ESPILON-CTF-2026-Writeups/IoT/Nurse_Call

Nurse Call

Field	Value
Category	IoT
Difficulty	Easy
Points	50
Author	Eun0us
CTF	Espilon 2026

---

Description

You gain access to the maintenance terminal of the patient call system at Clinique Sainte-Mika. The system reports phantom calls coming from a sealed room.

The previous technician did not finish his investigation. His session was left open.

Explore the logs, understand the anomaly, and find what hides in Room 013.

• Terminal: tcp/<host>:1337

Format: ESPILON{flag}

---

TL;DR

Connect to the maintenance terminal. Read the logs to find phantom calls from Room 013 with payload 0x4c41494e. Decode the hex to ASCII to get LAIN. Run ./tools/reveil.sh --id LAIN to wake the module and receive the flag.

---

Tools

Tool	Purpose
nc	Terminal access
Hex-to-ASCII decoding	Convert 0x4c41494e

---

Solution

Step 1 — Connect

nc <host> 1337

Step 2 — Read the call log

cat logs/appels.log

The log shows repeated phantom calls from Room 013. The last line:

[ALERT] Room 013 — unknown payload: 0x4c41494e

Step 3 — Decode the payload

bytes.fromhex("4c41494e").decode()  # 'LAIN'

Or: 0x4C = L, 0x41 = A, 0x49 = I, 0x4E = N → LAIN

Step 4 — Confirm in the network log

cat logs/reseau.log

Contains: 0x4c41494e -> ASCII: "LAIN"

Step 5 — Read the maintenance log for the command syntax

cat logs/maintenance.log

The previous technician wrote: "Use reveil.sh --id with the payload ID."

Optionally:

cat config/navi-care.conf

Shows exact syntax: reveil.sh --id <MODULE_ID>

Step 6 — Wake the module

./tools/reveil.sh --id LAIN

---

Flag

ESPILON{r3v31ll3_m01_d4ns_l3_w1r3d}