Eun0us/ESPILON-CTF-2026-Writeups
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

write-up: README.md

Browse Source
This commit is contained in:
Eun0us 2026-03-26 17:31:10 +00:00
parent b3553ba029
commit dfbeb52553
1 changed files with 55 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

149
README.md
View File

@ -1,110 +1,71 @@
# ESPILON CTF 2026 — Write-ups officiels
# CTF Espilon — Write-ups
> **Édition 1** · Thème : *Serial Experiments Lain × Sécurité industrielle & embarquée*
Write-ups de l'ensemble des challenges de la première édition ESPILON CTF.
Les catégories couvrent le matériel bas niveau, l'IoT, les systèmes OT/SCADA, l'ESP32 et les smart contracts EVM.
Welcome to the official write-up repository for **CTF Espilon**, a themed CTF
inspired by the *Serial Experiments Lain* universe, set inside the WIRED-MED
hospital network of Clinique Sainte-Mika and the surrounding Lain lore.
---
## Challenges
## Challenge Index
### 🟢 Intro
| Challenge | Difficulté | Flag |
|-----------|-----------|------|
| [The Wired](Intro/The_Wired/) | Easy | `ESPILON{th3_w1r3d_kn0ws_wh0_y0u_4r3}` |
| # | File | Category | Difficulty | Points | Flag |
|---|------|----------|-----------|--------|------|
| 1 | [ESP_Start](ESP/ESP_Start.md) | ESP | Easy | 50 | `ESPILON{st4rt_th3_w1r3}` |
| 2 | [Jnouned_Router](ESP/Jnouned_Router.md) | ESP | Multi (Easy→Hard) | 100/200/300/400 | 4 flags |
| 3 | [Phantom_Byte](ESP/Phantom_Byte.md) | ESP | Multi (Easy→Hard) | 100/200/300/500 | 4 flags |
| 4 | [CAN_Bus_Implant](Hardware/CAN_Bus_Implant.md) | Hardware | Medium-Hard | 500 | `ESPILON{c4n_bus_1mpl4nt_4ct1v3}` |
| 5 | [Glitch_The_Wired](Hardware/Glitch_The_Wired.md) | Hardware | Medium-Hard | 500 | `ESPILON{gl1tch_byp4ss_s3cur3_b00t}` |
| 6 | [NAVI_I2C_Sniff](Hardware/NAVI_I2C_Sniff.md) | Hardware | Medium-Hard | 500 | `ESPILON{n4v1_12c_bus_mast3r}` |
| 7 | [Phantom_JTAG](Hardware/Phantom_JTAG.md) | Hardware | Medium-Hard | 500 | `ESPILON{jt4g_d3bug_unl0ck3d}` |
| 8 | [Serial_Experimental_00](Hardware/Serial_Experimental_00.md) | Hardware | Easy | 150 | `ESPILON{l41n_s3r14l_3xp_00}` |
| 9 | [Signal_Tap_Lain](Hardware/Signal_Tap_Lain.md) | Hardware | Medium-Hard | 500 | `ESPILON{s1gn4l_t4p_d3c0d3d}` |
| 10 | [Wired_SPI_Exfil](Hardware/Wired_SPI_Exfil.md) | Hardware | Medium-Hard | 500 | `ESPILON{sp1_fl4sh_3xf1ltr4t3d}` |
| 11 | [The_Wired](Intro/The_Wired.md) | Intro | Medium | 400 | `ESPILON{th3_w1r3d_kn0ws_wh0_y0u_4r3}` |
| 12 | [Anesthesia_Gateway](IoT/Anesthesia_Gateway.md) | IoT | Medium-Hard | 500 | `ESPILON{mQtt_g4tw4y_4n3sth3s14}` |
| 13 | [Cr4cK_W1F1](IoT/Cr4cK_W1F1.md) | IoT | Medium | — | `CTF{CR4CK_W1F1_EXAMPLE}` |
| 14 | [Lain_Br34kC0r3](IoT/Lain_Br34kC0r3.md) | IoT | Medium | 500 | `ECW{LAIN_Br34k_CryPT0}` |
| 15 | [Lain_Br34kC0r3_V2](IoT/Lain_Br34kC0r3_V2.md) | IoT | Hard | 500 | `ESPILON{3sp32_fl4sh_dump_r3v3rs3d}` |
| 16 | [Lain_VS_Knights](IoT/Lain_VS_Knights.md) | IoT | Hard | — | `ESPILON{0nlY_L41N_C4N_S0lv3}` |
| 17 | [Lets_All_Hate_UART](IoT/Lets_All_Hate_UART.md) | IoT | Medium-Hard | 500 | `ESPILON{u4rt_nvs_fl4sh_d1sc0v3ry}` |
| 18 | [Lets_All_Love_UART](IoT/Lets_All_Love_UART.md) | IoT | Easy | 500 | `ESPILON{LAIN_TrUsT_U4RT}` |
| 19 | [Nurse_Call](IoT/Nurse_Call.md) | IoT | Easy | 200 | `ESPILON{r3v31ll3_m01_d4ns_l3_w1r3d}` |
| 20 | [Observe_The_Wired](IoT/Observe_The_Wired.md) | IoT | Medium-Hard | — | `ESPILON{c0ap_0bs3rv3_th3_w1r3d}` |
| 21 | [Wired_Airwave_013](IoT/Wired_Airwave_013.md) | IoT | Medium | 500 | `ESPILON{sdr_fsk_w1r3d_m3d_013}` |
| 22 | [Accela_Signal](Misc/Accela_Signal.md) | Misc | Hard | 500 | `ESPILON{4cc3l4_ch1rp_spr34d_w1r3d}` |
| 23 | [AETHER_NET](Misc/AETHER_NET.md) | Misc | Insane | — | `ESPILON{4eth3r_n3t_d3us_4dm1n}` |
| 24 | [Last_Train_451](Misc/Last_Train_451.md) | Misc | TBD | — | TBD |
| 25 | [LAYER_ZERO](Misc/LAYER_ZERO.md) | Misc | Hard | 600 | `ESPILON{kn1ghts_0f_th3_w1r3d_pr0t0c0l7}` |
| 26 | [Patient_Portal](Misc/Patient_Portal.md) | Misc | Medium-Hard | 500 | `ESPILON{r00t_0f_s41nt3_m1k4}` |
| 27 | [Cyberia_Grid](OT/Cyberia_Grid.md) | OT | Medium-Hard | 500 | `ESPILON{cyb3r14_ps7ch3_pr0c3ss0r}` |
| 28 | [Operating_Room](OT/Operating_Room.md) | OT | Medium-Hard | 500 | `ESPILON{m0dbu5_0p3r4t1ng_r00m}` |
| 29 | [Protocol_Seven](OT/Protocol_Seven.md) | OT | Hard | 600 | `ESPILON{pr0t0c0l_7_m3rg3_c0mpl3t3}` |
| 30 | [Schumann_Resonance](OT/Schumann_Resonance.md) | OT | Medium | 400 | `ESPILON{sch0m4nn_r3s0n4nc3_783}` |
| 31 | [Tachibana_SCADA](OT/Tachibana_SCADA.md) | OT | Medium-Hard | 500 | `ESPILON{31r1_k1ds_pr0t0c0l_s3v3n}` |
| 32 | [GANTZ_BALL_CONTRACT](Web3/GANTZ_BALL_CONTRACT.md) | Web3 | Insane | 500 | `ESPILON{g4ntz_b4ll_100_p01nts_fr33d0m}` |
| 33 | [TACHIBANA_FIRMWARE_REGISTRY](Web3/TACHIBANA_FIRMWARE_REGISTRY.md) | Web3 | Insane | 500 | `ESPILON{t4ch1b4n4_fuzz_f1rmw4r3_r3g1stry}` |
---
### 📡 ESP
## Categories
| Challenge | Difficulté | Flag |
|-----------|-----------|------|
| [ESP Start](ESP/ESP_Start/) | Easy | `ESPILON{st4rt_th3_w1r3}` |
| [Phantom Byte](ESP/Phantom_Byte/) | Medium | `ESPILON{bl1nd_str4ddl3}` |
| [Jnouner Router](ESP/Jnouner_Router/) | Hard | 4 flags *(voir WU)* |
- **ESP** — ESP32 firmware challenges (flashing, UART, WiFi, custom protocols)
- **Hardware** — Simulated hardware bus interfaces (UART, I2C, SPI, JTAG, CAN, signal decoding, voltage glitching)
- **Intro** — Entry-point challenge covering the ESPILON bot C2 infrastructure
- **IoT** — IoT protocol challenges (MQTT, CoAP, UART, SDR/FSK, WiFi)
- **Misc** — Mixed challenges (signal processing, web exploitation, multi-pivot)
- **OT** — Operational Technology / Industrial protocols (Modbus, BACnet, OPC-UA, EtherNet/IP)
- **Web3** — Ethereum smart contract exploitation (reentrancy, assembly underflow, bytecode reversal)
---
### 🔌 Hardware
## Lore
| Challenge | Difficulté | Flag |
|-----------|-----------|------|
| [Serial Experimental 00](Hardware/Serial_Experimental_00/) | Easy | dynamique |
| [Signal Tap Lain](Hardware/Signal_Tap_Lain/) | Medium-Hard | `ESPILON{s1gn4l_t4p_l41n}` |
| [NAVI I2C Sniff](Hardware/NAVI_I2C_Sniff/) | Medium-Hard | dynamique |
| [Phantom JTAG](Hardware/Phantom_JTAG/) | Medium-Hard | dynamique |
| [Wired SPI Exfil](Hardware/Wired_SPI_Exfil/) | Medium-Hard | dynamique |
| [CAN Bus Implant](Hardware/CAN_Bus_Implant/) | Medium-Hard | dynamique |
| [Glitch The Wired](Hardware/Glitch_The_Wired/) | Medium-Hard | dynamique |
> Les challenges Hardware sont des containers Docker avec des flags dynamiques générés par instance.
The CTF is set in the world of *Serial Experiments Lain*. Challenges revolve
around the WIRED-MED medical network of **Clinique Sainte-Mika**, the covert
KIDS experiment at **Tachibana General Laboratories**, and the mysterious
**Protocol Seven** scattered across industrial systems by Eiri Masami before his
disappearance. Knights of the Eastern Calculus guard the deepest layers.
---
### 📶 IoT
| Challenge | Difficulté | Flag |
|-----------|-----------|------|
| [Nurse Call](IoT/Nurse_Call/) | Easy | `ESPILON{r3v31ll3_m01_d4ns_l3_w1r3d}` |
| [Lets All Love UART](IoT/Lets_All_Love_UART/) | Easy | `ESPILON{LAIN_TrUsT_U4RT}` |
| [Wired Airwave 013](IoT/Wired_Airwave_013/) | Medium | `ESPILON{sdr_fsk_w1r3d_m3d_013}` |
| [LAIN Breakcore](IoT/Lain_Br34kC0r3/) | Medium | `ECW{LAIN_Br34k_CryPT0}` |
| [Anesthesia Gateway](IoT/Anesthesia_Gateway/) | Medium-Hard | `ESPILON{mQtt_g4tw4y_4n3sth3s14}` |
| [Observe The Wired](IoT/Observe_The_Wired/) | Medium-Hard | `ESPILON{c0ap_0bs3rv3_th3_w1r3d}` |
| [Lets All Hate UART](IoT/Lets_All_Hate_UART/) | Medium-Hard | `ESPILON{u4rt_nvs_fl4sh_d1sc0v3ry}` |
| [LAIN_Br34kC0r3 V2](IoT/Lain_Br34kC0r3_V2/) | Hard | `ESPILON{3sp32_fl4sh_dump_r3v3rs3d}` |
| [LAIN vs Knights](IoT/Lain_VS_Knights/) | Hard | `ESPILON{0nlY_L41N_C4N_S0lv3}` |
| [Cr4cK_w1f1](IoT/Cr4cK_w1f1/) | Medium | *(challenge en cours)* |
---
### 🏭 OT / SCADA
| Challenge | Difficulté | Flag |
|-----------|-----------|------|
| [Schumann Resonance](OT/Schumann_Resonance/) | Medium | `ESPILON{sch0m4nn_r3s0n4nc3_783}` |
| [Operating Room](OT/Operating_Room/) | Medium-Hard | `ESPILON{m0dbu5_0p3r4t1ng_r00m}` |
| [Cyberia Grid](OT/Cyberia_Grid/) | Medium-Hard | `ESPILON{cyb3r14_ps7ch3_pr0c3ss0r}` |
| [Tachibana SCADA](OT/Tachibana_SCADA/) | Medium-Hard | `ESPILON{31r1_k1ds_pr0t0c0l_s3v3n}` |
| [Protocol Seven](OT/Protocol_Seven/) | Hard | `ESPILON{pr0t0c0l_7_m3rg3_c0mpl3t3}` |
---
### 🔮 Misc
| Challenge | Difficulté | Flag |
|-----------|-----------|------|
| [Patient Portal](Misc/Patient_Portal/) | Medium-Hard | `ESPILON{r00t_0f_s41nt3_m1k4}` |
| [Accela Signal](Misc/Accela_Signal/) | Hard | `ESPILON{4cc3l4_ch1rp_spr34d_w1r3d}` |
| [LAYER_ZERO](Misc/LAYER_ZERO/) | Hard | `ESPILON{kn1ghts_0f_th3_w1r3d_pr0t0c0l7}` |
| [AETHER_NET](Misc/AETHER_NET/) | Insane | `ESPILON{4eth3r_n3t_d3us_4dm1n}` |
| [Last Train 451](Misc/Last_Train_451/) | TBD | *(challenge en cours)* |
---
### ⛓️ Web3 / EVM
| Challenge | Difficulté | Flag |
|-----------|-----------|------|
| [GANTZ BALL CONTRACT](Web3/GANTZ_BALL_CONTRACT/) | Insane | `ESPILON{g4ntz_b4ll_100_p01nts_fr33d0m}` |
| [TACHIBANA FIRMWARE REGISTRY](Web3/TACHIBANA_FIRMWARE_REGISTRY/) | Insane | `ESPILON{t4ch1b4n4_fuzz_f1rmw4r3_r3g1stry}` |
---
## Système de scoring
| Difficulté | Initial | Minimum | Decay (solves) |
|------------|---------|---------|----------------|
| Easy | 250 | 50 | 100 |
| Medium | 400 | 80 | 80 |
| Medium-Hard | 500 | 100 | 60 |
| Hard | 600 | 150 | 50 |
| Insane | 600+ | 150 | 50 |
---
## Auteur
**Eun0us** — ESPILON CTF 2026
*Author: Eun0us — CTF Espilon 2026*