diff --git a/README.md b/README.md index 0f665b9..d70787c 100644 --- a/README.md +++ b/README.md @@ -1,110 +1,71 @@ -# ESPILON CTF 2026 — Write-ups officiels +# CTF Espilon — Write-ups -> **Édition 1** · Thème : *Serial Experiments Lain × Sécurité industrielle & embarquée* - -Write-ups de l'ensemble des challenges de la première édition ESPILON CTF. -Les catégories couvrent le matériel bas niveau, l'IoT, les systèmes OT/SCADA, l'ESP32 et les smart contracts EVM. +Welcome to the official write-up repository for **CTF Espilon**, a themed CTF +inspired by the *Serial Experiments Lain* universe, set inside the WIRED-MED +hospital network of Clinique Sainte-Mika and the surrounding Lain lore. --- -## Challenges +## Challenge Index -### 🟢 Intro - -| Challenge | Difficulté | Flag | -|-----------|-----------|------| -| [The Wired](Intro/The_Wired/) | Easy | `ESPILON{th3_w1r3d_kn0ws_wh0_y0u_4r3}` | +| # | File | Category | Difficulty | Points | Flag | +|---|------|----------|-----------|--------|------| +| 1 | [ESP_Start](ESP/ESP_Start.md) | ESP | Easy | 50 | `ESPILON{st4rt_th3_w1r3}` | +| 2 | [Jnouned_Router](ESP/Jnouned_Router.md) | ESP | Multi (Easy→Hard) | 100/200/300/400 | 4 flags | +| 3 | [Phantom_Byte](ESP/Phantom_Byte.md) | ESP | Multi (Easy→Hard) | 100/200/300/500 | 4 flags | +| 4 | [CAN_Bus_Implant](Hardware/CAN_Bus_Implant.md) | Hardware | Medium-Hard | 500 | `ESPILON{c4n_bus_1mpl4nt_4ct1v3}` | +| 5 | [Glitch_The_Wired](Hardware/Glitch_The_Wired.md) | Hardware | Medium-Hard | 500 | `ESPILON{gl1tch_byp4ss_s3cur3_b00t}` | +| 6 | [NAVI_I2C_Sniff](Hardware/NAVI_I2C_Sniff.md) | Hardware | Medium-Hard | 500 | `ESPILON{n4v1_12c_bus_mast3r}` | +| 7 | [Phantom_JTAG](Hardware/Phantom_JTAG.md) | Hardware | Medium-Hard | 500 | `ESPILON{jt4g_d3bug_unl0ck3d}` | +| 8 | [Serial_Experimental_00](Hardware/Serial_Experimental_00.md) | Hardware | Easy | 150 | `ESPILON{l41n_s3r14l_3xp_00}` | +| 9 | [Signal_Tap_Lain](Hardware/Signal_Tap_Lain.md) | Hardware | Medium-Hard | 500 | `ESPILON{s1gn4l_t4p_d3c0d3d}` | +| 10 | [Wired_SPI_Exfil](Hardware/Wired_SPI_Exfil.md) | Hardware | Medium-Hard | 500 | `ESPILON{sp1_fl4sh_3xf1ltr4t3d}` | +| 11 | [The_Wired](Intro/The_Wired.md) | Intro | Medium | 400 | `ESPILON{th3_w1r3d_kn0ws_wh0_y0u_4r3}` | +| 12 | [Anesthesia_Gateway](IoT/Anesthesia_Gateway.md) | IoT | Medium-Hard | 500 | `ESPILON{mQtt_g4tw4y_4n3sth3s14}` | +| 13 | [Cr4cK_W1F1](IoT/Cr4cK_W1F1.md) | IoT | Medium | — | `CTF{CR4CK_W1F1_EXAMPLE}` | +| 14 | [Lain_Br34kC0r3](IoT/Lain_Br34kC0r3.md) | IoT | Medium | 500 | `ECW{LAIN_Br34k_CryPT0}` | +| 15 | [Lain_Br34kC0r3_V2](IoT/Lain_Br34kC0r3_V2.md) | IoT | Hard | 500 | `ESPILON{3sp32_fl4sh_dump_r3v3rs3d}` | +| 16 | [Lain_VS_Knights](IoT/Lain_VS_Knights.md) | IoT | Hard | — | `ESPILON{0nlY_L41N_C4N_S0lv3}` | +| 17 | [Lets_All_Hate_UART](IoT/Lets_All_Hate_UART.md) | IoT | Medium-Hard | 500 | `ESPILON{u4rt_nvs_fl4sh_d1sc0v3ry}` | +| 18 | [Lets_All_Love_UART](IoT/Lets_All_Love_UART.md) | IoT | Easy | 500 | `ESPILON{LAIN_TrUsT_U4RT}` | +| 19 | [Nurse_Call](IoT/Nurse_Call.md) | IoT | Easy | 200 | `ESPILON{r3v31ll3_m01_d4ns_l3_w1r3d}` | +| 20 | [Observe_The_Wired](IoT/Observe_The_Wired.md) | IoT | Medium-Hard | — | `ESPILON{c0ap_0bs3rv3_th3_w1r3d}` | +| 21 | [Wired_Airwave_013](IoT/Wired_Airwave_013.md) | IoT | Medium | 500 | `ESPILON{sdr_fsk_w1r3d_m3d_013}` | +| 22 | [Accela_Signal](Misc/Accela_Signal.md) | Misc | Hard | 500 | `ESPILON{4cc3l4_ch1rp_spr34d_w1r3d}` | +| 23 | [AETHER_NET](Misc/AETHER_NET.md) | Misc | Insane | — | `ESPILON{4eth3r_n3t_d3us_4dm1n}` | +| 24 | [Last_Train_451](Misc/Last_Train_451.md) | Misc | TBD | — | TBD | +| 25 | [LAYER_ZERO](Misc/LAYER_ZERO.md) | Misc | Hard | 600 | `ESPILON{kn1ghts_0f_th3_w1r3d_pr0t0c0l7}` | +| 26 | [Patient_Portal](Misc/Patient_Portal.md) | Misc | Medium-Hard | 500 | `ESPILON{r00t_0f_s41nt3_m1k4}` | +| 27 | [Cyberia_Grid](OT/Cyberia_Grid.md) | OT | Medium-Hard | 500 | `ESPILON{cyb3r14_ps7ch3_pr0c3ss0r}` | +| 28 | [Operating_Room](OT/Operating_Room.md) | OT | Medium-Hard | 500 | `ESPILON{m0dbu5_0p3r4t1ng_r00m}` | +| 29 | [Protocol_Seven](OT/Protocol_Seven.md) | OT | Hard | 600 | `ESPILON{pr0t0c0l_7_m3rg3_c0mpl3t3}` | +| 30 | [Schumann_Resonance](OT/Schumann_Resonance.md) | OT | Medium | 400 | `ESPILON{sch0m4nn_r3s0n4nc3_783}` | +| 31 | [Tachibana_SCADA](OT/Tachibana_SCADA.md) | OT | Medium-Hard | 500 | `ESPILON{31r1_k1ds_pr0t0c0l_s3v3n}` | +| 32 | [GANTZ_BALL_CONTRACT](Web3/GANTZ_BALL_CONTRACT.md) | Web3 | Insane | 500 | `ESPILON{g4ntz_b4ll_100_p01nts_fr33d0m}` | +| 33 | [TACHIBANA_FIRMWARE_REGISTRY](Web3/TACHIBANA_FIRMWARE_REGISTRY.md) | Web3 | Insane | 500 | `ESPILON{t4ch1b4n4_fuzz_f1rmw4r3_r3g1stry}` | --- -### 📡 ESP +## Categories -| Challenge | Difficulté | Flag | -|-----------|-----------|------| -| [ESP Start](ESP/ESP_Start/) | Easy | `ESPILON{st4rt_th3_w1r3}` | -| [Phantom Byte](ESP/Phantom_Byte/) | Medium | `ESPILON{bl1nd_str4ddl3}` | -| [Jnouner Router](ESP/Jnouner_Router/) | Hard | 4 flags *(voir WU)* | +- **ESP** — ESP32 firmware challenges (flashing, UART, WiFi, custom protocols) +- **Hardware** — Simulated hardware bus interfaces (UART, I2C, SPI, JTAG, CAN, signal decoding, voltage glitching) +- **Intro** — Entry-point challenge covering the ESPILON bot C2 infrastructure +- **IoT** — IoT protocol challenges (MQTT, CoAP, UART, SDR/FSK, WiFi) +- **Misc** — Mixed challenges (signal processing, web exploitation, multi-pivot) +- **OT** — Operational Technology / Industrial protocols (Modbus, BACnet, OPC-UA, EtherNet/IP) +- **Web3** — Ethereum smart contract exploitation (reentrancy, assembly underflow, bytecode reversal) --- -### 🔌 Hardware +## Lore -| Challenge | Difficulté | Flag | -|-----------|-----------|------| -| [Serial Experimental 00](Hardware/Serial_Experimental_00/) | Easy | dynamique | -| [Signal Tap Lain](Hardware/Signal_Tap_Lain/) | Medium-Hard | `ESPILON{s1gn4l_t4p_l41n}` | -| [NAVI I2C Sniff](Hardware/NAVI_I2C_Sniff/) | Medium-Hard | dynamique | -| [Phantom JTAG](Hardware/Phantom_JTAG/) | Medium-Hard | dynamique | -| [Wired SPI Exfil](Hardware/Wired_SPI_Exfil/) | Medium-Hard | dynamique | -| [CAN Bus Implant](Hardware/CAN_Bus_Implant/) | Medium-Hard | dynamique | -| [Glitch The Wired](Hardware/Glitch_The_Wired/) | Medium-Hard | dynamique | - -> Les challenges Hardware sont des containers Docker avec des flags dynamiques générés par instance. +The CTF is set in the world of *Serial Experiments Lain*. Challenges revolve +around the WIRED-MED medical network of **Clinique Sainte-Mika**, the covert +KIDS experiment at **Tachibana General Laboratories**, and the mysterious +**Protocol Seven** scattered across industrial systems by Eiri Masami before his +disappearance. Knights of the Eastern Calculus guard the deepest layers. --- -### 📶 IoT - -| Challenge | Difficulté | Flag | -|-----------|-----------|------| -| [Nurse Call](IoT/Nurse_Call/) | Easy | `ESPILON{r3v31ll3_m01_d4ns_l3_w1r3d}` | -| [Lets All Love UART](IoT/Lets_All_Love_UART/) | Easy | `ESPILON{LAIN_TrUsT_U4RT}` | -| [Wired Airwave 013](IoT/Wired_Airwave_013/) | Medium | `ESPILON{sdr_fsk_w1r3d_m3d_013}` | -| [LAIN Breakcore](IoT/Lain_Br34kC0r3/) | Medium | `ECW{LAIN_Br34k_CryPT0}` | -| [Anesthesia Gateway](IoT/Anesthesia_Gateway/) | Medium-Hard | `ESPILON{mQtt_g4tw4y_4n3sth3s14}` | -| [Observe The Wired](IoT/Observe_The_Wired/) | Medium-Hard | `ESPILON{c0ap_0bs3rv3_th3_w1r3d}` | -| [Lets All Hate UART](IoT/Lets_All_Hate_UART/) | Medium-Hard | `ESPILON{u4rt_nvs_fl4sh_d1sc0v3ry}` | -| [LAIN_Br34kC0r3 V2](IoT/Lain_Br34kC0r3_V2/) | Hard | `ESPILON{3sp32_fl4sh_dump_r3v3rs3d}` | -| [LAIN vs Knights](IoT/Lain_VS_Knights/) | Hard | `ESPILON{0nlY_L41N_C4N_S0lv3}` | -| [Cr4cK_w1f1](IoT/Cr4cK_w1f1/) | Medium | *(challenge en cours)* | - ---- - -### 🏭 OT / SCADA - -| Challenge | Difficulté | Flag | -|-----------|-----------|------| -| [Schumann Resonance](OT/Schumann_Resonance/) | Medium | `ESPILON{sch0m4nn_r3s0n4nc3_783}` | -| [Operating Room](OT/Operating_Room/) | Medium-Hard | `ESPILON{m0dbu5_0p3r4t1ng_r00m}` | -| [Cyberia Grid](OT/Cyberia_Grid/) | Medium-Hard | `ESPILON{cyb3r14_ps7ch3_pr0c3ss0r}` | -| [Tachibana SCADA](OT/Tachibana_SCADA/) | Medium-Hard | `ESPILON{31r1_k1ds_pr0t0c0l_s3v3n}` | -| [Protocol Seven](OT/Protocol_Seven/) | Hard | `ESPILON{pr0t0c0l_7_m3rg3_c0mpl3t3}` | - ---- - -### 🔮 Misc - -| Challenge | Difficulté | Flag | -|-----------|-----------|------| -| [Patient Portal](Misc/Patient_Portal/) | Medium-Hard | `ESPILON{r00t_0f_s41nt3_m1k4}` | -| [Accela Signal](Misc/Accela_Signal/) | Hard | `ESPILON{4cc3l4_ch1rp_spr34d_w1r3d}` | -| [LAYER_ZERO](Misc/LAYER_ZERO/) | Hard | `ESPILON{kn1ghts_0f_th3_w1r3d_pr0t0c0l7}` | -| [AETHER_NET](Misc/AETHER_NET/) | Insane | `ESPILON{4eth3r_n3t_d3us_4dm1n}` | -| [Last Train 451](Misc/Last_Train_451/) | TBD | *(challenge en cours)* | - ---- - -### ⛓️ Web3 / EVM - -| Challenge | Difficulté | Flag | -|-----------|-----------|------| -| [GANTZ BALL CONTRACT](Web3/GANTZ_BALL_CONTRACT/) | Insane | `ESPILON{g4ntz_b4ll_100_p01nts_fr33d0m}` | -| [TACHIBANA FIRMWARE REGISTRY](Web3/TACHIBANA_FIRMWARE_REGISTRY/) | Insane | `ESPILON{t4ch1b4n4_fuzz_f1rmw4r3_r3g1stry}` | - ---- - -## Système de scoring - -| Difficulté | Initial | Minimum | Decay (solves) | -|------------|---------|---------|----------------| -| Easy | 250 | 50 | 100 | -| Medium | 400 | 80 | 80 | -| Medium-Hard | 500 | 100 | 60 | -| Hard | 600 | 150 | 50 | -| Insane | 600+ | 150 | 50 | - ---- - -## Auteur - -**Eun0us** — ESPILON CTF 2026 +*Author: Eun0us — CTF Espilon 2026*