖ·ÒÔ¼°1bitµÄ¶ÁÐ´±êÖ¾Î»£¬·¢ÏÖËùÓÐµÄ¡±^¡°Ö®ºóÖ»ÓÐ0x82¡¢0x83¡¢0xb4 3ÖÖÇé¿ö£¬½«ÆäµÄ¶ÁÐ´Î»ºÍµØÖ·Î»·Ö¿ªÔòÓÐÈçÏÂ


¡°


ÕâÀïÒ»¿ªÊ¼ÎÒ±¾À´ÊÇ»³ÒÉÕâ¸ö´ÓÉè±¸µØÖ·ÊéÉÏÊÇ²»ÊÇÐ´´íÁË£¬¿´ÁËÔ´ÂëÖ®ºó·¢ÏÖ£¬ÔÚÔ´ÂëÖÐËü»á½«ÎÒÃÇÊäÈëµÄµÚÒ»¸ö×Ö½Ú×÷ÎªÉè±¸µØÖ·¸ú0xfe½øÐÐAND²Ù×÷£¬·¢ÏÖËüµÄÈ·ÊµµØÖ·¾ÍÊÇ0x82¡¢0x83ÒÔ¼°0xb4


¡±

<table border="0" cellpadding="0" cellspacing="0" width="735" style="border-collapse:collapse;font-family:µÈÏß;font-size:10.5pt;width:551.25pt;" class="ke-zeroborder">
<thead>
<tr>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

µÚÒ»¸ö×Ö½Ú

</td>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;border-left:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

´ÓÉè±¸µØÖ·

</td>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;border-left:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

¶Á/Ð´±êÖ¾Î»

</td>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;border-left:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

I²CÓïÒå

</td>
</tr>
</thead>
<tbody>
<tr>
<td style="background:white;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0x82

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0x82

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

Ð´

</td>
</tr>
<tr>
<td style="background:#F8F8F8;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0x83

</td>
<td style="background:#F8F8F8;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0x83

</td>
<td style="background:#F8F8F8;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

1

</td>
<td style="background:#F8F8F8;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

¶Á

</td>
</tr>
<tr>
<td style="background:white;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0xb4

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0xb4

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

Ð´

</td>
</tr>
</tbody>
</table>

°´ÕÕ±íÖÐµÄÐÅÏ¢À´¿´£¬ÎÒÃÇµÄÉè±¸Ö»ÓÐÁ½Ì¨£¬µØÖ··Ö±ðÊÇ0x82ºÍ0xb4¡£Èç¹û°´ÕÕ±íÖÐµÄÐÅÏ¢½âÎöµÄ»°£¬Ôò^83µÄ²Ù×÷ÊÇ¶Á²Ù×÷£¬µ«ÊÇÔÚ»ØÏÔÐÅÏ¢µ±ÖÐÒÔ^83¿ªÍ·µÄÖ»ÓÐÁ½ÖÖÇé¿öÈçÏÂ


^83+00+00+3f+. 
^83+00+00+1f+.


ÇÒÓÐÐ§ÄÚÈÝ³¤¶È½ö½öÎª3¸ö×Ö½Ú£¬Í¬Ê±1fÎª·Ç´òÓ¡×Ö·û£¬¶ÔÓÚ¶ÁÈ¡flagÀ´½²£¬Õâ²»Ì«ÏÖÊµ¡£ËùÒÔ±¾Ìâ½«Êµ¼ÊµÄI²CÓïÒå½øÐÐÁË·´×ª£¬½á¹ûÈçÏÂ

<table border="0" cellpadding="0" cellspacing="0" width="735" style="border-collapse:collapse;font-family:µÈÏß;font-size:10.5pt;width:551.25pt;" class="ke-zeroborder">
<thead>
<tr>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

µÚÒ»¸ö×Ö½Ú

</td>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;border-left:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

´ÓÉè±¸µØÖ·

</td>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;border-left:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

¶Á/Ð´±êÖ¾Î»

</td>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;border-left:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

±¾ÌâÊµ¼ÊÓïÒå

</td>
</tr>
</thead>
<tbody>
<tr>
<td style="background:white;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0x82

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0x82

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

¶Á

</td>
</tr>
<tr>
<td style="background:#F8F8F8;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0x83

</td>
<td style="background:#F8F8F8;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0x83

</td>
<td style="background:#F8F8F8;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

1

</td>
<td style="background:#F8F8F8;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

Ð´

</td>
</tr>
<tr>
<td style="background:white;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0xb4

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0xb4

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

¶Á

</td>
</tr>
</tbody>
</table>

½áºÏÉÏ±íÔÙ½øÐÐ·ÖÎö


#´ÓID:0x82µÄÉè±¸¶ÁÈ¡ÄÚÈÝ 
^82+00+00+1f+00+00+00+12+47+40+41+c6+97+e1+3f+89+81+3f+c1+99+1d+a1+c0+20+18+a1+40+5e+42+ac+3c+. 
#ÏòID:0x82µÄÉè±¸Ð´ÈëÄÚÈÝ 
^83+00+00+3f+. 
#´ÓID:0x82µÄÉè±¸¶ÁÈ¡ÄÚÈÝ 
^82+00+00+3f+00+00+00+20+fa+3f+41+c8+da+e2+3f+a6+64+3f+c1+ff+33+a1+c0+a4+d2+a0+40+de+50+55+40+. 
#´ÓID:0xb4µÄÉè±¸¶ÁÈ¡ÄÚÈÝ 
^b4+01+a9+94+c7+59+78+58+87+6b+d3+8e+04+be+2a+47+d4+cc+f8+6e+6c+26+67+a6+98+5e+4a+75+69+63+79+20+44+61+74+61+20+30+33+. 
#ÏòID:0x82µÄÉè±¸Ð´ÈëÄÚÈÝ 
^83+00+00+1f+. 
#´ÓID:0x82µÄÉè±¸¶ÁÈ¡ÄÚÈÝ 
^82+00+00+1f+00+00+00+1d+ec+3f+41+d8+04+e5+3f+67+4e+40+c1+38+1b+a1+c0+e1+dd+a0+40+b9+91+91+3c+.


Ë³±ã»¸öÍ¼


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/5-1701421045.png"><img width="522" height="714" src="http://cobjon.com/w/php/upload/202403/01/c02f5564.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a>


¸ù¾Ý¶Ô»ØÏÔÐÅÏ¢µÄ·ÖÎö£¬²Â²â¶Áb4µÄÌõ¼þ¾ÍÊÇ82µÄÄ³¸ö²ÎÊýÊÇ·ñÎªÌØ¶¨Öµ£¬´óÖÂÁ÷³Ì¾ÍÊÇ£¬ÏÈ¶Á82È·ÈÏÄ³¸ö²ÎÊý£¬·¢ÏÖ²ÎÊýÃ»ÓÐ±»ÉèÖÃ£¬Ôò¶Ô82½øÐÐÐ´²Ù×÷¸Ä±ä¸Ã²ÎÊý£¬Ö®ºóÔÙ´Î¶Ô82½øÐÐ¶Á²Ù×÷È·ÈÏ²ÎÊýÒÑ¾±»ÉèÖÃ£¬È·ÈÏÍê±ÏÔò¶Ôb4½øÐÐ¶Á²Ù×÷¡£²¢ÇÒb4µÄÊý¾ÝÒ»Ö±¶¼ÊÇ±È½Ï³¤µÄ£¬ËùÒÔ²Â²âflagÓ¦¸ÃÔÚb4Õâ¸öÉè±¸µ±ÖÐ¡£Í¬Ê±»ØÈ¥×¢Òâµ½READMEµ±ÖÐ


* OBC (Onboard computer - bus master) 
* EEP (Some kind of device which contains "juicy data" + the flag) 
* EPS (Electrical power system controller)


±íÃ÷ÁËflag´æÔÚÓÚEEPµ±ÖÐ£¬ÔòÎÒÃÇÕâÀïb4¾ÍÊÇEEPÉè±¸¡£ÎÒÃÇÖªµÀ£¬Ð´µÄ²Ù×÷Ö»ÓÐÈçÏÂÁ½ÖÖ


^83+00+00+3f+. 
^83+00+00+1f+.


Í¨¹ýÖ®Ç°µÄ·ÖÎö¿ÉÒÔÖªµÀ£¬ÔÚ¶ÁEEPµÄÄÚÈÝÊ±£¬82µÄÄÚÈÝÎª^83+00+00+3f£¬µ±ÎÒÃÇ¶Ôb4¶ÁÍêÖ®ºó£¬»áÏÈ¶Ô82ÔÚ½øÐÐÒ»´ÎÐ´²Ù×÷£¬Æä²Ù×÷Îª^83+00+00+1f¡£¶Ô´Ë×Ü½á¿ÉÖª¶ÁEEPµÄÕû¸öÁ÷³Ì²Ù×÷´óÖÂÈçÏÂ

<ol style="margin-top:0cm;" start="1" type="1">
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
ÏÈ¶Ô82½øÐÐ¶Á²Ù×÷£¬È·ÈÏÆäÄ³¸ö²ÎÊýÊÇ·ñ±»ÉèÖÃ£»82³õÊ¼×´Ì¬Îª£º^83+00+00+1f
</li>
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
·¢ÏÖ82Ä³¸ö²ÎÊýÃ»ÓÐ±»ÉèÖÃ£¬¶Ô82½øÐÐÐ´²Ù×÷£¬½«Æä¶ÔÓ¦µÄ²ÎÊýÉèÖÃ
</li>
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
ÔÙ´Î¶Ô82½øÐÐ¶Á²Ù×÷£¬È·ÈÏ¸Ã²ÎÊý±»ÉèÖÃ
</li>
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
¶ÔEEP(b4)½øÐÐ¶Á²Ù×÷
</li>
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
¶Ô82½øÐÐÐ´²Ù×÷Ê¹Æä»Ö¸´Îª³õÊ¼×´Ì¬£¬²Ù×÷Îª£º^83+00+00+1f
</li>
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
¶Ô82½øÐÐ¶Á²Ù×÷È·ÈÏÊÇ·ñ»Ö¸´³õÊ¼×´Ì¬
</li>
</ol>

ºÜÃ÷ÏÔ¿ÉÒÔÖªµÀ£¬82¿ØÖÆ×ÅEEPµÄ¿ªºÍ¹Ø£¬Í¬Ñù´ÓREADMEµ±ÖÐ¿ÉÖªÆäÃûÎªEPS£¬EPSºÍEEPµÄ¹ØÏµÈçÏÂ

<table border="0" cellpadding="0" cellspacing="0" width="735" style="border-collapse:collapse;font-family:µÈÏß;font-size:10.5pt;width:551.25pt;" class="ke-zeroborder">
<thead>
<tr>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

EEPµçÔ´¿ª/¹Ø(82)

</td>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;border-left:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

EPS×´Ì¬(Ê®Áù½øÖÆ)

</td>
<td style="background:#DBD9D8;border:solid #CCCCCC 1.0pt;border-left:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

EPS×´Ì¬(¶þ½øÖÆ)

</td>
</tr>
</thead>
<tbody>
<tr>
<td style="background:white;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

¹Ø

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

1f

</td>
<td style="background:white;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0001 1111

</td>
</tr>
<tr>
<td style="background:#F8F8F8;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

¿ª

</td>
<td style="background:#F8F8F8;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

3f

</td>
<td style="background:#F8F8F8;border-bottom:solid #CCCCCC 1.0pt;border-left:none;border-right:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 9.0pt 6.0pt 9.0pt;">

0011 1111

</td>
</tr>
</tbody>
</table>

ºÜÃ÷ÏÔ¿ÉÒÔ¿´¼û£¬Ö»ÐèÐÞ¸ÄµÚÁùÎ»¾Í¿ÉÒÔ¿ØÖÆEEPµÄ¿ªÓë¹Ø¶øÔÚÌâÄ¿ÃèÊöÖÐ


There's a very busy bus we've tapped a port onto, surely there is some juicy 
information hidden in the device memory... somewhere... 
 
The OBC is tying up the bus most of the time.


ËµÃ÷ÁËbus·Ç³£µÄÃ¦£¬ÀíÂÛÉÏÎÒÃÇÕâÀïÐèÒª½«³ýÁËEEPÉè±¸ÆäËû¶¼¹Ø±Õ£¬µ«Í¬Ê±ÌâÄ¿Ò²Ëµµ½£¬×öÂÖÑ¯²Ù×÷£¬ÆÚ¼ä¼ä¸ô¶Ì


By looking at the traffic, we see the OBC enabling power to the device, 
reading from it (in random areas that don't contain the flag), and 
turning it off afterwards. After that, there's a short pause 
(a few seconds) before the polling starts again.


ÔÚÎÒÃÇÈâÑÛ¿É¼ûµÄÇé¿öÏÂ±íÏÖ³öÀ´µÄÐÎÊ½¾ÍÊÇ£¬»á¶ÌÔÝµÄÍ£Ò»ÏÂ£¬ËùÒÔÎÒÃÇÐèÒªÔÚÕâ¸öÊ±¼ä¶Î·¢ËÍI²CÐÅºÅÀ´»ñµÃflag¡£ÎÒÃÇÖªµÀEEP¿ªÆôÖ»ÐèÒªµÚÁùÎ»Îª1¼´¿É£¬ÔòÎÒÃÇÓ¦¸Ã¶Ô82×öÈçÏÂ²Ù×÷£º^83+00+00+20.


¡°


¸´ÏÖ¹ý³ÌÖÐ·¢ÏÖ20²¢²»Î¨Ò»£¬´æÔÚ¶à¸ö²ÎÊý¿É½â£»


¡±


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/3-1701421046.png"><img width="554" height="37" src="http://cobjon.com/w/php/upload/202403/01/06e4b91e.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a>


ÊäÈëºó³É¹¦µÄ¹Ø±ÕÁË³ýÁËEEPµÄÆäËûÉè±¸£¬½ÓÏÂÀ´Ö»ÐèÒª½«EEPµÄÄÚÈÝ¶Á³öÀ´¼´¿É£¬²Ù×÷ÈçÏÂ


¡°


ÕâÀïÔÚ¹Ø±ÕÁË³ýÁËEEPµÄÆäËûÉè±¸ºó£¬b4ºóÃæµÄ²ÎÊýÒÑ¾²»ÖØÒªÁË£¬¶Ôb4µÄ¶Á²Ù×÷»á½«EEPÖÐµÄËùÓÐÄÚÈÝ¶¼¶Á³öÀ´¡£¸´ÏÖ¹ý³ÌÖÐ³¢ÊÔ¸ãÃ÷°×ÎªÊ²Ã´ÔÚ^83+00+00+20.²Ù×÷¹ýºó¾ÍÄÜ¹»¹Ø±ÕÆäËûÉè±¸£¬´Ó¶øÖ±½ÓÐ¹Â¶EEPµÄÈ«²¿ÄÚÈÝ£¬µ«ÊÇÓÐÐ©²Ù×÷ºÃÏñÔÚÔ´ÂëÖÐ²»ÄÜÖ±½Ó¿´³öÀ´£¬Ö±½ÓÂÔ¹ý¡£ÓÐÃ÷°×µÄÊ¦¸µ¿ÉÒÔ½»Á÷Ò»ÏÂ£¡£¡£¡


¡±


^b4111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111


½á¹ûÈçÏÂ£¬Ö»Òª½« ^ + ·ûºÅÈ¥µô£¬ÔÙ½«Ê®Áù½øÖÆ×ªÎª×Ö·û´®¼´¿É


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/0-1701421046.png"><img width="554" height="45" src="http://cobjon.com/w/php/upload/202403/01/9fd73dc1.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a>


<a href="https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/12/9-1701421047.png"><img width="553" height="178" src="http://cobjon.com/w/php/upload/202403/01/45f52a4f.png" alt="HAS-BUSÈüÌâ¸´ÏÖ" style="vertical-align:middle;" /></a> 
 


<div align="center" style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">

<hr size="0" width="100%" align="center" />

</div>

²Î¿¼ÎÄÕÂ£º


https://cloud.tencent.com/developer/article/2332362

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

¡¾ÎÀÐÇ°²È«ÏµÁÐ¶þ¡¿HAS-BUSÈüÌâ¸´ÏÖ