0xRoM / 12Sec_CTF_v1
Transfer to URL with SHA Find file
Newer
Older
12Sec_CTF_v1 / 07.md
root 12 days ago 1 KB solution writeups
Raw Blame History

Challenge 7: "Power Trip"

You’ve discovered a device that appears locked down tight, every known interface rejects your commands. But somehow you find a code block that’s never supposed to execute, likely due to built-in protection checks.

By carefully injecting a voltage glitch at the right moment, you might be able to bypass those checks and force the device into revealing its hidden path. The SDA pin serves as your glitch trigger, and if successful, the device will spill the flag over UART @ 9600 baudrate.

Your mission is clear:

  1. Identify the timing window during which to trigger the voltage glitch.
  2. Inject a glitch using the SDA pin as your trigger source.
  3. Access the dead code block and retrieve the flag via UART at 9600 baudrate.

Setup

Challenge Setup

Notes

Start by logic analyzing the pins:

logic analyzing

Use the pulse on an input pin of the curious bolt as a trigger to cause the glitch.\ Made easier with the Glitch-o-Bolt config: 07_GoB_config.py

glitching solution