1.5 KiB
1.5 KiB
ESP Start — Solution
Difficulty: Easy | Category: ESP | Flag: ESPILON{st4rt_th3_w1r3}
Overview
Flash the provided firmware onto an ESP32. On boot, the device outputs an XOR-encrypted flag along with the XOR key via UART at 115200 baud.
Step 1 — Flash the firmware
esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 460800 write_flash -z \
0x1000 bootloader.bin \
0x8000 partition-table.bin \
0x10000 hello-espilon.bin
Step 2 — Read the UART output
screen /dev/ttyUSB0 115200
# Or:
minicom -D /dev/ttyUSB0 -b 115200
The device prints:
=== Hello ESP ===
System ready.
Encrypted flag: 09 12 19 07 00 0E 07 35 3F 35 7D 3C 38 1E 3D 26 7F 1E 3E 7F 3E 72 34
XOR Key: 4C 41 49 4E
Step 3 — Decrypt the flag
XOR key is LAIN (4C 41 49 4E). Apply it cyclically:
enc = bytes([0x09,0x12,0x19,0x07,0x00,0x0E,0x07,0x35,
0x3F,0x35,0x7D,0x3C,0x38,0x1E,0x3D,0x26,
0x7F,0x1E,0x3E,0x7F,0x3E,0x72,0x34])
key = b"LAIN"
flag = bytes(b ^ key[i % len(key)] for i, b in enumerate(enc))
print(flag.decode())
# ESPILON{st4rt_th3_w1r3}
Key Concepts
- ESP32 flashing:
esptool.pywrites bootloader, partition table, and application at their respective offsets - UART monitoring: ESP32 default baud rate is 115200, 8N1
- XOR cipher: Simple symmetric cipher — key is broadcast in plaintext here as an intro challenge
Flag
ESPILON{st4rt_th3_w1r3}
Author
Eun0us