fix(xfactor): move images from notes.alxczl.fr (down) to local storage and fix typos

2024-03-14 15:30:51 +01:00
parent d17ed074fe
commit 6e59037725
15 changed files with 73 additions and 31 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,3 @@
 *.png filter=lfs diff=lfs merge=lfs -text
 *.jpg filter=lfs diff=lfs merge=lfs -text
 *.jpeg filter=lfs diff=lfs merge=lfs -text
--- a/posts/xfactor2/images/HOLD
+++ b/posts/xfactor2/images/HOLD
--- a/posts/xfactor2/images/Me
+++ b/posts/xfactor2/images/Me
--- a/posts/xfactor2/images/Rare
+++ b/posts/xfactor2/images/Rare
--- a/posts/xfactor2/images/fail.png
+++ b/posts/xfactor2/images/fail.png
--- a/posts/xfactor2/images/hahayes.png
+++ b/posts/xfactor2/images/hahayes.png
--- a/posts/xfactor2/images/itsalive.png
+++ b/posts/xfactor2/images/itsalive.png
--- a/posts/xfactor2/images/packet-building.png
+++ b/posts/xfactor2/images/packet-building.png
--- a/posts/xfactor2/images/requests.png
+++ b/posts/xfactor2/images/requests.png
--- a/posts/xfactor2/images/responses.png
+++ b/posts/xfactor2/images/responses.png
--- a/posts/xfactor2/images/thatsallfolks.png
+++ b/posts/xfactor2/images/thatsallfolks.png
--- a/posts/xfactor2/images/win.png
+++ b/posts/xfactor2/images/win.png
--- a/posts/xfactor2/images/wireshark-1.png
+++ b/posts/xfactor2/images/wireshark-1.png
--- a/posts/xfactor2/images/wireshark-2.png
+++ b/posts/xfactor2/images/wireshark-2.png
--- a/posts/xfactor2/index.md
+++ b/posts/xfactor2/index.md
@@ -9,17 +9,17 @@ tags: ["writeup", "FCSC2022", "hardware"]
 Great! We've finally HACKED the first part of the user logon in Xfactor1/2 and we're now facing a 2FA form.
 <figure style='text-align: center;'>
-   <img src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150204.jpeg" style="width: 50%">
+   <img src="./images/Me when I absolutely HACK my way into the Hypersecret company.png" style="width: 50%">
   <figcaption style='color: grey'>Me when I absolutely HACK my way into the Hypersecret company</figcaption>
 </figure>
 ## Let's get started!
 The FCSC team gave us a pcap file, let's see what's inside.
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150200.png)
+![img](./images/wireshark-1.png)
 <figure style='text-align: center;'>
-    <img style="width: 100%; height: 350px" src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150201.png">
+    <img style="width: 100%; height: 350px" src="./images/hahayes.png">
 </figure>
@@ -42,10 +42,10 @@ Then either restart Wireshark or just press **Ctrl+Caps+L** to reload your Lua p
 There we go! Much better (right?!?!?)
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150202.png)
+![img](./images/wireshark-2.png)
-You might notice a few differences if you actually use the aforementionned dissector and that's normal; I patched it to show a bit more information, I'll post it on [my gitea](https://gitea.alxczl.fr) after the FCSC2022 ends !
+You might notice a few differences if you actually use the aforementionned dissector and that's normal; I patched it to show a bit more information, I'll post it on [my gitlab](https://gitlab.alxczl.fr) after the FCSC2022 ends!
-EDIT: [Here](https://gitea.alxczl.fr/alexandre/wireshark-ctaphid-dissector) it is
+EDIT: [Here](https://gitlab.alxczl.fr/alexandre/wireshark-ctaphid-dissector) it is
 ### CTAP...HID? What does that mean?!?!?!?!
 _CTAP_ means **C**lient **T**o **A**uthenticator **P**rotocol and _HID_ means **H**uman **I**nterface **D**evice (quick note: your keyboard and your mouse are HIDs, more infos about that [here](https://www.usb.org/hid)).
@@ -57,7 +57,7 @@ If you want more informations about CTAP and such, please click [here](https://f
 ## Packet buildin'
 Thanks to the dissector, I can now at least see the U2F conversations.
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150203.png)
+![img](packet-building.png)
 That sure is a lot of _CTAPHID Initialization_ and _CTAPHID Continuation_ packets!
 Judging from what's being said [here](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#usb-message-and-packet-structure), an _CTAPHID Initialization packet_ comes first and one or more _CTAPHID Continuation packets_ follow to complete the payload.
@@ -67,7 +67,7 @@ Judging from what's being said [here](https://fidoalliance.org/specs/fido-v2.0-i
 ### Requests
 Thanks to my best friend (the new dissector), Wireshark now shows the content of the U2F messages, so here's an example of an U2F request:
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150205.png)
+![img](./images/requests.png)
 As you can see right there, a request contains these elements:
 - **CLA**: 1 byte, reserved for the transport protocol (if applicable), set to zero by the host.
@@ -83,7 +83,7 @@ Using *Short encoding* would make them fit on 1 byte, but that would reduce the
 ### Responses
 Here's a response (that contains data, and that is not always the case):
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150207.png)
+![img](responses.png)
 As you can see, a responses are a bit simpler:
 - **Response data**: **LE** bytes if specified, n bytes if not
@@ -94,7 +94,7 @@ As you can see, a responses are a bit simpler:
 We'll just care about **SW_NO_ERROR (0x9000)** and **SW_CONDITIONS_NOT_SATISFIED (0x6985)**, as they are these are the only status code that appear in this challenge.
 <figure style='text-align: center;'>
-    <img src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150206.jpg">
+    <img src="./images/thatsallfolks.png">
    <figcaption style='color: grey'>That's all folks!</figcaption>
 </figure>
@@ -144,7 +144,7 @@ function beginAuthen(keyHandle) {
 }
 ```
-By opening the network inspector of my browser's developper tools, I'll inspect the requests/responses sent to https://x-factor.france-cybersecurity-challenge.fr/beginAuthen.
+By opening the network inspector of my browser's developer tools, I'll inspect the requests/responses sent to https://x-factor.france-cybersecurity-challenge.fr/beginAuthen.
 Here's what I've got:
 ```json
@@ -171,7 +171,7 @@ Here's what I've got:
 ```
 <figure style='text-align: center;'>
-    <img style="max-width: 60%" src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee236850150209.png">
+    <img style="max-width: 60%" src="./images/HOLD UP, SOMETHING AINT RIGHT.png">
    <figcaption style='color: grey'>HOLD UP, SOMETHING AINT RIGHT</figcaption>
 </figure>
@@ -181,20 +181,20 @@ Alright, let's try replaying the responses from the capture then!
 ## The fun part
 <i style="">
 I had almost drained of Google's resources, my determination was beginning to falter and I thought that the only way to get this flag was to code an U2F emulator from scratch...
-But I found the light; my savior, Cesar aka MattGorko, appeared on my last googling attempt with his Github repo.
+But I found the light; my saviour, César aka MattGorko, appeared on my last googling attempt with his Github repo.
 </i>
 <p style="text-align: center">
    I present to you, <a href="https://github.com/MattGorko/U2F-Emulated">U2F-Emulated</a>.
 </p>
 <figure style='text-align: center;'>
-    <img style="max-width: 60%" src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee23685015020a.jpg">
+    <img style="max-width: 60%" src="./images/Rare picture of Cesar the GOAT making this first blood possible.png">
    <figcaption style='color: grey'>Rare picture of Cesar the GOAT making this first blood possible</figcaption>
 </figure>
 ### Let's patch this thing
 Having an emulator is great an all, but it won't help much without some modifications.
-We first need to go back to the pcap and retrieve the values contained in the **SW_NO_ERROR** reponses.
+We first need to go back to the pcap and retrieve the values contained in the **SW_NO_ERROR** responses.
 Here is the array of responses (with its associated array of response lengths) that made me get the flag:
 ```c
@@ -359,12 +359,12 @@ sudo ./u2f-emu-usb
 And it now waits indefinitely for requests.
 <figure style='text-align: center;'>
-    <img style="width: 30vw" src="https://notes.alxczl.fr/uploads/3d47d9b47a6ee23685015020b.jpeg">
+    <img style="width: 30vw" src="./images/itsalive.png">
 </figure>
 ## FLAGGITTY FLAG FLAG
 Launch the frankenmulator, hop on the website, login, click on **Check Token** and
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee23685015020d.png)
+![img](./images/fail.png)
 <p style="text-align: center; color: grey">
    Bruh moment
 </p>
@@ -373,13 +373,13 @@ Woopsie, sorry but this solution needs you to repeat these instructions until yo
 I know I know, this isn't very fancy, but it works. I think that it might be able to optimise this solution even further by inspecting the requests and responding with the correct answer (that actually was the next step if this didn't work).
 Anyway, after a few tries, the screen looks a bit different:
-![img](https://notes.alxczl.fr/uploads/3d47d9b47a6ee23685015020c.png)
+![img](./images/win.png)
 YAY! Now onto the next challenge! (Oh and don't forget to kill the frankenmulator if you don't want it to eat all your U2F challenges :wink:)
 ## Useful links
- Structures paquets CTAP1/U2F : https://doc.riot-os.org/structctap__hid__pkt__t.html
+- CTAP1/U2F packets structure: https://doc.riot-os.org/structctap__hid__pkt__t.html
- Infos sur FIDO : https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
+- FIDO infos: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
 - MSG command: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#usb-hid-msg
 - WINK command (blinks the LED): https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
 - AUTHENTICATE MSG: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#introduction