Debug - HackTheBox

Description

A satellite dish debugging interface captured a serial signal during boot. We need to decode the UART signal to find the flag.

Files provided:

• hw_debug.sal - Saleae Logic 2 capture file (ZIP archive containing digital-0.bin, digital-1.bin, meta.json)

Analysis

Initial Reconnaissance

The .sal file is a Saleae Logic 2 capture format. Despite appearing as a single file, it's actually a ZIP archive containing:

• digital-0.bin - TX channel data
• digital-1.bin - RX channel data
• meta.json - Capture metadata (sample rate: 25 MHz)

The challenge involves decoding UART (Universal Asynchronous Receiver-Transmitter) serial communication captured from a satellite dish debugging interface during boot.

Failed Approaches

1. Manual binary parsing - Found ASCII-like codes (AX, AY, C0, C1, etc.) embedded in the file but couldn't extract meaningful data
2. Bit mapping and frequency analysis - Various approaches didn't produce readable text
3. sigrok-cli - Got framing errors with different baud rates, indicating incorrect settings

Key Insight

For Saleae Logic 2 captures, using the official software is the most reliable approach. The proprietary format is best handled by the native application.

Solution

Step 1: Install Saleae Logic 2

brew install --cask saleae-logic

Step 2: Open and Configure Analyzer

1. Open hw_debug.sal in Saleae Logic 2 GUI
2. Add "Async Serial" analyzer with settings:
   • Baud Rate: 115200 (standard UART debug rate)
   • Bits per Frame: 8
   • Stop Bits: 1
   • Parity: None
   • Bit Order: LSB first

Step 3: Export and Parse Data

Export analyzer results to CSV, then convert hex values to ASCII:

#!/usr/bin/env python3
"""
Parse Saleae Logic 2 UART export CSV and convert to ASCII text.
"""
import csv

...