forensicsmedium

BadUSB

duckerz

Task: Analyze BadUSB firmware (Arduino Micro ELF) to identify the attacker. Solution: Reverse AVR firmware, extract XOR key (0x48) to decrypt password, use it to decrypt AES-256-CBC payload revealing GitHub URL, enumerate repository branches to find hidden fl46 branch with flag.

$ ls tags/ techniques/

reverse_engineering openssl xor aes github hid firmware badusb avr arduino keyboard_emulation

avr_firmware_reversingxor_single_byte_decryptionopenssl_aes_decryptiongithub_branch_enumerationhid_attack_analysis

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]