GitHub - yuawn/HITCON-badge-2019: HITCON Badge 2019
source link: https://github.com/yuawn/HITCON-badge-2019
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
HITCON Badge 2019
Overview
HITCON Badge 2019 is based on M2351ZIAAE
MCU.
Usage
There are four pages, you can use LEFT
and RIGHT
button on the badge to switch them.
Page 0: LED Level Display
- Badge will show the status of 24 LEDs.
- Locked: white color
- Unlocked: Bright and colorful
- Press
UP
+A
/B
to decrease/increase the brightness. - You can unlock each LED by playing the game or completing the mission with sponsors.
Page 1: Pattern Display
- Use
UP
andDOWN
button to select patterns. - Pattern 0 will be unlocked by unlocking led 0 1 2.
- Pattern 1: led 3 4 5.
- Pattern 2: led 6 7 8.
- ..
- If the pattern is still locked, it will render the error pattern (all LED are red).
- There are 11 patterns in total.
Page 2: Paint Mode
- In this page, you can customize the color of LEDs!
- Select the LEDs by pressing
UP
DOWN
LEFT
RIGHT
. - Change the color by pressing
A
B
. - Press
AB
(at the same time) and then pressLEFT
/RIGHT
to leave paint mode.
Page 3: Snake
################################
# #
# #
# #
# #
# #
# #
# #
# @@@@@@@ o #
# #
# #
# #
# #
# #
# #
# #
# #
################################
[Score] 6 pt
- Let badge connect to the computor with Micro USB cable.
- Use any client you like to connect the serial com port.
- Linux/macOS: You can use
screen
command.- example:
screen /dev/tty.usbmodemxxx
(replace/dev/tty.usbmodemxxx
with correct path)
- example:
- Windows: You can use
PuTTY
(Connection type: Serial) to connect the COM port.
- Linux/macOS: You can use
- Control the snake by prssing
UP
DOWN
LEFT
RIGHT
. - Press
AB
at the same time to pause the game.- Press
AB
again to continue the game,LEFT
to exit.
- Press
- Score
- score >= 50, snake pattern (pattern 8) will unlocked!
- score == 2147483647: Well done, hacker :)
Badge Command Line
_ _ ___ _____ ___ ___ _ _ ___ __ _ ___
| || |_ _|_ _/ __/ _ \| \| | |_ ) \/ / _ \
| __ || | | || (_| (_) | .` | / / () | \_, /
|_||_|___| |_| \___\___/|_|\_| /___\__/|_|/_/
HitconBadge2019 >>
- There is a simple command line interface running on the badge.
- You can use it by connecting the badge to computer with micro usb.
Commands
help
Type help for all available commands.
HitconBadge2019 >> help
show
info
unlock
setname
clear
hello
angelboy
yuawn
ping
ls
id
cat
echo
alias
whoami
help
show
Show command will display the status of all LEDs and patterns.
HitconBadge2019 >> show
Pattern 0: Lock
led 00: Lock
led 01: Lock
led 02: Lock
Pattern 1: Lock
led 03: Lock
led 04: Lock
led 05: Lock
Pattern 2: Lock
led 06: Lock
led 07: Lock
led 08: Lock
Pattern 3: Lock
led 09: Lock
led 10: Lock
led 11: Lock
Pattern 4: Lock
led 12: Lock
led 13: Lock
led 14: Lock
Pattern 5: Lock
led 15: Lock
led 16: Lock
led 17: Lock
Pattern 6: Lock
led 18: Lock
led 19: Lock
led 20: Lock
Pattern 7: Lock
led 21: Lock
led 22: Lock
led 23: Lock
Badge challenge:
[Stage 1] Snake pattern: Lock
[Stage 2] Pwned NS pattern: Lock
[Stage 3] Pwned the whole badge pattern: Lock
HITCON Badge Challenges
Badge source code, solution and exploits will be released within the talk
HITCON Badge 2019 秘辛: MCU ARM TrustZone challenges
at R0 (Day2 14:40 - 15:30).
There are 11 pattern in total, but three of them are special, so you need to get them in special way :)
Stage 0 - Warm Up
- Before pwning the badge, why not play some game first.
- Get the score higher than 50, you can unlock the snake pattern.
Stage 1 - Hack The Game
- Try to let the score == 2147483647 by playing the game.
- Or pwn the badge :)
- You will know how to do it by reversing the binary of normal world (NonSecure world) in this MCU TrustZone.
- To make life easier, the binary is not striped and not a raw binary, just take them all (See
firmware/
)
Stage 2 - Pwn the Badge
- The final target is protected by TrustZone in Secure Region.
- I put my secret in the TrustZone, it is pretty safe, isn't it?
- Try to pwn the badge for all patterns!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK