53 lines
1.1 KiB
Markdown
53 lines
1.1 KiB
Markdown
# Observe The Wired -- Solution
|
|
|
|
## Overview
|
|
CoAP node with observable stream. Recover fragments, decode the firmware blob, then POST the maintenance key.
|
|
|
|
## Steps
|
|
|
|
1. Discover resources
|
|
```bash
|
|
coap-client -m get coap://HOST/.well-known/core
|
|
```
|
|
|
|
2. Get fragments A and B
|
|
```bash
|
|
coap-client -m get coap://HOST/status
|
|
coap-client -m get coap://HOST/telemetry/heart
|
|
```
|
|
|
|
3. Observe the stream for fragment C
|
|
```bash
|
|
coap-client -m get -s 30 -o coap://HOST/wired/stream
|
|
```
|
|
Capture the JSON notification that includes `fragment_c`.
|
|
|
|
4. Build XOR key
|
|
Concatenate fragments in order A + B + C:
|
|
```
|
|
WIRED + LAIN + 23 = WIREDLAIN23
|
|
```
|
|
|
|
5. Download firmware blob
|
|
```bash
|
|
coap-client -m get coap://HOST/archive/firmware
|
|
```
|
|
Save the base64 data between `FIRMWARE_B64_BEGIN` and `FIRMWARE_B64_END` into `firmware.b64`.
|
|
|
|
6. Decode the blob
|
|
```bash
|
|
python3 decode.py firmware.b64
|
|
```
|
|
The JSON includes `maintenance_key`.
|
|
|
|
7. Unlock and get the flag
|
|
```bash
|
|
coap-client -m post -e '0BS3RV3-L41N-23' coap://HOST/maintenance/unlock
|
|
```
|
|
|
|
## Flag
|
|
`ESPILON{c0ap_0bs3rv3_th3_w1r3d}`
|
|
|
|
## Author
|
|
Eun0us
|