just a hint for the first half of the endless loop; try using external interrupts instead of checking the state of a pin every time. you might miss state changes this way, when they occur during the other part of the execution.
Great video, ironically I got on youtube because I was tired of doing an essay for an electrical engineering course yet I was so happy while watching this. PS: I need to get my hands on a nice Rigol or KeySight osc, I have a Picoscope but the digital display is so much nicer.
At around about 2:20 it seems like you want to say that the Analog IO is not part of the set of pins you needed to worry about. However, they could have easily used these pins as standard digital I/O and tricked you this way. This "analog" I/O is a bit missleading. In reality, these are standard digital pins that are connected to the ADC multiplexer.
Ah yeah now I get what you mean. I guess I didn't make that clear in the video, I wasn't trying to say that those pins are something completly different, just those are labeled as analog pins - so that's how I called them in the video too :) I would have obviously checked them out too, but the saleae can only do 8 pins and I had to start somewhere
I have a theory that the voltage level would change if the pin was set as an output or input, maybe because of pullup/down resistors? Though its possible that all the potential pins are set as outputs on startup meaning that such information wouldn't be much use.
you can see in logic analyzer screen that output signal is clean signal and other have a lot of noise and easily picked up other signal. That means they are in high impedance mode (inputs) and have no pull-up/pull-downs configured
there was no leakage. as a engineering student who does most of his work on drones and arduino's, that's just a initialization if you see arduino.cc it has a startup void, and in that when you define, any variable, as output of input, they are tested or set high or a value of 255 so that arduino knows that pin works. at least there's no fault in the chip of the controller. so that's what you are seeing not some analog leakage, and now i think this vid is 3 years old so you may have learned that already
From the source (now published) the timeout starts at 5000ms and is halved after every successful whack. That's why you got less time than 100ms after a while.
Dang. I got stuck at the 8'th hit as you did. Never got past that and noticing the timing change. I also found the changing sequence of input pins changing frustrating. 200 points lost :-(
I didn't quite understand the issue in the video because it was glossed over rather quickly - basically the idea is the response pulses should have been less than 50ms?
The time you had for hitting just got shorter and shorter. And at some point it was so short that you had to be very fast. And that might not be so easy
While the way it was done was more complex to decode, am I the only one that thought the wake-a-mole interface would be different.. that it would simply raise a random GPIO high and to "wack it", pull the corresponding pin to GND for a moment.
Love the channel mate keep up the good work,What are the chances of having a go at bypassing windows CFG ?Im looking into bypassing it this month i have a few ideas.
unfortunately this challenge doesn't seem to be available (yet): github.com/Riscure/Rhme-2016/tree/master/challenges/binaries But you can play those other challenges ^
Well, at least one of those would be enough, a logic analyzer OR an oscilloscope. Also, there are dirt cheap logic analyzers on ebay (like 5€ from china). Yes, its more complicated, but absolutely possible to do a challenge like this on a budget. Hell, if money is really tight you could even use an arduino to try and analyze the output.
Well.... he "solved" it with an arduino board, he just used the osc. and logic analyser to do it more quickly than programming an arduino board to read for any information on any pins and somehow "tell" him what was read (and when). Just like he could have used the osc. on it's own instead of the l.a. to see which pins were outputting information except he'd have had to do it 2 pins at a time instead of 8 and he could have used the l.a. instead of the osc. to get the information except he'd have had to wait for all the data to be collected instead of seeing it in real time like the osc. provided. The way to solve this is to find out which pins are providing information, figuring out what that information means (where the "mole" is) , figuring out how to respond to it (set the input for that "mole" to high), and then implementing that solution. It's made more difficult by having to re-figure out the pins every time the board is restarted, but the basic idea is the same. read, interpret, plan, write. If you have something that can read data (quickly enough) then you can figure out how to solve this challenge with that even if it's not what was used in the solution(s) you've seen. Obviously some tools are better than others for a particular task (a screwdriver is better compared to a paper clip for turning a screw and a drill with a screw driver bit is faster than a screwdriver) but that doesn't mean they can't still be used. Disclaimer: I'm just a guy who stumbled across some of these videos and semi-understand them lol
no. he just didn't realise the flashing LED on the arduino board that corresponds to pin 13 if you just see that flashing light, then you know something is happening on that pin. the rest you can capture with the second arduino
ThinkPads are tough. Legends say they can withstand a 50 megaton nuclear blast 5 meters away. But legends are just that. Legends. I, however, had a TP T23 and dropped it in my foot. One of the worst thing I've experienced. Ever.
just a hint for the first half of the endless loop; try using external interrupts instead of checking the state of a pin every time. you might miss state changes this way, when they occur during the other part of the execution.
great video though ;)
Love the videos and you narrating the thought process. Keep it up!
What if you just hit all the holes whatever the count? Does hitting a wrong hole count as a miss?
Great video, ironically I got on youtube because I was tired of doing an essay for an electrical engineering course yet I was so happy while watching this.
PS: I need to get my hands on a nice Rigol or KeySight osc, I have a Picoscope but the digital display is so much nicer.
That "gratefull" hurts my eyes - 12:30
I use PulseView with Salae Logic, you get realtime output, in case you are in a pinch and you don't have your scope handy!
where do you find your ctf events?
Ctftimes is a good one
This was a pretty cool challege, I want to try it out too.
Thanks for sharing.
LiveOverflow: there are not much besides the UART
SPI and I2C: am I a joke to you
wow this must have taken forever. thank you so much for your effort, i really appreciate it.
@LiveOverflow: WAIT!, You can use the Analog pins as GPIO just like all the other ones.
mh, what do you mean?
At around about 2:20 it seems like you want to say that the Analog IO is not part of the set of pins you needed to worry about. However, they could have easily used these pins as standard digital I/O and tricked you this way. This "analog" I/O is a bit missleading. In reality, these are standard digital pins that are connected to the ADC multiplexer.
Ah yeah now I get what you mean. I guess I didn't make that clear in the video, I wasn't trying to say that those pins are something completly different, just those are labeled as analog pins - so that's how I called them in the video too :)
I would have obviously checked them out too, but the saleae can only do 8 pins and I had to start somewhere
I have a theory that the voltage level would change if the pin was set as an output or input, maybe because of pullup/down resistors? Though its possible that all the potential pins are set as outputs on startup meaning that such information wouldn't be much use.
you can see in logic analyzer screen that output signal is clean signal and other have a lot of noise and easily picked up other signal. That means they are in high impedance mode (inputs) and have no pull-up/pull-downs configured
this video is 3 years old and the title still has "unkown"
there was no leakage. as a engineering student who does most of his work on drones and arduino's, that's just a initialization if you see arduino.cc it has a startup void, and in that when you define, any variable, as output of input, they are tested or set high or a value of 255 so that arduino knows that pin works. at least there's no fault in the chip of the controller. so that's what you are seeing not some analog leakage, and now i think this vid is 3 years old so you may have learned that already
Wat?
From the source (now published) the timeout starts at 5000ms and is halved after every successful whack. That's why you got less time than 100ms after a while.
Dang. I got stuck at the 8'th hit as you did. Never got past that and noticing the timing change. I also found the changing sequence of input pins changing frustrating. 200 points lost :-(
+Benjamin Sølberg awww. A lot of people got stuck there though
I didn't quite understand the issue in the video because it was glossed over rather quickly - basically the idea is the response pulses should have been less than 50ms?
The time you had for hitting just got shorter and shorter. And at some point it was so short that you had to be very fast. And that might not be so easy
Alright, thanks :-)
While the way it was done was more complex to decode, am I the only one that thought the wake-a-mole interface would be different.. that it would simply raise a random GPIO high and to "wack it", pull the corresponding pin to GND for a moment.
Love the channel mate keep up the good work,What are the chances of having
a go at bypassing windows CFG ?Im looking into bypassing it this month i have
a few ideas.
Is it possible to buy an arduino nano and put the challenge software on the board?
unfortunately this challenge doesn't seem to be available (yet): github.com/Riscure/Rhme-2016/tree/master/challenges/binaries
But you can play those other challenges ^
This was so cool and awesome.
Sooo... You cant solve this challange without a osc. and logic analyser right?
Well, at least one of those would be enough, a logic analyzer OR an oscilloscope.
Also, there are dirt cheap logic analyzers on ebay (like 5€ from china). Yes, its more complicated, but absolutely possible to do a challenge like this on a budget. Hell, if money is really tight you could even use an arduino to try and analyze the output.
Well.... he "solved" it with an arduino board, he just used the osc. and logic analyser to do it more quickly than programming an arduino board to read for any information on any pins and somehow "tell" him what was read (and when). Just like he could have used the osc. on it's own instead of the l.a. to see which pins were outputting information except he'd have had to do it 2 pins at a time instead of 8 and he could have used the l.a. instead of the osc. to get the information except he'd have had to wait for all the data to be collected instead of seeing it in real time like the osc. provided.
The way to solve this is to find out which pins are providing information, figuring out what that information means (where the "mole" is) , figuring out how to respond to it (set the input for that "mole" to high), and then implementing that solution. It's made more difficult by having to re-figure out the pins every time the board is restarted, but the basic idea is the same.
read, interpret, plan, write. If you have something that can read data (quickly enough) then you can figure out how to solve this challenge with that even if it's not what was used in the solution(s) you've seen. Obviously some tools are better than others for a particular task (a screwdriver is better compared to a paper clip for turning a screw and a drill with a screw driver bit is faster than a screwdriver) but that doesn't mean they can't still be used.
Disclaimer: I'm just a guy who stumbled across some of these videos and semi-understand them lol
no. he just didn't realise the flashing LED on the arduino board that corresponds to pin 13
if you just see that flashing light, then you know something is happening on that pin. the rest you can capture with the second arduino
you can use an Arduino as a logic analyser as well, and then print the output over serial
you're actually something else, I'm 20 yo and I hope I'm gonna be at your level when I hit 26
You have a lenovo thinkpad ? :D 2:29
+GlassOfSound who doesn't have a thinkpad? Everybody has a thinkpad.
ThinkPads are tough. Legends say they can withstand a 50 megaton nuclear blast 5 meters away. But legends are just that. Legends. I, however, had a TP T23 and dropped it in my foot. One of the worst thing I've experienced. Ever.
+cyancoyote only true for the old IBM TPs :P
Will you be attending the 34c3 in Leipzig?
www.ccc.de/de/updates/2017/34C3-in-leipzig
www.ccc.de/en/updates/2017/34C3-in-leipzig
already reserved my hotel
That was quick
Amazing video...
Whoa
is it really "unkown" ur u type it wrong? :))