easyIOT

分类于

easyIOT - Bugku CTF
本题是一个典型的物联网题目。

题目附件给出了一段用 Arduino 编写的程序,分析程序运行结果即可得到flag。

1
// Set A-G, DP as OUTPUT pins, COM is 5V

第一句是注释,设置管脚 A 到 G,DP为输出管脚,COM引脚设置5V电压。

1
int data[] = {0, 0, 0,2,4,5,6,7,8,0,2,3,5,6,8,0,2,3,4,0,2,4,5,7,8,0,2,4,5,6,7,8,0,2,3,4,0,2,4,5,6,7,8,0,4,5,6,7,8,0,2,3,4,0,2,4,5,7,8,0,2,3,4,0,4,5,6,7,8,0,2,4,5,6,7,8,0,2,3,4,5,6,7,8,0,2,4,5,6,7,8,0,3,4,0,2,3,4,0,2,3,5,6,8,0,2,4,5,6,7,8,0,3,4,7,8,0,2,3,4,0,2,3,4,0,2,4,5,6,7,8,0,3,4,0,2,3,4,0,2,3,5,6,8,0,2,4,5,6,7,8,0,2,4,5,7,8,0,2,4,5,7,8,0,2,6,7,8,0,2,4,5,6,7,8,0,2,3,4,5,7,8,0,2,3,4,0,2,3,4,5,8,0,2,4,5,7,8,0,2,6,7,8,0,2,3,4,0,2,3,4,5,8,0,2,4,5,6,7,8,0,2,6,7,8,0,2,4,5,7,8,0,2,6,7,8,0,2,4,5,6,7,8,0,2,4,5,7,8,0,2,4,5,6,7,8,0,3,4,0,2,3,4,0,2,3,4,5,8,0,2,3,4,0,2,3,4,5,7,8,0,2,3,4,0,3,4,5,6,8};

第二句定义了一个数组。

1
void setup() { for(int i=2; i<=9;i++) pinMode(i, OUTPUT); }

第三句初始化引脚2到9为输出模式,共有七个管脚,猜测该程序用于驱动七段显示器。

1
void loop() { for (int i=0; i<sizeof(data) / 2; i++) data[i] == 0 ? clear() : digitalWrite(data[i], LOW); }

第四句则根据数组内容控制相应管脚输出高低电平,当读取到数组中出现的数字0时则执行后续的 clear() 函数进行清屏。

1
void clear() { delay(1000); for(int i=2; i<=9;i++) digitalWrite(i, HIGH); delay(1000); }

第五句将所有引脚(2到9)设置为高电平,并在每个状态之间延迟1秒。执行“清屏”或“重置”操作。

七段显示器对于管脚控制图如下:

1
2
3
4
5
6
7
8
9
10
 ----2----
|         |
7         3
|         |
 ----8----
|         |
6         4
|         |
 ----5----

那么将数组中的内容以0作为分割,第一组数字2,4,5,6,7,8对应的管脚亮起显示为数字6,第二组数字2,3,5,6,8对应的管脚亮起显示为数字2。

可以使用python对数组内容进行分割。

1
2
3
4
a = "0,0,0,2,4,5,6,7,8,0,2,3,5,6,8,0,2,3,4,0,2,4,5,7,8,0,2,4,5,6,7,8,0,2,3,4,0,2,4,5,6,7,8,0,4,5,6,7,8,0,2,3,4,0,2,4,5,7,8,0,2,3,4,0,4,5,6,7,8,0,2,4,5,6,7,8,0,2,3,4,5,6,7,8,0,2,4,5,6,7,8,0,3,4,0,2,3,4,0,2,3,5,6,8,0,2,4,5,6,7,8,0,3,4,7,8,0,2,3,4,0,2,3,4,0,2,4,5,6,7,8,0,3,4,0,2,3,4,0,2,3,5,6,8,0,2,4,5,6,7,8,0,2,4,5,7,8,0,2,4,5,7,8,0,2,6,7,8,0,2,4,5,6,7,8,0,2,3,4,5,7,8,0,2,3,4,0,2,3,4,5,8,0,2,4,5,7,8,0,2,6,7,8,0,2,3,4,0,2,3,4,5,8,0,2,4,5,6,7,8,0,2,6,7,8,0,2,4,5,7,8,0,2,6,7,8,0,2,4,5,6,7,8,0,2,4,5,7,8,0,2,4,5,6,7,8,0,3,4,0,2,3,4,0,2,3,4,5,8,0,2,3,4,0,2,3,4,5,7,8,0,2,3,4,0,3,4,5,6,8"
a = a.replace(",","")
a = a.replace("0"," ")
print(a)
1
245678 23568 234 24578 245678 234 245678 45678 234 24578 234 45678 245678 2345678 245678 34 234 23568 245678 3478 234 234 245678 34 234 23568 245678 24578 24578 2678 245678 234578 234 23458 24578 2678 234 23458 245678 2678 24578 2678 245678 24578 245678 34 234 23458 234 234578 234 34568

以此类推,显示的字符串为16进制数。
6275676b757b68617264776172655f69735f736f5f656173797d

使用python对字符串中每两个字符后插入空格进行分隔。

1
2
3
4
5
6
import re

text = "6275676b757b68617264776172655f69735f736f5f656173797d"
text_list = re.findall(".{2}",text)
new_text = " ".join(text_list)
print(new_text)

62 75 67 6b 75 7b 68 61 72 64 77 61 72 65 5f 69 73 5f 73 6f 5f 65 61 73 79 7d

ASCII码转字符串得到最终flag。

bugku{hardware_is_so_easy}