The task
N00b firmware modder says: “My first u-boot mod, there might be errors :(“ noobs-first-firmware-mod.tgz
The solution
We analyzed the code of the file u-boot
and found a suspicious function do_csaw
.
So we converted the assembly code into a bit more readable python code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
|
Output:
key=\x00--------------------------------------\x00
Obviously this is not the key…
So we wasted a lot of time looking through the binary, simulated it with qemu (qemu-system-arm -kernel u-boot -M versatilepb -m 3G -nographic
) which also din’t help.
After multiple additional hours we decided to add R10 += 1
after line 32 and got the output
key=SPREYOADPC\x00
we tried “SPREYOADPC” as key and got the points.