Required Resources: Publish firmware file with problem prompt and expose a docker challenge service.
Flag: acsc18{i_thought_crcs_were_secure}
Problem prompt:
It looks like this smart device provides an unauthenticated web portal to update
the firmware. They say that they cryptographically sign their code so there's no
need to authenticate, but I have a hunch it's not as secure as they think. Can
you find a way to upload a modified firmware image?
When you are done with the QA/QC, please enter a comment stating so and how you would rate the difficulty . If you see any issues please note them in the comment as well.
Instructions: For each new challenge complete the above information. Assign the "QA/QC" and "Load Game Engine", labels to all challenges. If required add "Dockerize" and "Challenge Server" for challenges that need to be dockerized or will have to be hosted on the challenge server
firmware
file with problem prompt and expose a docker challenge service.acsc18{i_thought_crcs_were_secure}
Problem prompt:
When you are done with the QA/QC, please enter a comment stating so and how you would rate the difficulty . If you see any issues please note them in the comment as well.
Difficulty key
0 - No background 3 - JCAC (Basic) 6 - Scripting (Senior) 9 - Reverse Engineer (Master)
Instructions: For each new challenge complete the above information. Assign the "QA/QC" and "Load Game Engine", labels to all challenges. If required add "Dockerize" and "Challenge Server" for challenges that need to be dockerized or will have to be hosted on the challenge server