Eun0us/ESPILON-CTF-2026-Writeups
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
95c0b63bfb
ESPILON-CTF-2026-Writeups/IoT/Observe_The_Wired
History
Eun0us 9daaf56eb5 ESPILON CTF 2026 — Write-ups édition 1 (33 challenges)
2026-03-22 19:18:58 +01:00
..
README.md ESPILON CTF 2026 — Write-ups édition 1 (33 challenges) 2026-03-22 19:18:58 +01:00

README.md

Observe The Wired -- Solution

Overview

CoAP node with observable stream. Recover fragments, decode the firmware blob, then POST the maintenance key.

Steps

  1. Discover resources
coap-client -m get coap://HOST/.well-known/core
  1. Get fragments A and B
coap-client -m get coap://HOST/status
coap-client -m get coap://HOST/telemetry/heart
  1. Observe the stream for fragment C
coap-client -m get -s 30 -o coap://HOST/wired/stream

Capture the JSON notification that includes fragment_c.

  1. Build XOR key Concatenate fragments in order A + B + C:
WIRED + LAIN + 23 = WIREDLAIN23
  1. Download firmware blob
coap-client -m get coap://HOST/archive/firmware

Save the base64 data between FIRMWARE_B64_BEGIN and FIRMWARE_B64_END into firmware.b64.

  1. Decode the blob
python3 decode.py firmware.b64

The JSON includes maintenance_key.

  1. Unlock and get the flag
coap-client -m post -e '0BS3RV3-L41N-23' coap://HOST/maintenance/unlock

Flag

ESPILON{c0ap_0bs3rv3_th3_w1r3d}

Author

Eun0us