IOT Range - HackMD

# IOT Range ## Challenge 26-38 ![image](https://hackmd.io/_uploads/SJr6ZSIseg.png) ![image](https://hackmd.io/_uploads/HklgMSLoxg.png) ![image](https://hackmd.io/_uploads/SymumU8iex.png) ### FileOne.bin * ![image](https://hackmd.io/_uploads/H1kDXH8ixx.png) * ![image](https://hackmd.io/_uploads/rkpc7SIilg.png) * ![image](https://hackmd.io/_uploads/H1mCEr8oel.png) * ![image](https://hackmd.io/_uploads/HkJJLr8sel.png) * ![image](https://hackmd.io/_uploads/BJBPjrIiel.png) * ![image](https://hackmd.io/_uploads/rynJaH8sle.png) * ![image](https://hackmd.io/_uploads/Syel-LLiee.png) * ![image](https://hackmd.io/_uploads/HkZr-IUoxx.png) * ![image](https://hackmd.io/_uploads/B10HMUUjgl.png) * ![image](https://hackmd.io/_uploads/rkoAQ8Ljle.png) * ![image](https://hackmd.io/_uploads/H1dTVLLigx.png) ### Answer * Challenge 26:`data` * Challenge 27:`1.0.0` * Challenge 28:`1550` * Challenge 29:`squashfs` * Challenge 30: * Challenge 31:`447` * Challenge 32:`asp` * Challenge 33:`samba` * Challenge 34:`pwnable` * Challenge 35:`mips32` * Challenge 36:`false` * Challenge 37:`6` * Challenge 38:`0x400640` ## Challenge 40-43 ### FileTwo.bin ![image](https://hackmd.io/_uploads/r1gfrLIjxx.png) * ![image](https://hackmd.io/_uploads/r1qprUIjxe.png) * 看起來只是壓縮 * ![image](https://hackmd.io/_uploads/Bkg4UL8sxe.png) ### Answer * Challenge 40:`E826` * Challenge 41:`False` * Challenge 42:`True` * Challenge 43: ## Challenge 44-45, 61 ### FileThree.bin ![image](https://hackmd.io/_uploads/HkivnORiex.png) ![image](https://hackmd.io/_uploads/HkXFluyhee.png) * 這支是有加密的, `binwalk -t`沒辦法直接查看資訊 * ![image](https://hackmd.io/_uploads/HJ6-ztCjgg.png) * XOR加密 * ![image](https://hackmd.io/_uploads/Bk6OMK0sex.png) ```zsh= hexdump -C FileThree.bin |tail -n 30 ``` * xcat解密binary * https://github.com/mstrand/xcat * ![image](https://hackmd.io/_uploads/rJsXe_k3el.png) ```zsh= ./xcat.py -x '8844a2d168b45a2d' ../FileThree.bin >decrypt.bin ``` ### Answer * Challenge 44:`False` * Challenge 45:`True` * Challenge 61:`LZMA` ## Challenge 46-50 ### IOT.bin ![image](https://hackmd.io/_uploads/SyQE4_J3xl.png) * ![image](https://hackmd.io/_uploads/HJKCLu1hge.png) ### Answer * Challenge 46:`0x20` * Challenge 47:`0x3c` * Challenge 48:`0x192728` * Challenge 49:`piggy` * Challenge 50:`squashfs` ## Challenge 51-55 ### IOT2.bin ![image](https://hackmd.io/_uploads/H11sVuJ3ge.png) * ![image](https://hackmd.io/_uploads/ByWku_J3gx.png) ### Answer * Challenge 51:`0x1A0` * Challenge 52:`0x160` * Challenge 53:`26 MB` * Challenge 54:`JFFS2` * Challenge 55:`Little Endian` ## Challenge 56-58 ### IOT3.bin ![image](https://hackmd.io/_uploads/Byh24O1hex.png) * 挺複雜的這題, `binwalk -t`跑出一大堆xz壓縮檔, 但利用`-Me`還是找到關鍵的資料夾 * ![image](https://hackmd.io/_uploads/ryBEptk2xl.png) * 找半天在這個檔案裡 * ![image](https://hackmd.io/_uploads/rJadb5Jhgx.png) * 直接用答案格式下去找可能的檔案在下去翻 * ![image](https://hackmd.io/_uploads/BkJlGcy2ex.png) * ![image](https://hackmd.io/_uploads/H1TfG9y3xx.png) ```zsh= find . -type f -name "?????_??????" ``` ### Answer * Challenge 56:`squashfs` * Challenge 57:`check_fwmode` * Challenge 58:`0ee2cb110a9148cc5a67f13d62ab64ae30783031` ## Challenge 59-60 ### IOT4.bin ![image](https://hackmd.io/_uploads/B1zbS_1nge.png) * ![image](https://hackmd.io/_uploads/BJezV9khle.png) * ![image](https://hackmd.io/_uploads/BytXhhgnll.png) ### Answer * Challenge 59:`HNAP` * Challenge 60:`SOAP`