SideChannel
Last updated
Was this helpful?
Last updated
Was this helpful?
There's something fishy about this PIN-code checker, can you figure out the PIN and get the flag? Download the PIN checker program here . Once you've figured out the PIN (and gotten the checker program to accept it), connect to the master server using nc saturn.picoctf.net 55824
and provide it the PIN to get your flag.
Searching for "timing-based side-channel attacks" as mentioned in the hints finds the and . The first part of the medium article is exactly the exploit here.
We can use the unix time
command to measure how long it takes for different pine values to be validated. For example running time echo 10000000 | ./pin_checker
displays the following:
So, it took 0.13s to check 10000000
. We can increment the first digit by one and see the execution time. Running time echo 40000000 | ./pin_checker
shows that it takes 0.25s to execute. So, 4 is the correct first digit. We can continue on to future digits.
However, we write a to automate the process. Running the solution finds that the pin is 48390513
.
Running nc saturn.picoctf.net 55824
and putting in the pin code we found prints the flag.
picoCTF{t1m1ng_4tt4ck_9803bd25}