Eun0us/ESPILON-CTF-2026-Writeups
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6a0877384d
ESPILON-CTF-2026-Writeups/ESP/ESP_Start/solve/solve.md
Eun0us 6a0877384d [+] Writeups v2 — sync solves, real points, scoreboard stats, cleanup 
- Remove undeployed challenges: Phantom_Byte, Cr4cK_w1f1, Lain_Br34kC0r3 V1,
  Lain_VS_Knights, Lets_All_Love_UART, AETHER_NET, Last_Train_451, Web3/
- Sync 24 solve/ files from main CTF-Espilon repo
- Update all READMEs with real CTFd final scores at freeze
- Add git-header.png banner
- Rewrite README: scoreboard top 10, edition stats (1410 users, 264 boards,
  1344 solves), correct freeze date March 26 2026
2026-03-27 21:27:45 +01:00

64 lines
1.5 KiB
Markdown
Raw Blame History

# ESP Start — Solution
**Difficulty:** Easy | **Category:** ESP | **Flag:** `ESPILON{st4rt_th3_w1r3}`
## Overview
Flash the provided firmware onto an ESP32. On boot, the device outputs an
XOR-encrypted flag along with the XOR key via UART at 115200 baud.
## Step 1 — Flash the firmware
```bash
esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 460800 write_flash -z \
0x1000 bootloader.bin \
0x8000 partition-table.bin \
0x10000 hello-espilon.bin
```
## Step 2 — Read the UART output
```bash
screen /dev/ttyUSB0 115200
# Or:
minicom -D /dev/ttyUSB0 -b 115200
```
The device prints:
```text
=== Hello ESP ===
System ready.
Encrypted flag: 09 12 19 07 00 0E 07 35 3F 35 7D 3C 38 1E 3D 26 7F 1E 3E 7F 3E 72 34
XOR Key: 4C 41 49 4E
```
## Step 3 — Decrypt the flag
XOR key is `LAIN` (`4C 41 49 4E`). Apply it cyclically:
```python
enc = bytes([0x09,0x12,0x19,0x07,0x00,0x0E,0x07,0x35,
0x3F,0x35,0x7D,0x3C,0x38,0x1E,0x3D,0x26,
0x7F,0x1E,0x3E,0x7F,0x3E,0x72,0x34])
key = b"LAIN"
flag = bytes(b ^ key[i % len(key)] for i, b in enumerate(enc))
print(flag.decode())
# ESPILON{st4rt_th3_w1r3}
```
## Key Concepts
- **ESP32 flashing**: `esptool.py` writes bootloader, partition table, and application at their respective offsets
- **UART monitoring**: ESP32 default baud rate is 115200, 8N1
- **XOR cipher**: Simple symmetric cipher — key is broadcast in plaintext here as an intro challenge
## Flag
`ESPILON{st4rt_th3_w1r3}`
## Author
Eun0us
Reference in New Issue View Git Blame Copy Permalink