Write-Up for the “…—…” challenge from InCTF Internationals 2019
tl;dr
- Alert signals encoded in morse transfered to the Mi-Band
- Traverse through the packets and find the appropriate BLE handles of the encoded message
- Decode the morse encoded message
Challenge Points: 216
Challenge Author: f4lc0n
Challenge Description
I recently bought a MiBand and started exploring what crazy stuff I can do with it. Maybe this capture helps you find it yourself.
Note: Please submit the flag as inctf{sha1(FLAG IN CAPITALS)}
Write-Up
This challenge is pretty straight forward.
We are provided with a network capture when a MiBand is recieving an encoded message.
So, if we go throught the packets, we see that the text “Sending Encoded Message” is being sent to the MiBand.
And after that message is sent, we observe a pattern in the packets being sent to the MiBand.
We see that packets contain handles which point to the Alert Level of the message they carry. In this challenge there are three handles which point to
- “High Alert”
- “Mild Alert”
- “SMS/MMS Arrives”
Extracting the Encoded Message
So, after figuring out what handles point out to which character in the morse encoded message, we use scapy to solve the challenge. As of now, we have two handles 0x12, 0x52. In 0x52 handle, we have two sub-categories (High Alert, Mild Alert)
If we map the handles with the morse characters,
Handle 0x52 with 0x01 in the trailing data: Mild Alert - Corresponds to ‘.’ in the morse code
Handle 0x52 with 0x02 in the trailing data: High Alert - Corresponds to ‘-‘ in the more code
Handle 0x12: SMS/MMS Arrives- Corresponds to ‘ ‘ in the morse code
1 | #!/usr/bin/env python2 |
Translating the above morse code, we get ‘ATTACKATDAWN’.
Flag
As given in the description, flag is inctf{sha1(ATTACKATDAWN)}
So, the flag is inctf{14c8cfaa269659f52dd76cce43469554cfd5aedc}