fix(xfactor): move images from notes.alxczl.fr (down) to local storage and fix typos

.gitattributes

@@ -0,0 +1,3 @@
+*.png filter=lfs diff=lfs merge=lfs -text
+*.jpg filter=lfs diff=lfs merge=lfs -text
+*.jpeg filter=lfs diff=lfs merge=lfs -text

posts/xfactor2/index.md

@@ -6,20 +6,20 @@ tags: ["writeup", "FCSC2022", "hardware"]
 ---
 
 ## Quick recap
-Great ! We've finally HACKED the first part of the user logon in Xfactor1/2 and we're now facing a 2FA form.
+Great! We've finally HACKED the first part of the user logon in Xfactor1/2 and we're now facing a 2FA form.
 
 <figure style='text-align: center;'>
-   <img src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150204.jpeg" style="width: 50%">
+   <img src="./images/Me when I absolutely HACK my way into the Hypersecret company.png" style="width: 50%">
    <figcaption style='color: grey'>Me when I absolutely HACK my way into the Hypersecret company</figcaption>
 </figure>
 
-## Let's get started !
+## Let's get started!
 The FCSC team gave us a pcap file, let's see what's inside.
 
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150200.png)
+![img](./images/wireshark-1.png)
 
 <figure style='text-align: center;'>
-    <img style="width: 100%; height: 350px" src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150201.png">
+    <img style="width: 100%; height: 350px" src="./images/hahayes.png">
 </figure>
 
 
@@ -40,14 +40,14 @@ wget https://gist.github.com/woodrow/cb1496975e131e37d5dd716127a250a4
 ```
 Then either restart Wireshark or just press **Ctrl+Caps+L** to reload your Lua plugins, then right-click one of the _URB_INTERRUPT_ packets, click on _Decode as_, then, under the _Current_ column, select _CTAPHID_.
 
-There we go ! Much better (right ?!?!?)
+There we go! Much better (right?!?!?)
 
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150202.png)
+![img](./images/wireshark-2.png)
 
-You might notice a few differences if you actually use the aforementionned dissector and that's normal; I patched it to show a bit more information, I'll post it on [my gitea](https://gitea.alxczl.fr) after the FCSC2022 ends !
-EDIT: [Here](https://gitea.alxczl.fr/alexandre/wireshark-ctaphid-dissector) it is
+You might notice a few differences if you actually use the aforementionned dissector and that's normal; I patched it to show a bit more information, I'll post it on [my gitlab](https://gitlab.alxczl.fr) after the FCSC2022 ends!
+EDIT: [Here](https://gitlab.alxczl.fr/alexandre/wireshark-ctaphid-dissector) it is
 
-### CTAP...HID ? What does that mean ?!?!?!?!
+### CTAP...HID? What does that mean?!?!?!?!
 _CTAP_ means **C**lient **T**o **A**uthenticator **P**rotocol and _HID_ means **H**uman **I**nterface **D**evice (quick note: your keyboard and your mouse are HIDs, more infos about that [here](https://www.usb.org/hid)).
 _CTAP_ is a part of the FIDO2 project and there are 2 different version of CTAP right now :
 - CTAP1/U2F: This is the one that will be used in the challenge
@@ -57,9 +57,9 @@ If you want more informations about CTAP and such, please click [here](https://f
 
 ## Packet buildin'
 Thanks to the dissector, I can now at least see the U2F conversations.
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150203.png)
+![img](packet-building.png)
 
-That sure is a lot of _CTAPHID Initialization_ and _CTAPHID Continuation_ packets !
+That sure is a lot of _CTAPHID Initialization_ and _CTAPHID Continuation_ packets!
 Judging from what's being said [here](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#usb-message-and-packet-structure), an _CTAPHID Initialization packet_ comes first and one or more _CTAPHID Continuation packets_ follow to complete the payload.
 
 ## U2F Requests and Reponses
@@ -67,7 +67,7 @@ Judging from what's being said [here](https://fidoalliance.org/specs/fido-v2.0-i
 
 ### Requests
 Thanks to my best friend (the new dissector), Wireshark now shows the content of the U2F messages, so here's an example of an U2F request:
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150205.png)
+![img](./images/requests.png)
 
 As you can see right there, a request contains these elements:
 - **CLA**: 1 byte, reserved for the transport protocol (if applicable), set to zero by the host.
@@ -83,7 +83,7 @@ Using *Short encoding* would make them fit on 1 byte, but that would reduce the
 
 ### Responses
 Here's a response (that contains data, and that is not always the case):
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150207.png)
+![img](responses.png)
 
 As you can see, a responses are a bit simpler:
 - **Response data**: **LE** bytes if specified, n bytes if not
@@ -94,8 +94,8 @@ As you can see, a responses are a bit simpler:
 We'll just care about **SW_NO_ERROR (0x9000)** and **SW_CONDITIONS_NOT_SATISFIED (0x6985)**, as they are these are the only status code that appear in this challenge.
 
 <figure style='text-align: center;'>
-    <img src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150206.jpg">
-    <figcaption style='color: grey'>That's all folks !</figcaption>
+    <img src="./images/thatsallfolks.png">
+    <figcaption style='color: grey'>That's all folks!</figcaption>
 </figure>
 
 
@@ -121,7 +121,7 @@ To be honest, I only care about the control byte here, and I've only seen two sp
 
 As always, you can get more info here: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#u2f-message-framing
 
-## Ok but what do I do with this ???
+## Ok but what do I do with this???
 Ok sorry I may have gone a bit too far with this U2F mess, and you're right: reading specs and RFCs is great but it won't make the flag pop out of the capture.
 Let's login on https://x-factor.france-cybersecurity-challenge.fr/login, right click and inspect the **Check Token** button: it's just a link that launches the **beginAuthen** function with a parameter that never changes!
 
@@ -144,7 +144,7 @@ function beginAuthen(keyHandle) {
 }
 ```
 
-By opening the network inspector of my browser's developper tools, I'll inspect the requests/responses sent to https://x-factor.france-cybersecurity-challenge.fr/beginAuthen.
+By opening the network inspector of my browser's developer tools, I'll inspect the requests/responses sent to https://x-factor.france-cybersecurity-challenge.fr/beginAuthen.
 
 Here's what I've got:
 ```json
@@ -171,30 +171,30 @@ Here's what I've got:
 ```
 
 <figure style='text-align: center;'>
-    <img style="max-width: 60%" src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150209.png">
+    <img style="max-width: 60%" src="./images/HOLD UP, SOMETHING AINT RIGHT.png">
     <figcaption style='color: grey'>HOLD UP, SOMETHING AINT RIGHT</figcaption>
 </figure>
 
-Only 3 different challenges ? But I sent at least 12 requests just to make sure...
+Only 3 different challenges? But I sent at least 12 requests just to make sure...
 Alright, let's try replaying the responses from the capture then!
 
 ## The fun part
 <i style="">
 I had almost drained of Google's resources, my determination was beginning to falter and I thought that the only way to get this flag was to code an U2F emulator from scratch...
-But I found the light; my savior, Cesar aka MattGorko, appeared on my last googling attempt with his Github repo.
+But I found the light; my saviour, César aka MattGorko, appeared on my last googling attempt with his Github repo.
 </i>
 
 <p style="text-align: center">
     I present to you, <a href="https://github.com/MattGorko/U2F-Emulated">U2F-Emulated</a>.
 </p>
 <figure style='text-align: center;'>
-    <img style="max-width: 60%" src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee23685015020a.jpg">
+    <img style="max-width: 60%" src="./images/Rare picture of Cesar the GOAT making this first blood possible.png">
     <figcaption style='color: grey'>Rare picture of Cesar the GOAT making this first blood possible</figcaption>
 </figure>
 
 ### Let's patch this thing
 Having an emulator is great an all, but it won't help much without some modifications.
-We first need to go back to the pcap and retrieve the values contained in the **SW_NO_ERROR** reponses.
+We first need to go back to the pcap and retrieve the values contained in the **SW_NO_ERROR** responses.
 
 Here is the array of responses (with its associated array of response lengths) that made me get the flag:
 ```c
@@ -359,12 +359,12 @@ sudo ./u2f-emu-usb
 And it now waits indefinitely for requests.
 
 <figure style='text-align: center;'>
-    <img style="width: 30vw" src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee23685015020b.jpeg">
+    <img style="width: 30vw" src="./images/itsalive.png">
 </figure>
 
 ## FLAGGITTY FLAG FLAG
 Launch the frankenmulator, hop on the website, login, click on **Check Token** and
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee23685015020d.png)
+![img](./images/fail.png)
 <p style="text-align: center; color: grey">
     Bruh moment
 </p>
@@ -373,13 +373,13 @@ Woopsie, sorry but this solution needs you to repeat these instructions until yo
 I know I know, this isn't very fancy, but it works. I think that it might be able to optimise this solution even further by inspecting the requests and responding with the correct answer (that actually was the next step if this didn't work).
 
 Anyway, after a few tries, the screen looks a bit different:
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee23685015020c.png)
+![img](./images/win.png)
 
-YAY ! Now onto the next challenge ! (Oh and don't forget to kill the frankenmulator if you don't want it to eat all your U2F challenges :wink:)
+YAY! Now onto the next challenge! (Oh and don't forget to kill the frankenmulator if you don't want it to eat all your U2F challenges :wink:)
 
 ## Useful links
-- Structures paquets CTAP1/U2F : https://doc.riot-os.org/structctap__hid__pkt__t.html
-- Infos sur FIDO : https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
-- MSG command : https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#usb-hid-msg
+- CTAP1/U2F packets structure: https://doc.riot-os.org/structctap__hid__pkt__t.html
+- FIDO infos: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
+- MSG command: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#usb-hid-msg
 - WINK command (blinks the LED): https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
-- AUTHENTICATE MSG : https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#introduction
+- AUTHENTICATE MSG: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#introduction