In a new addition for the challenge this year we have a Hardware Hacking problem. Talking to Jewl will let us know that they need help connecting to a UART interface. They’ll also let us know that there was a note with the settings but it’s been shredded. Luckily since we already completed Frosty Keypad, we have the shredded pieces of this note.
Unshredding the Note
Inside of our badge in items we’ll now have One Thousand Little Teeny Tiny Shredded Pieces of Paper. Downloading this will give us a zip file which, when extracted, shows us exactly that
Luckily in our hints we have a way to put this back together. The hint On the Cutting Edge provides us with a heuristic edge detection python script. We can run this script against the shredded image to piece it back together
Mirroring this image will put it back to a readable state and reveal the serial settings for accessing the device
Baud: 115200
Parity: Even
Data: 7 Bits
Stop Bits: 1 Bit
Flow Control: RTS
Silver Medal
With the note decoded we now just need to wire up our UART device and set the settings to unlock the silver medal. We also need to ensure that the voltage is set from 5v to 3.3v or we’ll see a fun little animation of the chip exploding. The completed setup can be seen below
V to VCC
T to Rx
R to Tx
G to Grnd
Clicking the S will grant us the silver medal
Gold Medal
Talking to Jewl again he will give us a hint on the Gold Medal saying that there is a way to bypass the hardware entirely. Given the rest of the theme of Act II’s challenges, I figured this had something to do with sending a web request. We also have a hint that points us towards using v1 of the API instead of v2. I began with opening up dev tools and watching the Network and Console tabs while I interacted with the challenge
First thing I noticed was the console was logging when the pins were all synced. Interesting but not the smoking gun yet. I continued on with the silver medal solution still watching the console. Submitting the solution gave us what we were looking for, a POST request to https://hhc24-hardwarehacking.holidayhackchallenge.com/api/v2/complete. The Body of this request contained {"requestID":"ee347cba-8c71-4164-82ea-b0fca7f23b8b","serial":[3,9,2,2,0,3],"voltage":3}. That looks like our solution now we just need to craft the request and send it.
Following the hint we can update the request to instead send to https://hhc24-hardwarehacking.holidayhackchallenge.com/api/v1/complete. We’ll also need to change the requestID. To do this, close and re-open the challenge then enter into the console getResourceID(). This will return a resource ID for us to use to authenticate our request. replacing the ID in our request body and sending the request should unlock the Gold Medal.
Leave a Reply