[Writeup] Cyber Apocalypse 2022 — Space Pulse [Hardware]

Preview of Challenges

Hello! I feel so excited to write this post after my last post on Medium was more than a year ago. this post will be a storytelling :D. last week, I participated in HackTheBox Cyber Apocalypse 2022 with my colleagues. and I was so attracted to Hardware and Reverse Engineering Challenges.

This Challenge has 1 file in .sal format. I know this format is SALEAE LOGIC 2 Analyzer file, let’s open up the file, and I got this :

Challenge Preview

that was my second time facing the hardware challenge. I have no idea what the pulse was, I googled a lot and at first, I thought that was the Async Serial challenge with low frequency inverted pulse (because the pulse idle start from 0) and I have to find the exact bitrate to decode the signal. I tried so many possibilities, from inverted async serial or RS232 to trying all possible analyzer with similar characteristic with various combination of parameters, do the measurement, and tried all the possible bit rates but all I got are just a bunch of junk data and I feel frustrated. I also wrote manual calculations on the board but still got nothing :D.

Junk Data

Manual Calculation and measurement :D

I skipped this challenge and switch to reverse engineering, after some hours of solving some reversing challenges, I was back to solve this one and tried to escape from the rabbit hole, but still got no clue.

2 days after the end of the event, I realized that there was something strange about some numbers appear on logic 2 pulse information. such as duty, freq and req as shown below :

I tried to figured them out, and also decode them to ASCII, but still got nothing. and then I looked at some miliseconds intervals and tried to look at them more detail. Trace them one by one and I realized, those intervals are decimals and decodable to ASCII.

time interval preview sample

All the intervals number on the top and the pulse with value 1 (line on top) are under 255 and most of them are printable. I skipped the bottom and all 0s pulses because most of intervals aren’t printable. map those intervals, convert the floats to ints and decode them to ASCII with simple python script as shown below :

simple decoding script

Run the script, and we got this :

and we got the flag :D : HTB{pu1535_m0du1471n9_1n_5p4c3!52%}

I learned a lot about basic digital signal encoding in this challenge. feel excited and I wish I can learn more about hardware challenges in the future.

edit : After some research and ask people about the writeup and challenge, some random guy on telegram told me that this challenge is actually a PWM(Pulse Width Modulation) signal challenge, I’d like to learn and share more detail about that next time.