We covered another hardware hacking challenge where we demonstrated an analysis of an archived file that was created by capturing data off the async serial interface of an embedded device. The objective was to decode the captured data and we used SALEAE logic analyzer to decode the data.. This was part of HackTheBox Debugging Interface challenge.
Challenge Description
We accessed the embedded device’s asynchronous serial debugging interface while it was operational and captured some messages that were being transmitted over it. Can you decode them?
The Complete Practical Web Application Penetration Testing Course
Video Transcript
What’s going on guys? Welcome back to this video. Today. We’re doing again hug the box and we’re gonna do debugging on your face, which is another Hardware challenge in there in the last video. We did Photon lockdown where we analyzed an image a Linux image that was intended to be used in an embedded device. And today we’re going to solve debugging angry face, so
We go here and as you can see we have files for download and let’s go over the description. It might be helpful. So we accessed the embedded devices asynchronous serial debugging interface while it was operational and captured some messages that will being transmitted over it. Can you decode them?
So this looks like there is a foreign word or a capture and data. We can conclude that the developer of the challenge might have extracted the data from the device as you can see by capturing it in real time.
So here it says we accessed the embedded devices asynchronous serial debugging interface. So they connected some serial cable to the device and they started capturing the data.
And also it says while it was operations on the device was working and we captured some data for debugging purposes using the serial asynchronous and your face.
So what was the result?
The result was that we captured some messages that were being transmitted over the serial interface. Can we decode these messages? So our job here is to analyze the file that’s supposed to be the capture file much like when you capture a network traffic using Wireshark here, we captured the data that was being transmitted over the serial asynchronous interface device. Now, what’s the device? There is no description on what the device and devices.
Could be probably is an embedded device or it could be Internet of Things device or could be a microprocessor. So let’s go over here to the machine and find out what are these files?
Okay, let me clear so.
Here. So this is the zipped file once we unzip the file we get another file. So let’s go over this file and find its nature. So see the desktop.
Here this is divine debugging under score interface underscore signal. This is the fire. So that file we extracted the file from the zip file.
The original zip file now, let’s find out the nature of this file by doing file.
The file command and we can see that the file is also another zip archive data. So to extract the underlying data we use on zip.
Okay, once we do that.
You will find two additional files meta .s introduced on file and a binary file. So the disavow file has nothing else or cat methodologies on.
Since we’re looking for a flag, it’s not here now. Additionally, there is another thing so that died that was captured through the serial cable supposed to be in a capture file not in a decent far. So the other file or other the candidate is the binary file.
Well, you can see it is Delta Phi. Now this part of the file we can open to using Deidre or we can use some logic analyzer. Now. Why do we use logic analyzer? Because if you
Extract the strings from the file. At the very first of the file the strings output we can see there is a sale aeore sale sale a so if you Google this
It will take you to this site. Yeah, because you going to ask me how did you find out? So let me show you from zero. So this is the query and logic analyzers.
So this takes you to this website and this website offers a software to analyze the captured data from embedded devices. So you go ahead and download logic to and once you download the logic to once you’re out of this page, there is the button download for Linux and there is installed instructions.
The sole instructors are pretty straightforward. I’m going to tell you what to do how to do it. So now clear.
CD downloads
This is the file or this is the program that’s supposed to be the logic analyzer.
We give it permissions to run. Okay, and then we’re going to
So here we can connect a device with we have but since we don’t have we have a captured data capture, so we’re going to say open Capture.
And we select the file, which is the original file if you remember right click on open. Okay.
so this is the data block as you can see here. It starts from here and ends from here now we can do you can just
Maximize it so we double click double click now. It’s in my MS. So want to get this into microseconds? Yeah, as you can see, this is the signal that’s what we want. We want to take a look at the signal analyzer data.
So we go all the way to the very start of the blocks at the Block starts from here 0.7 milliseconds. Here is the start of the block and if you hover over the block as you can see guys
we can see the bit rate. So it is thirty two point zero two microseconds. Okay that corresponds to 30 1230 bit rate per second.
Finding the bit rate is a very important. Now what we’re doing here. We want to extract that the first thing as you can see we extracted the signal. Okay, and we found the bit rate. So the next thing is to go to the analyzers tool in here and click on a sink cereal because that was the signal. If you go back to the description of the challenge the challenge says that the data was captured.
As you can see by accessing the embedded devices asynchronous serial, so the source is a sink cereal.
This opens up the details menu here. You can select Channel 00 as is as you can see the bit rate is already selected. But if you are doing The Challenge and you didn’t see that if you just type this number because it corresponds to the very start of the block going to click save and now we have successfully decoded the data, but we want to find out where we can access it. So on the
Explain sorry when the right vein we have the terminal button here we click on it.
And we can successfully see the decoded data. This is the that the data that has been captured and among the other is the flag that you want to copy this.
Three. Yeah, submit flag and it works. So that was it guys. That was the second Hardware challenge if you like the series so far just put your thoughts in the comments of the video, and I’m going to see you later.
Video Walkthrough
Video walkthrough for HackTheBox Debugging Interface is coming soon