Newer
Older
BLE_CTF_V2 / solutions.txt
root on 13 Mar 2022 3 KB tidying
  1. root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_00.py
  2. Attached to peripheral
  3. Sending "12345678901234567890" to 0x2e
  4. Done
  5.  
  6. root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_01.py
  7. Attached to peripheral
  8. Loading level 1
  9. Reading value
  10. Flag: fc3fd58dcdad9ab23fac
  11.  
  12. root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_02.py
  13. Attached to peripheral
  14. Loading level 02
  15. Password Found: password1234
  16. Flag: eca7d1f3cf60a8b5344a
  17.  
  18. /***
  19. * nano /etc/systemd/system/dbus-org.bluez.service
  20. * set: ExecStart=/usr/lib/bluetooth/bluetoothd --compat
  21. */
  22. root@PiBenchDash:/opt/BLE_CTF_V2# systemctl daemon-reload
  23. root@PiBenchDash:/opt/BLE_CTF_V2# service bluetooth restart
  24. root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_03.py
  25. Attached to peripheral
  26. Loading level 03
  27. Pairing
  28. Attached to peripheral (pid 0)
  29. Sending PIN: 0000
  30. Flag: b46fa238cf820d0f60c1
  31. Pairing successful
  32.  
  33. root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_04.py
  34. Attached to peripheral
  35. Loading level 04
  36. Generating wordlist
  37. Trying: AABBC8DDEEFF
  38. Flag: f401f21d02fdd0a4fc00
  39.  
  40. root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_05.py
  41. Attached to peripheral
  42. Loading level 05
  43. Sending "121212121222" to 0x2c
  44. Reading value
  45. Flag: 84cf61c35b2d9c92217d
  46.  
  47. root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_06.py
  48. Attached to peripheral
  49. Loading level 06
  50. Manufacturer: Cypress Semiconductor Corporation (305)
  51. Device address: B8:27:EB:81:86:56 (Raspberry Pi Foundation)
  52. New BD address: 11:22:33:44:55:66
  53. Address changed - Reset device now
  54. Reading value
  55. Flag: 1dec0e624f2ecf1513dc
  56.  
  57. root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_07.py
  58. [bp] Attached to peripheral
  59. [++] Loading level 07
  60. [sp] starting bluetoothctl
  61. [sp] Timeout
  62. [sp] Pairing successful
  63. [bp] Attached to peripheral
  64. [==] Flag: a16ee1a4001c66c3a670
  65.  
  66. root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_09.py
  67. Attached to peripheral
  68. Loading level 09
  69. Starting advertisement listner
  70. Please wait 5s...
  71. Starting hcitool
  72. Please wait 5s...
  73. LE Scan ...
  74. 3C:71:BF:F1:EF:C6 FLAG_09
  75. 3C:71:BF:F1:EF:C6 (unknown)
  76. Name (complete): FLAG_09
  77. Name (complete): MD5OFLOL
  78. Name (complete): ..
  79.  
  80. root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e fc3fd58dcdad9ab23fac
  81. root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
  82. root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
  83. root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e b46fa238cf820d0f60c1
  84. root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e f401f21d02fdd0a4fc00
  85. root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e 84cf61c35b2d9c92217d
  86. root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e 1dec0e624f2ecf1513dc
  87. root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
  88. root@PiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e aee4bd941f8b4d9e3921
  89.  
  90. root@PiBenchDash:/opt/BLE_CTF_V2# ./enumerate.py
  91. - snip -
  92. 42 0x2A READ docs: https://github.com/hackgnar/ble_ctf_infinity
  93. 44 0x2C READ Flags complete: 9 /10
  94. 46 0x2E READ WRITE Submit flags here
  95. 48 0x30 READ WRITE Write 0x0000 to 0x00FF to goto flag
  96. 50 0x32 READ WRITE Write 0xC1EA12 to reset all flags
  97. 52 0x34 READ Flag 0: Complete
  98. 54 0x36 READ Flag 1: Complete
  99. 56 0x38 READ Flag 2: Complete
  100. 58 0x3A READ Flag 3: Complete
  101. 60 0x3C READ Flag 4: Complete
  102. 62 0x3E READ Flag 5: Complete
  103. 64 0x40 READ Flag 6: Complete
  104. 66 0x42 READ Flag 7: Complete
  105. 68 0x44 READ Flag 8: Incomplete
  106. 70 0x46 READ Flag 9: Complete
Buy Me A Coffee