BLE CTF

Summary

This tutorial explains how to setup an ESP32 device for solving 20 flag based BLE challenges.

Requirements

• Operating system: Ubuntu 18.04 bionic amd64
• Packages: git emacs

Description

Step 1 - Standard Setup of Toolchain for Linux

Install prerequisites:

sudo apt-get install gcc git wget make libncurses-dev flex bison gperf python python-pip python-setuptools python-serial python-cryptography python-future python-pyparsing

Download ESP32 toolchain for Linux and extract it in ~/esp directory:

mkdir -p ~/esp
cd ~/esp
tar -xzf ~/Downloads/xtensa-esp32-elf-linux64-1.22.0-80-g6c4433a-5.2.0.tar.gz

Update your PATH environment variable in ~/.profile to use the toolchain. Add the following line to your ~/.profile file:

export PATH="$HOME/esp/xtensa-esp32-elf/bin:$PATH"

Log off and log back in to make the changes effective. Run the following command to verify if PATH is correctly set:

printenv PATH

The output should contain (userName gets replaced by your user name):

/home/userName/esp/xtensa-esp32-elf/bin

Step 2 - Install ESP-IDF

Go to ~/esp and clone the repository:

cd ~/esp
git clone --recursive https://github.com/espressif/esp-idf.git

Set the IDF_PATH environment variable. Add the following line to ~/.profile:

export IDF_PATH=~/esp/esp-idf

Log off and log back in to make the change effective.

Verify if set correctly:

printenv IDF_PATH

The output should display the previously entered path (replace userName with your user name):

/home/userName/esp/esp-idf

Step 3 - Install Python packages

Run:

python -m pip install --user -r $IDF_PATH/requirements.txt

Step 4 - Connect the device

Make sure the device is unplugged, then run:

ls /dev/tty*

Plug the device into the host computer and run again:

ls /dev/tty*

The port that appears the second time is the one needed.

Step 5 - CTF Setup

Change into your ~/esp directory and execute the following commands:

cd ~/esp
git clone https://github.com/hackgnar/ble_ctf.git
cd ble_ctf
make menuconfig

A window appears. Navigate to "Serial flasher config" > "Default Serial port" and enter the port you found out in step 4. Confirm, save and exit.

make

Plug the device into your host computer.

make flash

Step 6 -

Discover the MAC address of the device:

sudo hcitool lescan

The device with the description "BLECTF" is your device.

Display current score (replace the x's with the MAC address discovered before):

gatttool -b xx:xx:xx:xx:xx:xx --char-read -a 0x002a|awk -F':' '{print $2}'|tr -d ' '|xxd -r -p;printf '\n' 

The terminal should display:

Score: 0/20

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

• A course where this documentation was used (2017, 2018)
• Another one (2018)

References

• https://docs.espressif.com/projects/esp-idf/en/latest/get-started/#setup-toolchain
• https://docs.espressif.com/projects/esp-idf/en/latest/get-started/add-idf_path-to-profile.html
• https://docs.espressif.com/projects/esp-idf/en/latest/get-started/establish-serial-connection.html
• https://github.com/hackgnar/ble_ctf/blob/master/docs/setup.md