$ cat writeup.md…
$ cat writeup.md…
hackthebox
Task: Analyze VHDL source code for a TPM chip to find a backdoor. Solution: Identified a pattern comparator that bypasses encryption when input matches 0xFFE9, revealing the hardcoded secret key.
$ cat /etc/rate-limit
Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.
This challenge presents VHDL source code for a Trusted Platform Module (TPM) chip. The goal is to analyze the hardware description, find the backdoor, and understand how to extract the secret key.
This is the main entity that combines the following components:
ckey: Component that provides the secret key.encryption: Data encryption module.backdoor: Module that checks input data for a backdoor trigger.The tpm.vhdl architecture implements a process that controls the Output signal:
process(Key, Encrypted, B) begin case B is when '1' => for i in 0 to 15 loop Output(i) <= Key(i); end loop; when others => for i in 0 to 15 loop Output(i) <= Encrypted(i); end loop; end case; end process;
If signal B (output of the backdoor module) equals '1', the device outputs the raw secret key Key. Otherwise, it outputs encrypted data.
This module is responsible for activating signal B. It defines a constant pattern:
constant pattern : STD_LOGIC_VECTOR(15 downto 0) := "1111111111101001";
The activation logic is simple:
if D = pattern then B <= '1'; else B <= '0'; end if;
The backdoor triggers when input data D exactly matches the pattern 1111111111101001 (in hexadecimal: 0xFFE9).
This file contains the hardcoded secret key that the TPM is supposed to protect:
constant key : STD_LOGIC_VECTOR(15 downto 0) := "0110001111100001";
Key value in HEX: 0x63E1.
The encryption module performs XOR between input data and the key, but contains intentional errors:
NOT K(i), ignoring input data D.
This makes encryption irreversible for some bits, but doesn't interfere with the backdoor operation....
$ grep --similar