secure
Once again we have a capture of some wire protocol, supposedly this is a capture of a device communicating with a micro SD card. Opening it up in Saleae Logic shows the following:
After having a bit of a google we find that SD cards communicate over a protocol known as Serial Peripheral Interface (SPI), so we use the analyzer on the capture.
Deciding which channels in the capture map to which SPI wire took some investigation, SPI has four (or sometimes three) channels:
- MOSI: Master out slave in. This wire is for commands and data going from the host to the device.
- MISO: Master in slave out. This wire is for commands and data going from the device to the host.
- Enable: Also known as chip select/ slave select. Does some stuff.
- Clock: Oscillates for every bit being sent down the interface.
Looking at the channels, Channel 3 was certainly the clock, it oscillates rapidly. Channel 0 and 1 look to be MOSI/MISO as they flip sometimes while the clock is pulsing. That leaves channel 2 as Enable, which makes sense as it goes low if the clock is active, and is high otherwise.
To extract the data I exported the decoded communication to a CSV file,
and used the command xsv select mosi out.csv | grep "[^\"]" > out_mosi
to extract just the mosi channel.
Loading this file in cyberchef (for it's hex decode utility, I'm lazy -_-), we can see the flag clearly: