Tanya Goyal's Blog

Advent Of Cyber 2022 | Day 20 | TryHackMe

Advent Of Cyber 2022 | Day 20 | TryHackMe

Tanya Goyal's photo
Tanya Goyal
·

3 min read

Hello everybody! Welcome to yet another blog. I hope you are enjoying the advent of cyber. All the tasks are amazing this year. I hope you are learning something new every day. It's time to move to the new task of day 20. Let's do this.

Binwalkin’ around the Christmas tree

This task is focusing on firmware. Firmware is software that provides basic machine instructions that allow the hardware to function and communicate with other software running on a device. The firmware provides low-level control for a device's hardware. In this task, we are going to do reverse engineering. It's like we are going to analyse the firmware to figure out how it was built and what it does. Let's move to the practical part of this task. Open your attack box first.

Question1

So we have three directories. let's move to bin directory first. Notice we have a file called firmwarev2.2-encrypted.gpg. Let's try to perform some reverse engineering here. Use command :

binwalk -E -N firmwarev2.2-encrypted.gpg

The rising entropy edge means that the file is probably encrypted and has increased randomness.

Let's use an older version of firmware and find the encryption keys from there and use those keys in the above firmware. It is located inside bin-unsigned. Change your directory to bin-unsigned. You can see the file firmwarev1.0-unsigned. Use command extract-firmware.sh firmwarev1.0-unsigned

All the outputs are saved in '/home/test/bin-unsigned/fmk/*'

Now we need to find the paraphrase. Use the command grep -ir paraphrase .

Your paraphrase will be visible to you.

Remember this. If you check your fmk/rootfs/gpg/ directory, you can see your public and private key which you got from reverse engineering of older version of firmware. Let's use these keys in our encrypted version. First of all you need to import these keys. Use command :

gpg --import fmk/rootfs/gpg/private.key

They will ask for a paraphrase. Enter the paraphrase that we got above. Santa@2022. In the same way, import public key also.

gpg --import fmk/rootfs/gpg/public.key

Let's decrypt our encrypted firmware. Again go to bin directory and enter command:

gpg firmwarev2.2-encrypted.gpg

Use ls command.

This is our decrypted file. Now we are going to perform reverse engineering. Use command:

extract-firmware.sh firmwarev2.2-encrypted

Our results are saved in /home/test/bin/fmk/. Let's move to this directory.

Go to rootfs directory. You can see a file called flag.txt. Check its content and you got your flag.

Question2

We already found the answer. It is Santa@2022

Question3

For this, use command

ls -ahl *

Scroll down, and you will get your answer in the red line.

Question4

They are recommending you join their discord server.

Congratulations !! we completed this task. New task will be added tomorrow. Till then you can follow me here for upcoming blogs on the advent of cyber 2022. In the end, you will get a certificate from tryhackme for completing this challenge.

Keep learning and keep spreading Knowledge.

Did you find this article valuable?

Support Tanya Goyal by becoming a sponsor. Any amount is appreciated!

day20AdventOfCyber2022tryhackme#walkthrough