hackers will never be able to exploit! Prove me wrong by reading DID 0x7A69 and win a big bounty flag. You can talk to the UDS server by using Tx ID 0x769. You must solve this challenge on the CHV floor to get the flag, but I provide you an online mirror to write and test your exploit at 52.9.34.196:9999. In the attachments you'll find a client to connect to the remote instance and a readme explaining how the communication works in case you need/want to implement your own.
サービス名 機能概要 10 Diagnostic Session Control セッションの切り替え 22 Read Data By Identifier DIDの読み出し 23 Read Memory By Address アドレス指定によるメモリの読み出し 27 Security Access Challenge & Response認証 2E Write Data By Identifier DIDの書き込み 3E Tester Present セッションのタイムアウト防⽌
◦ ⽂字列 “Is this a leak? Should we call a plumber?” ◦ ⽂字列 ”Did you lock yourself out without the keys?” ▪ Security Accessに関連するというヒント ◦ x86のコードの断⽚ 13 23 24 00 00 00 00 01 00 SID Address and length format identifier Memory address Memory size
<現在のセッション> 0xf170 b'Why do pistons make such bad employees? ' 0xf171 b'They only work after they are fired' 0xf172 b'My wife gave birth to our son in the car on our way to the hospital.' 0xf173 b'We named him Carson.' … (以下jokeが続く) Write Data By Identifier サービスで書き換えれば Security Accessの関数を騙 せる...? *0x40f697の値?
Accessを突破する (SID:0x27) 4. DID 0x7a69を読み出す (SID:0x22) 18 CHV{Congrats! Now go solve it one the CHV floor to get the real flag!} 現地メンバーに現地マシンで同じ⼿順を試してもらいreal flag取得
ECU network. Starting from the infotainment system, you must navigate through multiple Electronic Control Units (ECUs) to reach the critical engine control module. This multi-stage challenge simulates real-world automotive attack scenarios involving firmware analysis, CAN bus exploitation, and ECU authentication bypass. WiFi SSID: CarHackingCTF, PW: Route44Polyglot33$, URL: http://192.168.22.193:8080/
Menu: 1. Media Player 2. Navigation 3. Settings 0. Exit Choice: 3 === Settings === 1. Display Settings 2. Audio Settings 3. System Info 4. Device Manager 0. Back to Main Menu Choice: 9 Enter version number (x.y.z format):
passed! Basic access granted. Debug option unlocked. Entering debug mode... (中略) === Settings === 1. Display Settings 2. Audio Settings 3. System Info 4. Device Manager 0. Back to Main Menu Choice: 9 Attempt full admin access? (y/n): y Enter admin authentication code: