write-up: IoT/Nurse_Call/README.md

2026-03-26 17:33:36 +00:00 · 2026-03-26 17:33:36 +00:00 · 30bd8dfd02
commit 30bd8dfd02
parent 239f8af9a8
1 changed files with 106 additions and 18 deletions
--- a/IoT/Nurse_Call/README.md
+++ b/IoT/Nurse_Call/README.md
@ -1,25 +1,113 @@
-# Nurse Call -- Solution
+# Nurse Call

-## Overview
-Connect to the maintenance terminal and investigate phantom calls from Room 013.
+| Field | Value |
+|-------|-------|
+| Category | IoT |
+| Difficulty | Easy |
+| Points | 200 |
+| Author | Eun0us |
+| CTF | Espilon 2026 |

-## Steps
+---

-1. Connect: `nc <host> 1337`
-2. Read `logs/appels.log` -- notice Room 013 phantom calls, especially the last line:
-   `payload room 013: 0x4c41494e`
-3. Read `logs/reseau.log` -- confirms `0x4c41494e -> ASCII: "LAIN"`
-4. Read `logs/maintenance.log` -- technician says to use `reveil.sh --id` with the payload ID
-5. Optionally read `config/navi-care.conf` for exact syntax: `reveil.sh --id <MODULE_ID>`
-6. Execute: `./tools/reveil.sh --id LAIN`
-7. Flag is printed: `ESPILON{r3v31ll3_m01_d4ns_l3_w1r3d}`
+## Description

-## Key insight
-The hex payload `0x4c41494e` is ASCII for "LAIN". The player must decode this
-and use it as the module identifier with the wake tool.
+You gain access to the maintenance terminal of the patient call system at Clinique Sainte-Mika.
+The system reports phantom calls coming from a sealed room.
+
+The previous technician did not finish his investigation. His session was left open.
+
+Explore the logs, understand the anomaly, and find what hides in Room 013.
+
+- Terminal: `tcp/<host>:1337`
+
+Format: **ESPILON{flag}**
+
+---
+
+## TL;DR
+
+Connect to the maintenance terminal. Read the logs to find phantom calls from Room 013 with
+payload `0x4c41494e`. Decode the hex to ASCII to get `LAIN`. Run `./tools/reveil.sh --id LAIN`
+to wake the module and receive the flag.
+
+---
+
+## Tools
+
+| Tool | Purpose |
+|------|---------|
+| `nc` | Terminal access |
+| Hex-to-ASCII decoding | Convert `0x4c41494e` |
+
+---
+
+## Solution
+
+### Step 1 — Connect
+
+```bash
+nc <host> 1337
+```
+
+> 📸 `[screenshot: maintenance terminal with open session from the previous technician]`
+
+### Step 2 — Read the call log
+
+```bash
+cat logs/appels.log
+```
+
+The log shows repeated phantom calls from Room 013. The last line:
+
+```
+[ALERT] Room 013 — unknown payload: 0x4c41494e
+```
+
+> 📸 `[screenshot: appels.log showing the phantom call with hex payload]`
+
+### Step 3 — Decode the payload
+
+```python
+bytes.fromhex("4c41494e").decode()  # 'LAIN'
+```
+
+Or: `0x4C = L`, `0x41 = A`, `0x49 = I`, `0x4E = N` → `LAIN`
+
+### Step 4 — Confirm in the network log
+
+```bash
+cat logs/reseau.log
+```
+
+Contains: `0x4c41494e -> ASCII: "LAIN"`
+
+### Step 5 — Read the maintenance log for the command syntax
+
+```bash
+cat logs/maintenance.log
+```
+
+The previous technician wrote: *"Use reveil.sh --id with the payload ID."*
+
+Optionally:
+
+```bash
+cat config/navi-care.conf
+```
+
+Shows exact syntax: `reveil.sh --id <MODULE_ID>`
+
+### Step 6 — Wake the module
+
+```bash
+./tools/reveil.sh --id LAIN
+```
+
+> 📸 `[screenshot: reveil.sh printing the flag after receiving the LAIN module ID]`
+
+---

 ## Flag
-`ESPILON{r3v31ll3_m01_d4ns_l3_w1r3d}`

-## Author
-Eun0us
+`ESPILON{r3v31ll3_m01_d4ns_l3_w1r3d}`