SHA1 length extension attack on the Secure Filesystem - rhme2 Secure Filesystem (crypto 100)

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=6QQ4kgDWQ9w


Duration: 6:58
33,745 views
628

The first challenge I solved for the embedded hardware CTF by riscure. It implements a Secure Filesystem which prevents you from readeing files without knowing the correct token for a file.

Load the challenge on your own board: https://github.com/Riscure/Rhme-2016

-=[ ๐Ÿ”ด Stuff I use ]=-

โ†’ Microphone:* https://geni.us/ntg3b
โ†’ Graphics tablet:* https://geni.us/wacom-intuos
โ†’ Camera#1 for streaming:* https://geni.us/sony-camera
โ†’ Lens for streaming:* https://geni.us/sony-lense
โ†’ Connect Camera#1 to PC:* https://geni.us/cam-link
โ†’ Keyboard:* https://geni.us/mech-keyboard
โ†’ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ โค๏ธ Support ]=-

โ†’ per Video: https://www.patreon.com/join/liveoverflow
โ†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ ๐Ÿ• Social ]=-

โ†’ Twitter: https://twitter.com/LiveOverflow/
โ†’ Website: https://liveoverflow.com/
โ†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
โ†’ Facebook: https://www.facebook.com/LiveOverflow/

-=[ ๐Ÿ“„ P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CTF #Cryptography



Other Videos By LiveOverflow


2017-05-05Blind Buffer Overflow exploitation to leak secret data - rhme2 Animals (pwn 200)
2017-05-02How (not) to ask a technical question
2017-04-28Format string exploit on an arduino - rhme2 Casino (pwn 150)
2017-04-21Recover RSA private key from public keys - rhme2 Key Server (crypto 200)
2017-04-14Defeat a stack cookie with bruteforce - rhme2 Photo manager (pwn 100)
2017-04-07Attacking an Electronic Combination Lock (ft. Electronics Idiot)
2017-03-31A day in the life of a pen-tester
2017-03-24Solving AVR reverse engineering challenge with radare2 - rhme2 Jumpy (reversing 100)
2017-03-17Start reverse engineering AVR - Memory Map and I/O Registers - rhme2 Reverse Engineering
2017-03-12What do Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-through
2017-03-10SHA1 length extension attack on the Secure Filesystem - rhme2 Secure Filesystem (crypto 100)
2017-03-05Using UART / Serial to interact with an embedded device - rhme2 Setup
2017-03-03riscure embedded hardware CTF is over - loopback 0x03
2017-02-25Developing an intuition for binary exploitation - bin 0x20
2017-02-17Showing various security issue of the Wifi-Cloud Hub
2017-02-14GynvaelEN Hacking Livestreams and how stack cookies work
2017-02-10How safe is a Wifi Cloud Hub Router (from hackers)?
2017-02-03Bash injection without letters or numbers - 33c3ctf hohoho (misc 350)
2017-01-27[Live] A basic Heap Feng Shui intro - 33c3ctf babyfengshui (pwn 150)
2017-01-20PHP include and bypass SSRF protection with two DNS A records - 33c3ctf list0r (web 400)
2017-01-13Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
sha1
sha
length extension
hash length extension
hashpump
hashpumpy
python hashpump
secure filesystem
rhme2
riscure
rhme
embedded hardware
embedded hardware hacking
hardware ctf
IoT hacking