# ESP Start — Solution

**Difficulty:** Easy | **Category:** ESP | **Flag:** `ESPILON{st4rt_th3_w1r3}`

## Overview

Flash the provided firmware onto an ESP32. On boot, the device outputs an
XOR-encrypted flag along with the XOR key via UART at 115200 baud.

## Step 1 — Flash the firmware

```bash
esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 460800 write_flash -z \
    0x1000  bootloader.bin \
    0x8000  partition-table.bin \
    0x10000 hello-espilon.bin
```

## Step 2 — Read the UART output

```bash
screen /dev/ttyUSB0 115200
# Or:
minicom -D /dev/ttyUSB0 -b 115200
```

The device prints:

```text
=== Hello ESP ===
System ready.

Encrypted flag: 09 12 19 07 00 0E 07 35 3F 35 7D 3C 38 1E 3D 26 7F 1E 3E 7F 3E 72 34
XOR Key: 4C 41 49 4E
```

## Step 3 — Decrypt the flag

XOR key is `LAIN` (`4C 41 49 4E`). Apply it cyclically:

```python
enc = bytes([0x09,0x12,0x19,0x07,0x00,0x0E,0x07,0x35,
             0x3F,0x35,0x7D,0x3C,0x38,0x1E,0x3D,0x26,
             0x7F,0x1E,0x3E,0x7F,0x3E,0x72,0x34])
key = b"LAIN"
flag = bytes(b ^ key[i % len(key)] for i, b in enumerate(enc))
print(flag.decode())
# ESPILON{st4rt_th3_w1r3}
```

## Key Concepts

- **ESP32 flashing**: `esptool.py` writes bootloader, partition table, and application at their respective offsets
- **UART monitoring**: ESP32 default baud rate is 115200, 8N1
- **XOR cipher**: Simple symmetric cipher — key is broadcast in plaintext here as an intro challenge

## Flag

`ESPILON{st4rt_th3_w1r3}`

## Author

Eun0us