Categories: Castelia
We solved the first challenge and we can guess this walkthrough. But, first of all, we’ll try to shortly understand SPI protocol, MOSI, MISO and Enable what it is.
SPI Signals & Topology
- SS (Slave Select, active low; aka Enable/EN)
- CLK (Clock)
- MOSI (Master Out, Slave In; Most-Significant bit first)
- MISO (Master In, Slave Out; Most-Significant bit first)
SPI has two mode bits, CPOL (Clock Polarity), and CPHA (Clock Phase).
We filtered MOSI, MISO, Enable and Clock channels by looking at the references and sources.
We checked the resulting data and extract to “.csv” file.
As you can see, MOSI and MISO are talking in turns. However, we can see that MOSI data is more than MISO data. There were 6 conversations between them, but only one of them will provide us with the desired output.
And try to first, we need to convert the first conversation hex data cleaned of “0x” and spaces, into bytes with the help of Cyber Chef and decrypt them with AES.
- Key: 691e5e4219581b44190c1f421e471b58
- Mode: CBC
- IV: 00000000000000000000000000000000
Clean Hex Data:
D9F8520E73DE46E72783BD2A7F8EF86CC34FEB63AE0A100A264CDBB33B41B59C
Flag: flag{my_dr34ms_4nd_pr1d3_l0st}
