Reverse engineering challenge starts off simple


We love seeing hard-core firmware reverse engineering projects, but the number of hackers who can pull those off is relatively small. It’s possible to grow the ranks of the hacker elite though. A hackerspace is a great place to have a little challenge like this one. [Nicolas Oberli] put together a capture the flag game that requires the contestants to reverse engineer Teensy 3.0 firmware.

He developed this piece of hardware for the Insomni’hack 2013 event. It uses the Teensy 3.0 capacitive touch capabilities to form a nine-digit keypad with a character LCD screen for feedback. When the correct code is entered the screen will display instructions on how to retrieve the ‘flag’.

To the right you can see the disassembly of the .elf file generated by the Arduino IDE. This is what [Nicolas] gave to the contestants, which gets them past the barrier of figuring out how to dump the code from the chip itself. But it does get them thinking in assembly and eventually leads to figuring out what the secret code is for the device. This may be just enough of a shove in the right direction that one needs to get elbow deep into picking apart embedded hardware as a hobby.


  1. junkbox says:

    …But, can’t they just find the flag as a string literal in the binary? It’s a shame the checkSerial routine is adequately obfuscated, yet the goal is right out there in the open. I hope to see more projects like this though.

    • jazz says:

      Unless, they actually compiled two versions. Gave out the binary to the contestants where it actually says “XXXX…” and load the binary where it has the correct string.

  2. Cyril says:

    This is the easy part. Getting the code out of a “fused” device, not so much :/

  3. Totoxa says:

    whats the color scheme in the code?

  4. rj says:

    Featured in an wikipedia:MIT_Mystery_Hunt of years of yore:
    Involves reverse-engineering PIC firmware just to figure out the puzzle.

  5. J5 says:

    ok, how do I get started on projects like this? In other words, how do I start picking apart embedded hardware?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s