completed level 09
1 parent 2bffce8 commit 3d2683840cf7dde8abaf5666573c4ded6c15e6f8
root authored on 13 Mar 2022
Showing 4 changed files
View
lvl_08_incomplete.py 100644 → 100755
File mode changed
View
45
lvl_09.py 0 → 100755
#! /usr/bin/python
from __future__ import print_function # import print from python3: end=""
import time
import re
import subprocess
import pexpect # sudo apt-get install python-pexpect
import random
import binascii
import struct
import sys, os, time
import bluepy.btle as btle
'''
42 0x2A READ Im advertising the flag
 
MD5OFLOL
'''
deviceMAC = open('ctf_mac.txt').read()
p = btle.Peripheral(deviceMAC)
svc=p.getServiceByUUID(0x00FF)
print ("Attached to peripheral")
 
print("Loading level 09")
hex1 = binascii.unhexlify(str('%0*x' % (4,9)))
p.writeCharacteristic(0x30, hex1, withResponse=False)
 
p.disconnect()
 
print("Starting advertisement listner")
ps = subprocess.Popen(["btmon"], shell=False, stdout=subprocess.PIPE)
gp = subprocess.Popen(["grep", "Name"], shell=False, stdin=ps.stdout)
ps.stdout.close()
#output = gp.communicate()[0]
#ps.wait()
 
print("Please wait 5s...")
time.sleep(5)
 
print("Starting hcitool")
ps2 = subprocess.Popen(['hcitool', 'lescan'], shell=False)
 
print("Please wait 5s...")
time.sleep(5)
ps2.terminate()
ps.terminate()
View
11
lvl_09_incomplete.py 100644 → 0
#! /usr/bin/python
import binascii
import struct
import sys, os, time
import bluepy.btle as btle
'''
42 0x2A READ Im advertising the flag
 
'''
View
44
solutions.txt 100644 → 100755
root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_01.py
Attached to peripheral
Loading level 1
Reading value
Flag: eca7d1f3cf60a8b5344a
Flag: fc3fd58dcdad9ab23fac
 
root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_02.py
Attached to peripheral
Loading level 02
[sp] Pairing successful
[bp] Attached to peripheral
[==] Flag: a16ee1a4001c66c3a670
 
root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_09.py
Attached to peripheral
Loading level 09
Starting advertisement listner
Please wait 5s...
Starting hcitool
Please wait 5s...
LE Scan ...
3C:71:BF:F1:EF:C6 FLAG_09
3C:71:BF:F1:EF:C6 (unknown)
Name (complete): FLAG_09
Name (complete): MD5OFLOL
Name (complete): ..
 
root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e fc3fd58dcdad9ab23fac
root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e b46fa238cf820d0f60c1
root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e f401f21d02fdd0a4fc00
root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e 84cf61c35b2d9c92217d
root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e 1dec0e624f2ecf1513dc
root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e aee4bd941f8b4d9e3921
 
root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./enumerate.py
- snip -
42 0x2A READ docs: https://github.com/hackgnar/ble_ctf_infinity
44 0x2C READ Flags complete: 9 /10
46 0x2E READ WRITE Submit flags here
48 0x30 READ WRITE Write 0x0000 to 0x00FF to goto flag
50 0x32 READ WRITE Write 0xC1EA12 to reset all flags
52 0x34 READ Flag 0: Complete
54 0x36 READ Flag 1: Complete
56 0x38 READ Flag 2: Complete
58 0x3A READ Flag 3: Complete
60 0x3C READ Flag 4: Complete
62 0x3E READ Flag 5: Complete
64 0x40 READ Flag 6: Complete
66 0x42 READ Flag 7: Complete
68 0x44 READ Flag 8: Incomplete
70 0x46 READ Flag 9: Complete
Buy Me A Coffee