Eun0us/ESPILON-CTF-2026-Writeups
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3a5f553a68
ESPILON-CTF-2026-Writeups/IoT/Observe_The_Wired/solve/solve.md
Eun0us 6a0877384d [+] Writeups v2 — sync solves, real points, scoreboard stats, cleanup 
- Remove undeployed challenges: Phantom_Byte, Cr4cK_w1f1, Lain_Br34kC0r3 V1,
  Lain_VS_Knights, Lets_All_Love_UART, AETHER_NET, Last_Train_451, Web3/
- Sync 24 solve/ files from main CTF-Espilon repo
- Update all READMEs with real CTFd final scores at freeze
- Add git-header.png banner
- Rewrite README: scoreboard top 10, edition stats (1410 users, 264 boards,
  1344 solves), correct freeze date March 26 2026
2026-03-27 21:27:45 +01:00

1.1 KiB
Raw Blame History

Observe The Wired -- Solution

Overview

CoAP node with observable stream. Recover fragments, decode the firmware blob, then POST the maintenance key.

Steps

  1. Discover resources
coap-client -m get coap://HOST/.well-known/core
  1. Get fragments A and B
coap-client -m get coap://HOST/status
coap-client -m get coap://HOST/telemetry/heart
  1. Observe the stream for fragment C
coap-client -m get -s 30 -o coap://HOST/wired/stream

Capture the JSON notification that includes fragment_c.

  1. Build XOR key Concatenate fragments in order A + B + C:
WIRED + LAIN + 23 = WIREDLAIN23
  1. Download firmware blob
coap-client -m get coap://HOST/archive/firmware

Save the base64 data between FIRMWARE_B64_BEGIN and FIRMWARE_B64_END into firmware.b64.

  1. Decode the blob
python3 decode.py firmware.b64

The JSON includes maintenance_key.

  1. Unlock and get the flag
coap-client -m post -e '0BS3RV3-L41N-23' coap://HOST/maintenance/unlock

Flag

ESPILON{c0ap_0bs3rv3_th3_w1r3d}

Author

Eun0us