Embedded Security Capture the Flag

Reverse engineered embedded devices using a fictional debugger. Was able to hack a password protected door-locks one of which utilized a second generation hardware security module and gain entry to the building.

Completed numerous embedded security exercises on the microcorruptions platform. The website hosts a series of challenges containing fictional door-locks with fictional firmware intended to mimic the real life mistakes engineers make with low level software. The site provides a fictional debugger that allows the hacker to reverse engineer the firmware in order to hack the door open. One instance which I have chosen to highlight was the 9th level which which employs a second generation hardware security module. The authentication is not performed on the actual microprocessor but rather executed on the hardware security module. While the security module encrypts the data and handles the authentication logic, it still does not protect against traditional buffer overflows. As such, the HSM can be bypassed by abusing interrupt service routines.

A full write up of the solution can be found on my github.