compromised
Similarly to serial_logs we've been given a .sal
file.
Opening this up in Saleae Logic we see two channels with data in:
When playing around with the analyzers earlier I noticed that the I2C analyzer takes input from two channels, so I tried that. It seemed to decode correctly and showed a sequence of writes to two different addresses.
Guessing that the data written should be grouped by the address written to, I wrote a quick python script to do this:
from collections import defaultdict
x = [
(0x34, 0x73), (0x34, 0x65), (0x34, 0x74), (0x34, 0x5F), (0x34, 0x6D), (0x34, 0x61), (0x2C, 0x43), (0x34, 0x78),
(0x2C, 0x48), (0x34, 0x5F), (0x34, 0x6C), (0x2C, 0x54), (0x34, 0x69), (0x34, 0x6D), (0x2C, 0x42), (0x2C, 0x7B),
(0x34, 0x69), (0x34, 0x74), (0x2C, 0x6E), (0x34, 0x5F), (0x34, 0x74), (0x2C, 0x75), (0x34, 0x6F), (0x2C, 0x31),
(0x34, 0x3A), (0x2C, 0x31), (0x34, 0x31), (0x34, 0x30), (0x2C, 0x5F), (0x34, 0x73), (0x34, 0x65), (0x2C, 0x37),
(0x2C, 0x33), (0x34, 0x74), (0x34, 0x5F), (0x2C, 0x32), (0x34, 0x6D), (0x34, 0x69), (0x2C, 0x6D), (0x34, 0x6E),
(0x2C, 0x31), (0x34, 0x5F), (0x2C, 0x6E), (0x34, 0x6C), (0x34, 0x69), (0x2C, 0x34), (0x34, 0x6D), (0x34, 0x69),
(0x2C, 0x37), (0x2C, 0x30), (0x34, 0x74), (0x34, 0x5F), (0x2C, 0x32), (0x34, 0x74), (0x34, 0x6F), (0x2C, 0x35),
(0x34, 0x3A), (0x2C, 0x5F), (0x34, 0x31), (0x2C, 0x63), (0x34, 0x30), (0x34, 0x2B), (0x34, 0x1D), (0x34, 0x5D),
(0x34, 0x3C), (0x34, 0x2B), (0x34, 0x2F), (0x2C, 0x34), (0x34, 0x7E), (0x2C, 0x6E), (0x34, 0x72), (0x34, 0x5E),
(0x2C, 0x5F), (0x34, 0x79), (0x34, 0x7A), (0x2C, 0x38), (0x2C, 0x32), (0x34, 0x47), (0x34, 0x62), (0x2C, 0x33),
(0x34, 0x62), (0x34, 0x22), (0x2C, 0x34), (0x34, 0x23), (0x2C, 0x6B), (0x34, 0x55), (0x2C, 0x5F), (0x34, 0x16),
(0x34, 0x03), (0x2C, 0x34), (0x34, 0x2B), (0x34, 0x4A), (0x2C, 0x5F), (0x2C, 0x35), (0x34, 0x01), (0x34, 0x0D),
(0x2C, 0x33), (0x34, 0x4D), (0x34, 0x0E), (0x2C, 0x32), (0x34, 0x42), (0x2C, 0x31), (0x34, 0x00), (0x2C, 0x34),
(0x34, 0x42), (0x34, 0x12), (0x2C, 0x31), (0x34, 0x64), (0x34, 0x56), (0x2C, 0x5F), (0x2C, 0x35), (0x34, 0x07),
(0x34, 0x20), (0x2C, 0x79), (0x34, 0x53), (0x34, 0x05), (0x2C, 0x35), (0x34, 0x42), (0x2C, 0x37), (0x34, 0x6B),
(0x2C, 0x33), (0x34, 0x1D), (0x34, 0x1A), (0x34, 0x31), (0x34, 0x56), (0x34, 0x05), (0x34, 0x51), (0x34, 0x78),
(0x2C, 0x6D), (0x34, 0x14), (0x2C, 0x21), (0x34, 0x6A), (0x34, 0x16), (0x2C, 0x40), (0x34, 0x60), (0x34, 0x51),
(0x2C, 0x35), (0x2C, 0x32), (0x34, 0x79), (0x34, 0x71), (0x2C, 0x29), (0x34, 0x74), (0x34, 0x25), (0x2C, 0x23),
(0x34, 0x20), (0x2C, 0x40), (0x34, 0x35), (0x2C, 0x25), (0x34, 0x6D), (0x34, 0x64), (0x2C, 0x7D), (0x34, 0x53),
(0x34, 0x16),
]
d = defaultdict(list)
for k, v in x:
d[k].append(chr(v))
for k, v in d.items():
print(k, "".join(v))
Running this prints the flag:
λ python lol.py
MBBdV SBk1VQxj`Qyqt% 5mdS_min_limit_to:10+]<+/~r^yzGbb"#U+J
44 CHTB{nu11_732m1n47025_c4n_8234k_4_532141_5y573m!@52)#@%}