Burning a bootloader to an Arduino Nano using another Arduino

Recently I have bought a cheap clone of Arduino Nano from the Chinese site Deal Extreme. Unfortunately, that product (SKU 81877) comes without a bootloader. The main sign that indicates you that the Arduino doesn’t have a bootloader is that the “L” LED, next to the Power LED, doesn’t blink when the Arduino is connected to the power source or when the Reset button is pressed.

It is possible to use your Arduino without a bootloader, but it won’t work with the Arduino IDE and you will need an external AVR Programmer like this one in order to upload sketches.

So I needed to follow two main steps in order to get my Arduino Nano working without buying an AVR programmer:

  1. Solder the six ICSP pins. These pins are provided in the same package, but you need to solder them to the Arduino board.
  2. Use another Arduino (a working one) as an ISP programmer in order to burn a bootloader onto the non-working one. I borrowed another Arduino Nano from my friend Nahuel (let me say thank you to him and Dani, who helped me with all of this), but other models shoud work too.

The Arduino board I bought looked like this. Notice that the ICSP header slot, highlighted in red, doesn’t have any pins soldered to it:

icsp

Continue reading

Advertisements

Nullcon HackIM CTF 2013 – Reverse Engineering 300 Write up

Reverse Engineering 300

This Reverse Engineering challenge was a virtual machine implemented in Javascript:

/*
	+---------------------------+
	| Custom Javascript Crackme |
	+---------------------------+

[+] Tested on : Safari, Google-Chrome, Opera, Firefox. (IE ?? O..puhleez!)
[+] No obfuscation, nothing. Just plain code. 🙂
[?] Should be an easy one, eh? 😉
[+] Best of luck!
(c) HackIM2013

*/

var key=[];
var code=[901, 340, 505, 140, 305, 461, 901, 722, 340, 539, 723, 241, 339, 540, 238, 142, 342, 901, 722, 901, 722, 606, 000, 542, 243, 243, 244, 340, 830, 653, 553, 140, 145, 353, 546, 140, 653, 000, 17, 10, 000, 001, 000, 400, 60, 459, 41, 22, 76, 76, 75, 75, 37, 417, 560, 140, 145, 360, 547, 140, 417, 567, 140, 145, 367, 548, 140, 417, 574, 140, 145, 374, 549, 140, 417, 581, 140, 145, 381, 550, 140, 417, 588, 140, 145, 388, 551, 140, 417, 595, 140, 145, 395, 552, 140, 417, 423];
var output=[];

function msg()
{
var message=output.toString().replace(/\,/gi,"");;
document.getElementById("key").value=message;
}

function LMC()
{
	var accumulator=0;
	var inp_counter=0;
	var code_counter=0;
	var pc=code[code_counter];
	while(code[code_counter]>0)
	{
		pc=code[code_counter];
		var mailbox=parseInt(pc%100);
		var opcode=parseInt(pc/100);
		switch(opcode)
		{
			case 1:
  						accumulator=accumulator+code[mailbox];
  						code_counter++;
  						break;
			case 2:
  						accumulator=accumulator-code[mailbox];
  						code_counter++;
  						break;
			case 3:
  						code[mailbox]=accumulator;
  						code_counter++;
  						break;
			case 5:
  						accumulator=code[mailbox];
  						code_counter++;
  						break;
			case 6:
  						code_counter=mailbox;
  						break;
			case 7:
  						if(accumulator==0)
  							{code_counter=mailbox;}
  						else{code_counter++;}
  						break;
			case 8:
  						if(accumulator>=0)
  							{code_counter=mailbox;}
  						else{code_counter++;}
  						break;
			case 9:
  						if(pc==901)
  						{
  							if(inp_counter<key.length)
  							{
  								accumulator=key[inp_counter];
  							 	inp_counter++;
  							 }
  							 else
  							 {
  							 	accumulator=0;
  							 }
  						}
  						else if(pc== 902)
  						{
  							output.push(String.fromCharCode(accumulator));
   						}
  						code_counter++;
  						break;
  		case 0:
  						code[0]=0;
  						code_counter=0;
  						break;
    	default:
  						code[0]=0;
              code_counter=0;
              break;
		}
	}
}

function setup()
{
	 var temp=document.getElementById("key").value;
	 for(var i=0; i<temp.length; ++i)
	 {
	 	key.push(temp.charCodeAt(i));
	 }
	 LMC();
	 msg();
}

Let’s dissect this virtual machine!

Continue reading

Nullcon HackIM CTF 2013 – Reverse Engineering 100 Write up

Reverse Engineering 100

We were provided with this highly obfuscated code:

''=~('('.'?'.'{'.('`'|'%').('['^'-').('`'|'!').('`'|',').'"'.('['^'.').('['^'(').('`'|'%').('{'^'[')
.('['^'(').('['^'/').('['^')').('`'|')').('`'|'#').('['^'/').';'.('['^'.').('['^'(').('`'|'%').('{'^
'[').('['^',').('`'|'!').('['^')').('`'|'.').('`'|')').('`'|'.').('`'|"'").('['^'(').';'.('`'|')').(
'`'|'&').'('.'\\'.'$'.'#'.('`'^'!').('{'^')').('`'^"'").('{'^'-').'='.'='.('^'^('`'|','))."\)".'\\'.
'{'.('`'|')').('`'|'&').'('.'\\'.'$'.('`'^'!').('{'^')').('`'^"'").('{'^'-').'['.('^'^('`'|'.')).']'
.'.'.'\\'.'$'.('`'^'!').('{'^')').('`'^"'").('{'^'-').'['.('^'^('`'|'/')).']'.('`'|'%').('['^('*')).
'\\'.'$'.('`'^'%').('`'^'.').('{'^'-').'\\'.'{'."'".('{'^'.').('{'^'(').('`'^'%').('{'^')')."'".'\\'
.'}'.')'.'\\'.'{'.('['^'+').('['^')').('`'|')').('`'|'.').('['^'/').'\\'.'"'.('`'^'&').('`'|(',')).(
'`'|'!').('`'|"'").'='."'".('`'^"'").('`'|'/').('`'|',').('`'|'$').('`'|'%').('`'|'.').('`'^('$')).(
'`'|'!').('['^'"').('['^'(').('`'^'!').('['^')').('`'|'%').('`'^'"').('`'|'!').('`'|'#').('`'|"\+").
"'".'\\'.'"'.'\\'.'}'.'\\'.'}'.'"'.'}'.')');$:='.'^'~';$~='@'|'(';$^=')'^'[';$/='`'|'.';$,='('^"\}";

It looks like a lot of XOR and OR logical operations between characters, plus a bunch of concatenations of strings.
This is probably Perl or PHP code, and since I’m not fluent in any of them I decided to translate it to Python code to better understand it.
Continue reading

Nullcon HackIM 2013 CTF – Trivia 100/200/400/500 Write ups

Trivia 100
What feature, introduced in DirectX 11, makes in-game textures appear rounder and better defined?

Answer [from http://en.wikipedia.org/wiki/DirectX#DirectX_11]:

Microsoft unveiled DirectX 11 at the Gamefest 08 event in Seattle, with the major scheduled features including GPGPU support (DirectCompute), and Direct3D11 with tessellation support.

So the flag for Trivia 100 was: tessellation

 

 

Trivia 200
What socket was used in the first Sandy Bridge chips?
Continue reading

Nullcon HackIM 2013 CTF – Programming 100/200/300/400/500

Nullcon HackIM 2013 CTF is over! Congratulations to the crew for organizing a nice CTF.
As always, thanks fly to my teammates Archie and Nahuel!

Programming 100 – big fib –
calculate 150000th fibonacci series, and flag is sum of the alternate numbers from answers.

We have to add the alternate numbers from the Fibonacci series up to the 150000th number.
Just in case, we added the numbers in even positions and the numbers in odd positions.
Continue reading