0xRoM / 12Sec_CTF_v1
Transfer to URL with SHA Find file
Newer
Older
12Sec_CTF_v1 / 10.md
root 12 days ago 940 bytes minor fixes
Raw Blame History

Challenge 10: "Tempo Leak"

This challenge builds on the mechanics of Clock Spy, but with a twist. The device now uses a 4-digit PIN, and the password verification is only triggered after all four digits have been entered.

Your goal remains a timing side-channel attack to recover the PIN. The change in input handling means you’ll need to adjust your analysis techniques accordingly.

Your mission is clear:

  1. Capture and analyze timing data during the full 4-digit PIN entry.
  2. Leverage timing variations to deduce the complete PIN.
  3. Recover the PIN and bypass the security check.
  4. Retrieve the flag via UART at 9600 baud rate.

Setup

Challenge Setup

Notes

This was very similar to the previous one. Minor tweaks to the glitch-o-bolt config: 10_GoB_config.py

glitching solution