Remove some challenges, update hints

skmagiik · skmagiik · commit 24284ee0a2e0 · 2025-05-02T15:05:56.000-05:00
diff --git a/docs/hints/flag1.md b/docs/hints/flag1.md
@@ -6,7 +6,7 @@ First, check out your score:
 ```` gatttool -b de:ad:be:ef:be:f1 --char-read -a 0x002a|awk -F':' '{print $2}'|tr -d ' '|xxd -r -p;printf '\n' ````
 
 Next, lets sumbmit the following flag.
-```` gatttool -b de:ad:be:ef:be:f1 --char-write-req -a 0x002c -n $(echo -n "12345678901234567890"|xxd -ps) ````
+```` gatttool -b de:ad:be:ef:be:f1 --char-write-req -a 0x002c -n $(echo -n "BLE{G3TT1NG_ST4RT3D}"|xxd -ps) ````
 
 Finaly, check out your score again to see your flag got accepted:   
 ```` gatttool -b de:ad:be:ef:be:f1 --char-read -a 0x002a|awk -F':' '{print $2}'|tr -d ' '|xxd -r -p;printf '\n' ````
diff --git a/docs/hints/flag10.md b/docs/hints/flag10.md
@@ -1,3 +1,3 @@
 ## Flag 10 Hint
 
-Talke a look at handle 0x003e and do what it says.  Keep in mind that some tools have better connection speeds than other for doing reads and writes.  This has to do with the functionality the tool provides or how it uses cached BT connections on the host OS.  Try testing different tools for this flag.  Once you find the fastest one, whip up a script or bash 1 liner to complete the task.  FYI, once running, this task takes roughly 90 seconds to complete if done right. 
+Check out handle 0x0040 and google search gatt notify.  Some tools like gatttool have the ability to subscribe to gatt notifications
diff --git a/docs/hints/flag11.md b/docs/hints/flag11.md
@@ -1,3 +1,3 @@
 ## Flag 11 Hint
 
-Check out handle 0x0040 and google search gatt notify.  Some tools like gatttool have the ability to subscribe to gatt notifications
+Check out handle 0x0042 and google search gatt indicate.  For single response indicate messages, like this challenge, tools such as gatttool will work just fine.   
diff --git a/docs/hints/flag12.md b/docs/hints/flag12.md
@@ -1,3 +1,3 @@
 ## Flag 12 Hint
 
-Check out handle 0x0042 and google search gatt indicate.  For single response indicate messages, like this challenge, tools such as gatttool will work just fine.   
+Check out handle 0x0046 and do what it says. Keep in mind that this notification clallange requires you to recieve multiple responses in order to complete. 
diff --git a/docs/hints/flag13.md b/docs/hints/flag13.md
@@ -1,3 +1,3 @@
 ## Flag 13 Hint
 
-Check out handle 0x0046 and do what it says. Keep in mind that this notification clallange requires you to recieve multiple responses in order to complete. 
+Check out handle 0x0048 and google search gatt indicate.  Keep in mind that this challenge will require you to parse multiple indicate responses in order to complete the challenge.
diff --git a/docs/hints/flag14.md b/docs/hints/flag14.md
@@ -1,3 +1,3 @@
 ## Flag 14 Hint
 
-Check out handle 0x0048 and google search gatt indicate.  Keep in mind that this challenge will require you to parse multiple indicate responses in order to complete the challenge.
+Check out handle 0x004c and do what it says.  Much like ethernet or wifi devices, you can also change your bluetooth devices mac address.
diff --git a/docs/hints/flag15.md b/docs/hints/flag15.md
@@ -1,3 +1,3 @@
 ## Flag 15 Hint
 
-Check out handle 0x004c and do what it says.  Much like ethernet or wifi devices, you can also change your bluetooth devices mac address.
+Read handle 0x004e and do what it says.  Setting MTU can be a tricky thing.  Some tools may provide mtu flags, but they dont seem to really trigger MTU negotiations on servers.  Try using gatttool's interactive mode for this task.  By default, the BLECTF server is set to force an MTU size of 20.  The server will listen for MTU negotiations, and look at them, but we dont really change the MTU in the code.  We just trigger the flag code if you trigger an MTU event with the value specified in handle 0x004e.  GLHF!
diff --git a/docs/hints/flag16.md b/docs/hints/flag16.md
@@ -1,3 +1,3 @@
 ## Flag 16 Hint
 
-Read handle 0x004e and do what it says.  Setting MTU can be a tricky thing.  Some tools may provide mtu flags, but they dont seem to really trigger MTU negotiations on servers.  Try using gatttool's interactive mode for this task.  By default, the BLECTF server is set to force an MTU size of 20.  The server will listen for MTU negotiations, and look at them, but we dont really change the MTU in the code.  We just trigger the flag code if you trigger an MTU event with the value specified in handle 0x004e.  GLHF!
+Take a look at handle 0x0052.  Notice it does not have a notify property.  Do a write here and listen for notifications anyways!  Things are not always what they seem!
diff --git a/docs/hints/flag17.md b/docs/hints/flag17.md
@@ -1,3 +1,3 @@
 ## Flag 17 Hint
 
-Check out handle 0x0050 and do what it says.  This challenge differs from other write challenges as your tool that does the write needs to have write response ack messages implemented correctly.  This flag is also tricky as the flag will come back as notification response data even though there is no "NOTIFY" property.
+Check out all of the handle properties on 0x0054!  Poke around with all of them and find pieces to your flag.
diff --git a/docs/hints/flag18.md b/docs/hints/flag18.md
diff --git a/docs/hints/flag19.md b/docs/hints/flag19.md
diff --git a/docs/hints/flag2.md b/docs/hints/flag2.md
@@ -1,3 +1,3 @@
 ## Flag 2 Hint
 
-Check out the ascii value of handle 0x002e and submit it to the flag submision handle 0x002c.  If you are using gatttool, make sure you convert it to hex with xxd.  If you are using bleah, you can send it as a string value.
+Check out the ascii value of handle 0x002e and submit it to the flag submision handle 0x002c.  If you are using gatttool, make sure you convert it to hex with xxd.  If you are using bettercap, you can send it as a string value.
diff --git a/docs/hints/flag20.md b/docs/hints/flag20.md
diff --git a/docs/hints/flag3.md b/docs/hints/flag3.md
@@ -1,3 +1,3 @@
 ## Flag 3 Hint
 
-Check out the ascii value of handle 0x0030.  Do what it tells you and submit the flag you find to 0x002c.
+Bluetooth GATT services provide some extra device attributes.  Try finding the value of the Generic Access -> Device Name.
diff --git a/docs/hints/flag4.md b/docs/hints/flag4.md
@@ -1,3 +1,3 @@
 ## Flag 4 Hint
 
-Bluetooth GATT services provide some extra device attributes.  Try finding the value of the Generic Access -> Device Name.
+Read handle 0032 and do what it says.  Notice that its not telling you to write to the flag handle as you have been.  When you find the flag, go ahead and write it to the flag handle you have used in the past flags.
diff --git a/docs/hints/flag5.md b/docs/hints/flag5.md
@@ -1,3 +1,3 @@
 ## Flag 5 Hint
 
-Read handle 0032 and do what it says.  Notice that its not telling you to write to the flag handle as you have been.  When you find the flag, go ahead and write it to the flag handle you have used in the past flags.
+Follow the instructions found from reading handle 0x0034.  Keep in mind that some tools only write hex values while other provide methods for writing either hex or ascii 
diff --git a/docs/hints/flag6.md b/docs/hints/flag6.md
@@ -1,3 +1,3 @@
 ## Flag 6 Hint
 
-Follow the instructions found from reading handle 0x0034.  Keep in mind that some tools only write hex values while other provide methods for writing either hex or ascii 
+Follow the instructions found from reading handle 0x0036.  Keep in mind that some tools only write hex values while other provide methods for writing either hex or ascii 
diff --git a/docs/hints/flag7.md b/docs/hints/flag7.md
@@ -1,3 +1,3 @@
 ## Flag 7 Hint
 
-Follow the instructions found from reading handle 0x0036.  Keep in mind that some tools only write hex values while other provide methods for writing either hex or ascii 
+Follow the instructions found from reading handle 0x0038.  Pay attention to handles here.  Keep in mind handles can be referenced by integer or hex.  Most tools such as gatttool and bettercap allow you to specify handles both ways.
diff --git a/docs/hints/flag8.md b/docs/hints/flag8.md
@@ -1,3 +1,3 @@
 ## Flag 8 Hint
 
-Follow the instructions found from reading handle 0x0038.  Pay attention to handles here.  Keep in mind handles can be refrenced by integer or hex.  Most tools such as gatttool and bleah allow you to specify handles both ways.
+Take a look at handle 0x003c and do what it says.  You should script up a solution for this one.  Also keep in mind that some tools write faster than others.
diff --git a/docs/hints/flag9.md b/docs/hints/flag9.md
@@ -1,3 +1,3 @@
 ## Flag 9 Hint
 
-Take a look at handle 0x003c and do what it says.  You should script up a solution for this one.  Also keep in mind that some tools write faster than others.
+Take a look at handle 0x003e and do what it says.  Keep in mind that some tools have better connection speeds than other for doing reads and writes.  This has to do with the functionality the tool provides or how it uses cached BT connections on the host OS.  Try testing different tools for this flag.  Once you find the fastest one, whip up a script or bash 1 liner to complete the task.  FYI, once running, this task takes roughly 90 seconds to complete if done right. 
diff --git a/main/gatts_table_creat_demo.c b/main/gatts_table_creat_demo.c

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`## Flag 10 Hint`
`2`	`2`
`3`		`-Talke a look at handle 0x003e and do what it says. Keep in mind that some tools have better connection speeds than other for doing reads and writes. This has to do with the functionality the tool provides or how it uses cached BT connections on the host OS. Try testing different tools for this flag. Once you find the fastest one, whip up a script or bash 1 liner to complete the task. FYI, once running, this task takes roughly 90 seconds to complete if done right.`
	`3`	`+Check out handle 0x0040 and google search gatt notify. Some tools like gatttool have the ability to subscribe to gatt notifications`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`## Flag 11 Hint`
`2`	`2`
`3`		`-Check out handle 0x0040 and google search gatt notify. Some tools like gatttool have the ability to subscribe to gatt notifications`
	`3`	`+Check out handle 0x0042 and google search gatt indicate. For single response indicate messages, like this challenge, tools such as gatttool will work just fine.`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`## Flag 12 Hint`
`2`	`2`
`3`		`-Check out handle 0x0042 and google search gatt indicate. For single response indicate messages, like this challenge, tools such as gatttool will work just fine.`
	`3`	`+Check out handle 0x0046 and do what it says. Keep in mind that this notification clallange requires you to recieve multiple responses in order to complete.`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`## Flag 13 Hint`
`2`	`2`
`3`		`-Check out handle 0x0046 and do what it says. Keep in mind that this notification clallange requires you to recieve multiple responses in order to complete.`
	`3`	`+Check out handle 0x0048 and google search gatt indicate. Keep in mind that this challenge will require you to parse multiple indicate responses in order to complete the challenge.`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`## Flag 14 Hint`
`2`	`2`
`3`		`-Check out handle 0x0048 and google search gatt indicate. Keep in mind that this challenge will require you to parse multiple indicate responses in order to complete the challenge.`
	`3`	`+Check out handle 0x004c and do what it says. Much like ethernet or wifi devices, you can also change your bluetooth devices mac address.`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`## Flag 15 Hint`
`2`	`2`
`3`		`-Check out handle 0x004c and do what it says. Much like ethernet or wifi devices, you can also change your bluetooth devices mac address.`
	`3`	+Read handle 0x004e and do what it says. Setting MTU can be a tricky thing. Some tools may provide mtu flags, but they dont seem to really trigger MTU negotiations on servers. Try using gatttool's interactive mode for this task. By default, the BLECTF server is set to force an MTU size of 20. The server will listen for MTU negotiations, and look at them, but we dont really change the MTU in the code. We just trigger the flag code if you trigger an MTU event with the value specified in handle 0x004e. GLHF!
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`## Flag 16 Hint`
`2`	`2`
`3`		-Read handle 0x004e and do what it says. Setting MTU can be a tricky thing. Some tools may provide mtu flags, but they dont seem to really trigger MTU negotiations on servers. Try using gatttool's interactive mode for this task. By default, the BLECTF server is set to force an MTU size of 20. The server will listen for MTU negotiations, and look at them, but we dont really change the MTU in the code. We just trigger the flag code if you trigger an MTU event with the value specified in handle 0x004e. GLHF!
	`3`	`+Take a look at handle 0x0052. Notice it does not have a notify property. Do a write here and listen for notifications anyways! Things are not always what they seem!`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`## Flag 17 Hint`
`2`	`2`
`3`		`-Check out handle 0x0050 and do what it says. This challenge differs from other write challenges as your tool that does the write needs to have write response ack messages implemented correctly. This flag is also tricky as the flag will come back as notification response data even though there is no "NOTIFY" property.`
	`3`	`+Check out all of the handle properties on 0x0054! Poke around with all of them and find pieces to your flag.`