A remote facility is secured by a two-part access control system. The exterior device contains a keypad that is connected to a microcontroller, which sends entered passwords to a remote API for authorization. During an operation, we succeeded in tapping the connection between the keypad and embedded device. The only thing preventing us from gaining access to the facility now is to decode the obtained data and send the password to /api.
Category: Hardware
Solver: kh1
Flag: HTB{m4721c35_423_v32y_c0mm0n_1n_3m83dd3d_d3v1c35!@&325$}
Writeup
The capture contains
Keypad:
4 5 6 7
_ _ _ _
0 | 1 2 3 A
1 | 4 5 6 B
2 | 7 8 9 C
3 | * 0 # D
Read the active channel from 0-3 and 4-7, select the symbol, done.
curl -X POST -F 'password=5242AD401BA34680A782324AD010203ACD' docker.hackthebox.eu:30912/api
Solver
code = [15, 5, 14, 5, 7, 37, 14, 35, 4, 17, 7, 6, 14, 16, 25, 35, 7, 24,
25, 5, 6, 5, 14, 7, 37, 35, 4, 35, 5, 35, 6, 7, 27, 37]
lookup = {
4: '1',
5: '2',
6: '3',
7: 'A',
14: '4',
15: '5',
16: '6',
17: 'B',
24: '7',
25: '8',
26: '9',
27: 'C',
34: '*',
35: '0',
36: '#',
37: 'D',
}
print("".join([lookup[c] for c in code]))