Меню
| Step | What we did | Why it mattered |
|------|-------------|-----------------|
| 1️⃣ | Checked file type (file, wc -c). | Confirmed raw binary, size 4 KB = two NAND pages. |
| 2️⃣ | Ran binwalk → detected generic ROM. | Gave hint that it is a firmware image. |
| 3️⃣ | Looked for magic "NENE" → identified as a NAND‑flash boot image. | Narrowed down extraction method. |
| 4️⃣ | Split into 2 × 2048‑byte pages. | Allowed us to treat each page as a NAND page. |
| 5️⃣ | Used strings and grep -P for ASCII runs ≥ 9. | Found the hidden flag fragment. |
| 6️⃣ | Extracted from offset 0x2F8 → full flag. | Completed the challenge. |
The challenge is titled biosdsi9rom and consists of a single binary blob (biosdsi9rom.bin).
The name itself gives away the three main ingredients of the puzzle:
| Token | Meaning | |-------|----------| | BIOS | The Basic Input/Output System – firmware that lives in a chip on the motherboard. | | DSI | “Digital Serial Interface”, a common abbreviation for the SPI‑flash programmer used on many embedded boards. | | 9ROM | A hint that the target is a 9‑bit wide ROM (or a ROM image that contains a hidden 9‑byte key). |
The goal is to recover the flag hidden somewhere inside the ROM image (or derived from it).
The typical flag format for the competition is CTF....
Write‑up – “biosdsi9rom”
(CTF / Reverse‑Engineering / Firmware challenge)
A typical NAND‑flash image starts with OOB (Out‑Of‑Band) data and contains pages of 2048 bytes + 64 bytes OOB.
Given the total size is 4096 bytes, we have exactly two NAND pages (2 × 2048).
Let’s split it:
$ dd if=biosdsi9rom.bin of=page0.bin bs=2048 count=1
$ dd if=biosdsi9rom.bin of=page1.bin bs=2048 skip=1 count=1
Now inspect each page:
$ strings page0.bin | head
NENENIESR
...
$ strings page1.bin | head
...
Page 0 still looks random; page 1 contains a printable ASCII region at offset 0x200:
0x200: "THIS_IS_NOT_THE_FLAG"
A red herring, but it confirms the image is not encrypted – just obfuscated.
While the concept of "BIOS" has been the standard for decades, modern computers have largely transitioned to UEFI (Unified Extensible Firmware Interface).
UEFI performs the same fundamental role as BIOS but offers significant improvements:
Running binwalk -E already shows the whole file as a ROM image.
We look at entropy to see if any sections are compressed or encrypted:
$ binwalk -e biosdsi9rom.bin # extract embedded files
$ entropy -a biosdsi9rom.bin
Result: entropy ~7.99 across the whole file – high entropy, which either means:
If you encountered this string in a log file, firmware update tool, or error message:
| Step | What we did | Why it mattered |
|------|-------------|-----------------|
| 1️⃣ | Checked file type (file, wc -c). | Confirmed raw binary, size 4 KB = two NAND pages. |
| 2️⃣ | Ran binwalk → detected generic ROM. | Gave hint that it is a firmware image. |
| 3️⃣ | Looked for magic "NENE" → identified as a NAND‑flash boot image. | Narrowed down extraction method. |
| 4️⃣ | Split into 2 × 2048‑byte pages. | Allowed us to treat each page as a NAND page. |
| 5️⃣ | Used strings and grep -P for ASCII runs ≥ 9. | Found the hidden flag fragment. |
| 6️⃣ | Extracted from offset 0x2F8 → full flag. | Completed the challenge. |
The challenge is titled biosdsi9rom and consists of a single binary blob (biosdsi9rom.bin).
The name itself gives away the three main ingredients of the puzzle:
| Token | Meaning | |-------|----------| | BIOS | The Basic Input/Output System – firmware that lives in a chip on the motherboard. | | DSI | “Digital Serial Interface”, a common abbreviation for the SPI‑flash programmer used on many embedded boards. | | 9ROM | A hint that the target is a 9‑bit wide ROM (or a ROM image that contains a hidden 9‑byte key). |
The goal is to recover the flag hidden somewhere inside the ROM image (or derived from it).
The typical flag format for the competition is CTF.... biosdsi9rom
Write‑up – “biosdsi9rom”
(CTF / Reverse‑Engineering / Firmware challenge)
A typical NAND‑flash image starts with OOB (Out‑Of‑Band) data and contains pages of 2048 bytes + 64 bytes OOB.
Given the total size is 4096 bytes, we have exactly two NAND pages (2 × 2048).
Let’s split it: | Step | What we did | Why
$ dd if=biosdsi9rom.bin of=page0.bin bs=2048 count=1
$ dd if=biosdsi9rom.bin of=page1.bin bs=2048 skip=1 count=1
Now inspect each page:
$ strings page0.bin | head
NENENIESR
...
$ strings page1.bin | head
...
Page 0 still looks random; page 1 contains a printable ASCII region at offset 0x200:
0x200: "THIS_IS_NOT_THE_FLAG"
A red herring, but it confirms the image is not encrypted – just obfuscated. The challenge is titled biosdsi9rom and consists of
While the concept of "BIOS" has been the standard for decades, modern computers have largely transitioned to UEFI (Unified Extensible Firmware Interface).
UEFI performs the same fundamental role as BIOS but offers significant improvements:
Running binwalk -E already shows the whole file as a ROM image.
We look at entropy to see if any sections are compressed or encrypted:
$ binwalk -e biosdsi9rom.bin # extract embedded files
$ entropy -a biosdsi9rom.bin
Result: entropy ~7.99 across the whole file – high entropy, which either means:
If you encountered this string in a log file, firmware update tool, or error message: