문제 정보 Prompt: I downloaded a firmware update for RAMN’s ECU B and C from a secret OTA portal in development. Can you help me sign my own firmware files? I have attached a caringcaribou UDS RDBI dump log file, if that is any help. (Note: flag is secret key in decimal format – not hexadecimal. It is NOT the password for the .zip file).2 files are provided: 1. challenge_signed_firmware_files.zip2...

문제 정보This challenge dives into Universal Diagnostic Services (UDS) and firmware reverse engineering. You'll need to reconstruct a complete firmware image from a raw CAN log file. The main goal is to identify and understand a new Security Access algorithm embedded within the firmware. This algorithm is common to other automotive security access algorithms, requiring meticulous binary analysis to ..

문제 정보Word on the street is that Secure Access Level 0x11 is necessary to update the firmware. Can you unlock the ECU to see? This challenge can be played by accessing the "VCC25 PPC" simulation hosted within VSEC Learn. This simulation emulates an MPC5566 processor. If you get a pending response, be patient, the emulator is not fast. Flags will be sent on the same CAN bus with arbitration ID 0xC..

문제 정보One of these firmware files received a surprise injection from a rogue agent. It’s super stealth, like buried under a mountain of hex. Your job? Dive into the GUI, break the binary open, and reverse engineer the sucker. Somewhere in there is a function dropping a CAN message with a custom arbitration ID. Decode it, trace it, snatch the payload, and show that spy who's boss. Hint: 1. James B..

문제 정보The CAN traffic message appears to be encrypted. Can you help me decrypt it using my key and IV? IV: 3809168903286241 Key: 9170207685066913 This challenge is accessible via the VicOne xNexus toolFlag Format hint: bh{the_flag} 문제 풀이 요약VicOne xNexus 페이지의 OAT Event에서 Suspicious CAN Bus Message Content by payload Fingerprint Model으로 된 데이터 확인데이터 내 CAN_Frame를 추출하고 시간 순으로 정렬하여 확인CAN_ID 0x123의 데이터..

문제 정보You have just been recruited to our intelligence agency, Blue Teamer! Your task is to analyze our VSOC alert containing an encrypted message.During a routine inspection of in-vehicle traffic, the agency has intercepted suspicious messages on the CAN bus. The frames include a broadcast labeled BEGIN and a data sequence. At first glance, this appears to be a backdoor, but perhaps it isn’t. Th..

올해 저는 Global Vehicle Cybersecurity Competition 2025를 참가할 기회를 가졌습니다. 평소 차량 보안 분야에 관심을 가지고 꾸준히 공부와 실습을 이어오고 있었는데, 해당 분야를 중심으로 한 CTF는 저에게 매우 값진 배움의 기회가 되었습니다. 대회는 자동차 전자제어장치(ECU), UDS 프로토콜, 펌웨어 분석, CAN 네트워크 분석 등 실제 차량 보안 환경과 유사한 문제들을 다루는 CTF 형식으로 진행되었으며, 특히 ECU를 가상 시뮬레이션 환경으로 제공한 점이 매우 인상 깊었습니다. 아쉽게도 준비된 8 문제 중 7문제까지만 해결하고 마지막 문제는 풀지 못했지만, 이번 경험을 통해 차량 보안에 대한 이해와 기술 역량을 한 단계 발전시킬 수 있었다고 생각합니다. 아래는 ..