hardwaremedium
Secret Treasures
HackTheBox
Task: ARM embedded system reads 8-digit passcode via UART, uses it as LCG seed to generate addresses into W25Q128 SPI flash, reads scattered flag bytes. Solution: reverse engineer LCG parameters from binary, brute-force 10^8 seed space with known-plaintext 'HTB{' prefix check against flash dump.
$ ls tags/ techniques/
known_plaintext_attackprng_state_recoveryarm_reverse_engineeringlcg_seed_bruteforcespi_flash_address_reconstruction
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Create a free account with GitHub to get started.
$ssh [email protected]