Eun0us/ESPILON-CTF-2026-Writeups

Eun0us 6a0877384d [+] Writeups v2 — sync solves, real points, scoreboard stats, cleanup

- Remove undeployed challenges: Phantom_Byte, Cr4cK_w1f1, Lain_Br34kC0r3 V1,
  Lain_VS_Knights, Lets_All_Love_UART, AETHER_NET, Last_Train_451, Web3/
- Sync 24 solve/ files from main CTF-Espilon repo
- Update all READMEs with real CTFd final scores at freeze
- Add git-header.png banner
- Rewrite README: scoreboard top 10, edition stats (1410 users, 264 boards,
  1344 solves), correct freeze date March 26 2026

2026-03-27 21:27:45 +01:00

1.5 KiB

Raw Permalink Blame History

ESP Start — Solution

Difficulty: Easy | Category: ESP | Flag: ESPILON{st4rt_th3_w1r3}

Overview

Flash the provided firmware onto an ESP32. On boot, the device outputs an XOR-encrypted flag along with the XOR key via UART at 115200 baud.

Step 1 — Flash the firmware

esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 460800 write_flash -z \
    0x1000  bootloader.bin \
    0x8000  partition-table.bin \
    0x10000 hello-espilon.bin

Step 2 — Read the UART output

screen /dev/ttyUSB0 115200
# Or:
minicom -D /dev/ttyUSB0 -b 115200

The device prints:

=== Hello ESP ===
System ready.

Encrypted flag: 09 12 19 07 00 0E 07 35 3F 35 7D 3C 38 1E 3D 26 7F 1E 3E 7F 3E 72 34
XOR Key: 4C 41 49 4E

Step 3 — Decrypt the flag

XOR key is LAIN (4C 41 49 4E). Apply it cyclically:

enc = bytes([0x09,0x12,0x19,0x07,0x00,0x0E,0x07,0x35,
             0x3F,0x35,0x7D,0x3C,0x38,0x1E,0x3D,0x26,
             0x7F,0x1E,0x3E,0x7F,0x3E,0x72,0x34])
key = b"LAIN"
flag = bytes(b ^ key[i % len(key)] for i, b in enumerate(enc))
print(flag.decode())
# ESPILON{st4rt_th3_w1r3}

Key Concepts

ESP32 flashing: esptool.py writes bootloader, partition table, and application at their respective offsets
UART monitoring: ESP32 default baud rate is 115200, 8N1
XOR cipher: Simple symmetric cipher — key is broadcast in plaintext here as an intro challenge

Flag

ESPILON{st4rt_th3_w1r3}

Author

Eun0us

1.5 KiB Raw Permalink Blame History