Hardware Hacking 101 Part 1
Difficulty:
Shown in Report
Jingle all the wires and connect to Santa's Little Helper to reveal the merry secrets locked in his chest!
Objective Image
Back
Challenge

I'm Jewel Loggins, and with Santa missing, I really need help fixing his Little Helper tool - specifically connecting to its UART interface which controls our North Pole access cards. I've got all the right tools but can't get the device to respond, and unfortunately, one of Wombley's elves shredded our note with the serial settings, though Morcel Nougat might be able to help recover it.

Solution
Silver medal

Shredded to Pieces Hints: Have you ever wondered how elves manage to dispose of their sensitive documents? Turns out, they use this fancy shredder that is quite the marvel of engineering. It slices, it dices, it makes the paper practically disintegrate into a thousand tiny pieces. Perhaps, just perhaps, we could reassemble the pieces?
On the Cutting Edge Hints: Hey, I just caught wind of this neat way to piece back shredded paper! It's a fancy heuristic detection technique—sharp as an elf’s wit, I tell ya! Got a sample Python script right here, courtesy of Arnydo. Check it out when you have a sec: heuristic_edge_detection.py.

When we help Morcel Nougat, we get a lot of shredded paper snippets, see Items. We can reconstruct these using the Python script from the Hints.

unzip shreds.zip
...
python3 heuristic_edge_detection.py

With a small edit in any graphics programme, we can read the note.

assembled_image.jpg

With these settings, we can now establish the connection. We just have to pay particular attention to the correct polarity for Send/Receive and the voltage (3 volts).

uart_interface.jpg

Note: The Port must be USB0 (screenshot shows the wrong setting here)

Rumor has it you might be able to bypass the hardware altogether for the gold medal. Why not see if you can find that shortcut?

Gold medal

We copy the address of the frame and repeat the scenario again in Burp Suite and the integrated browser to log all accesses, e.g. https://hhc24-hardwarehacking.holidayhackchallenge.com/?&challenge=termHardwareHacking101A&username=xy&id=xy...

We take a look at the source code and find a place that refers to an older API:

hw1_gold_1.jpg

If we now make the same call to the the older API v1 (in the simplest case via Burp Repeater), we have solved the task.
Note: I'm not quite sure how this solution fits with the ‘shortcut, bypassing the hardware altogether’, but it seems to be correct.

hw1_gold_2.jpg

I'm thrilled you managed to connect to the UART interface - I was stuck on those wires! Now we need to use the 'slh' application to modify the access database for card 42, but we'll need to find the password first since it's protected - try searching the terminal, as passwords sometimes get left in plain sight.