Open in app

Sign in

Write

Sign in

UoftCTF-2024: IoT

Grishma Acharya
3 min readJan 15, 2024

--

IoT: Baby’s First IoT Series

Hint: If there is an issue with submitting an answer with a challenge, try including newlines and null characters. For example: printf 'answer\n\0' | nc 35.225.17.48 portFirst, I searched about FCC ID, Q87-WRT54GV81.

1) Baby’s First IoT Flag 1

The FCC ID (Federal Communications Commission Identification) is a unique identifier assigned to electronic devices that are capable of emitting radio frequency energy. This identifier is used to ensure that the device complies with FCC regulations and does not interfere with other electronic equipment.

The FCC ID Q87-WRT54GV81 appears to be associated with a specific model of a wireless router. In this case, “WRT54GV81” suggests that it might be a version or variant of the Linksys WRT54G series router. Linksys is a well-known brand that produces networking equipment, including routers.

I found a user manual online
https://fcc.report/FCC-ID/Q87-WRT54GV81/861595.pdf

Here, I found the frequency for channel 6 i.e. 2437 MHz.

After this, I used the following command in the Linux terminal:
printf ‘2437\n\0’ | nc 35.225.17.48 3895

This command sends the string “2437” followed by a newline and null character to the specified IP address and port using netcat.

The Flag is {FCC_ID_Recon}!

2) Baby’s First IoT Flag 2

The link https://fccid.io/Q87-WRT54GV81/Internal-Photos/Internal-Photos-861588 was about LINKSYS Wireless-G Broadband Router.

We had to determine what company makes processor for it.

After searching in depth, I found https://en.wikipedia.org/wiki/MIPS_Technologies

Here, I found the paragraph:

OpenWrt is an embedded operating system based on the Linux kernel. While it currently runs on a variety of processor architectures, it was originally developed for the Linksys WRT54G, which used a 32-bit MIPS processor from Broadcom. The OpenWrt Table of Hardware now includes MIPS-based devices from Atheros, Broadcom, Cavium, Lantiq, MediaTek, etc.[108]

Therefore, I found out that Broadcom makes the processor for LINKSYS Wireless-G Broadband Router.

In the linux terminal, I entered the following command:

printf ‘Broadcom\n\0’ | nc 35.225.17.48 6318

and got the flag:

{Processor_Recon}

Feel free to connect with me on https://www.linkedin.com/in/grishma-acharya-9a5279224/

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Ctf Writeup
Ctf

--

--

Grishma Acharya
Grishma Acharya

Written by Grishma Acharya

20 Followers
15 Following

CTF player | Cyber security enthusiast

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams