Project Sekai - ✅-reverse-squiggles

squiggles - 500 points

Category: Reverse Description: This problem features a logic capture from a Microchip 25LC640A EEPROM chip. The logic capture can be viewed with Saleae's Logic Pro software, available at: https://www.saleae.com/downloads/ The datasheet for the 25LC640A can be found at: https://ww1.microchip.com/downloads/aemDocuments/documents/MPD/ProductDocuments/DataSheets/25AA640A-25LC640A-64K-SPI-Bus-Serial-EEPROM-20001830G.pdf This challenge was authored and sponsored by Battelle. Files:

https://wolvctf.io/files/42d577340f2e562dc61225643e25508b/squiggles.zip?token=eyJ1c2VyX2lkIjoyNjgsInRlYW1faWQiOjE3MCwiZmlsZV9pZCI6MzV9.ZBTG-Q.2sb1E7H0PeQI4G-9E4kbOaC0qhI

Tags: budget_hackerman#3831

Sutx pinned a message to this channel. 03/17/2023 1:00 PM

@Utaha wants to collaborate

@Utaha left you alone, what a chicken!

ok gonna try this for fun

@Zafirr wants to collaborate

u know hardware?

nope

19:46

time to read

i downloaded the hal but cant rev it

wait 4 solves?

20:17

lol

@Violin wants to collaborate

@Violin wanna try tgt?

i just download

ill share reading updates

21:14

signal somewhat looks like this

21:14

so first might need to know what each channel is recording

21:16

channel 3 always on Low, and 2/6/7 always High

21:16

prob ignorable idk

21:17

also all the logics seem scuffed at beginning

21:17

read doc time

does this convert to channel 0-7?

21:31

considering only channel 0,1,4,5 has signal, it's CS, SO, SI, SCK in the table

checking the ops

lmao

yeah

yeah maybe

seems to be matching

21:33

0-5-4-1

yup

you can move channels

21:33

on sal

i think 2 microseconds is 1 bit .. ?

sahuang

used /chatgpt

We have a logic capture from a Microchip 25LC640A EEPROM chip. The capture says "5MS/s, 3.3+ Volts". How many microseconds is a bit if converted? To convert from the sampling rate of 5 MS/s to the time per bit, we can use the formula: Time per bit = 1 / Sampling rate Substituting the values given: Time per bit = 1 / 5,000,000 Time per bit = 0.0000002 seconds or 0.2 microseconds Therefore, each bit in the logic capture corresponds to 0.2 microseconds.

hmm

ehh i still think its 2 microseconds

21:36

.2 is way too small

yeah

sahuang

checking the ops

is the 16 bit address big or small endian

idk ask chat gpt

21:39

it should be good in these documented stuff

21:39

im still checking the ms/s thing

21:41

yeah it looks like 2us

Zafirr

used /chatgpt

we have a Microchip 25LC640A EEPROM. During the read sequence, how is the address encoded? As an AI language model, I don't have access to the specific details of the Microchip 25LC640A EEPROM. However, in general, the address in an EEPROM is usually encoded using binary notation. This means that the address is represented in a series of ones and zeros that correspond to the specific memory location that needs to be read. The number of bits used to encode the address can vary depending on the size of the EEPROM and the number of memory locations it contains. The address is usually sent to the EEPROM using a serial communication protocol, such as SPI or I2C, and is decoded by the EEPROM to determine the memory location to be accessed.

sahuang

used /chatgpt

we have a Microchip 25LC640A EEPROM. During the read sequence, how is the address encoded? what is the endianness? As an AI language model, I don't have access to the specific datasheet of Microchip 25LC640A. However, in general, the address in EEPROM is encoded in either big-endian or little-endian format depending on the design of the device. The endianness specifies the order in which bytes are stored in memory. In big-endian format, the most significant byte is stored at the lowest memory address and the least significant byte is stored at the highest memory address. Whereas in little-endian format, the least significant byte is stored at the lowest memory address and the most significant byte is stored at the highest memory address. The specific endianness of the Microchip 25LC640A EEPROM can be found in its datasheet or user manual.

bruh

whats the flag format

i think wctf

ok its just the brown channel then

21:44

just decode them to ascii

sahuang

you can move channels

channel 1

oh

21:45

ur right i think

21:45

Serial Data Output

they might be scrambled based on channel 4, but lets just decode them first

no scramble

21:50

can flag it

yeah i almost got it

sahuang

used /ctf submit

✅ Well done, challenge solved!

ill submit it

fast

u can guess and skip

21:53

i just got first 2 or 3 letters in each word

lmao

like lit then just little_ (edited)

21:53

but yeah its easier than i thought no need to mess up 4 channels

wouldve been better if scrambled

originally i think first half is read flag second half is some logics to check flag

xD

idk why the flag in second half is separated so long

to be annoying

21:54