6a0877384d
- Remove undeployed challenges: Phantom_Byte, Cr4cK_w1f1, Lain_Br34kC0r3 V1, Lain_VS_Knights, Lets_All_Love_UART, AETHER_NET, Last_Train_451, Web3/ - Sync 24 solve/ files from main CTF-Espilon repo - Update all READMEs with real CTFd final scores at freeze - Add git-header.png banner - Rewrite README: scoreboard top 10, edition stats (1410 users, 264 boards, 1344 solves), correct freeze date March 26 2026
53 lines
1.1 KiB
Markdown
53 lines
1.1 KiB
Markdown
# Observe The Wired -- Solution
|
|
|
|
## Overview
|
|
CoAP node with observable stream. Recover fragments, decode the firmware blob, then POST the maintenance key.
|
|
|
|
## Steps
|
|
|
|
1. Discover resources
|
|
```bash
|
|
coap-client -m get coap://HOST/.well-known/core
|
|
```
|
|
|
|
2. Get fragments A and B
|
|
```bash
|
|
coap-client -m get coap://HOST/status
|
|
coap-client -m get coap://HOST/telemetry/heart
|
|
```
|
|
|
|
3. Observe the stream for fragment C
|
|
```bash
|
|
coap-client -m get -s 30 -o coap://HOST/wired/stream
|
|
```
|
|
Capture the JSON notification that includes `fragment_c`.
|
|
|
|
4. Build XOR key
|
|
Concatenate fragments in order A + B + C:
|
|
```
|
|
WIRED + LAIN + 23 = WIREDLAIN23
|
|
```
|
|
|
|
5. Download firmware blob
|
|
```bash
|
|
coap-client -m get coap://HOST/archive/firmware
|
|
```
|
|
Save the base64 data between `FIRMWARE_B64_BEGIN` and `FIRMWARE_B64_END` into `firmware.b64`.
|
|
|
|
6. Decode the blob
|
|
```bash
|
|
python3 decode.py firmware.b64
|
|
```
|
|
The JSON includes `maintenance_key`.
|
|
|
|
7. Unlock and get the flag
|
|
```bash
|
|
coap-client -m post -e '0BS3RV3-L41N-23' coap://HOST/maintenance/unlock
|
|
```
|
|
|
|
## Flag
|
|
`ESPILON{c0ap_0bs3rv3_th3_w1r3d}`
|
|
|
|
## Author
|
|
Eun0us
|