We start by downloading the source files.
We are give a
# Configure according to your setup
host = '83.136.253.78' # The server's hostname or IP address
port = 34372 # The port used by the server
cs=0 # /CS on A*BUS3 (range: A*BUS3 to A*BUS7)
There is an example of how to send an instruction:
# Example command
jedec_id = exchange([0x9F], 3)
print(jedec_id)
To call an instruction we have to know it's opcode. To find the possible instructions we google the chip's name
Under
So we can read bytes from the memory chip by calling the
The following code reads all the important data from the memory chip and prints it out.
import socket
import json
def exchange(hex_list, value=0):
# Configure according to your setup
host = '83.136.253.78' # The server's hostname or IP address
port = 34372 # The port used by the server
cs=0 # /CS on A*BUS3 (range: A*BUS3 to A*BUS7)
usb_device_url = 'ftdi://ftdi:2232h/1'
# Convert hex list to strings and prepare the command data
command_data = {
"tool": "pyftdi",
"cs_pin": cs,
"url": usb_device_url,
"data_out": [hex(x) for x in hex_list], # Convert hex numbers to hex strings
"readlen": value
}
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.connect((host, port))
# Serialize data to JSON and send
s.sendall(json.dumps(command_data).encode('utf-8'))
# Receive and process response
data = b''
while True:
data += s.recv(1024)
if data.endswith(b']'):
break
response = json.loads(data.decode('utf-8'))
#print(f"Received: {response}")
return response
def read_data():
data = exchange([0x03, 0x00, 0x00, 0x00], 49)
return data
def parse_data(data):
result = ""
for i in range(0, len(data), 16):
# to ascii
result += "".join([chr(x) for x in data[i:i+16]])
return result
data = read_data()
print(parse_data(data))
Running this code gives us the flag.
python exploit.py
HTB{m3m02135_57023_53c2375_f02_3v32y0n3_70_533!@}