Patriot CTF 2024 - RTL Warmup

An easy, but new-to-me misc challenge involving RTL

Introduction

This challenge was something pretty different than what I work on typically. It was a beginner/easy challenge, so I decided to see if I could crack it. I had to learn some information, so I will share that here…

According to PC Mag, RTL is “A high-level hardware description language (HDL) for defining digital circuits. The circuits are described as a collection of registers, Boolean equations, control logic such as ‘if-then-else’ statements as well as complex event sequences; for example: ‘if the clock signal goes from 0 to 1, then load register A with the contents of register B plus register C.’”

Here is the challenge description:

The challenge ‘flag.vcd’ file contents:

Click here for code
 
    
      $timescale 1 ps $end
      $scope module uut $end
      $var wire 1 ! clock $end
      $var wire 8 " dout $end
      $var wire 8 # din $end
      $upscope $end
      $enddefinitions $end
      $dumpvars
      0!
      b01010000 "
      b01010000 #
      $end
      #50000000
      1!
      #50000000
      #100000000
      0!
      #100000000
      b01000011 "
      b01000011 #
      #150000000
      1!
      #150000000
      #200000000
      0!
      #200000000
      b01010100 "
      b01010100 #
      #250000000
      1!
      #250000000
      #300000000
      0!
      #300000000
      b01000110 "
      b01000110 #
      #350000000
      1!
      #350000000
      #400000000
      0!
      #400000000
      b01111011 "
      b01111011 #
      #450000000
      1!
      #450000000
      #500000000
      0!
      #500000000
      b01010010 "
      b01010010 #
      #550000000
      1!
      #550000000
      #600000000
      0!
      #600000000
      b01010100 "
      b01010100 #
      #650000000
      1!
      #650000000
      #700000000
      0!
      #700000000
      b01001100 "
      b01001100 #
      #750000000
      1!
      #750000000
      #800000000
      0!
      #800000000
      b01011111 "
      b01011111 #
      #850000000
      1!
      #850000000
      #900000000
      0!
      #900000000
      b01101001 "
      b01101001 #
      #950000000
      1!
      #950000000
      #1000000000
      0!
      #1000000000
      b00100100 "
      b00100100 #
      #1050000000
      1!
      #1050000000
      #1100000000
      0!
      #1100000000
      b01011111 "
      b01011111 #
      #1150000000
      1!
      #1150000000
      #1200000000
      0!
      #1200000000
      b01000100 "
      b01000100 #
      #1250000000
      1!
      #1250000000
      #1300000000
      0!
      #1300000000
      b01000000 "
      b01000000 #
      #1350000000
      1!
      #1350000000
      #1400000000
      0!
      #1400000000
      b01000100 "
      b01000100 #
      #1450000000
      1!
      #1450000000
      #1500000000
      0!
      #1500000000
      b01011111 "
      b01011111 #
      #1550000000
      1!
      #1550000000
      #1600000000
      0!
      #1600000000
      b00110000 "
      b00110000 #
      #1650000000
      1!
      #1650000000
      #1700000000
      0!
      #1700000000
      b01000110 "
      b01000110 #
      #1750000000
      1!
      #1750000000
      #1800000000
      0!
      #1800000000
      b01011111 "
      b01011111 #
      #1850000000
      1!
      #1850000000
      #1900000000
      0!
      #1900000000
      b01001000 "
      b01001000 #
      #1950000000
      1!
      #1950000000
      #2000000000
      0!
      #2000000000
      b01000000 "
      b01000000 #
      #2050000000
      1!
      #2050000000
      #2100000000
      0!
      #2100000000
      b01110010 "
      b01110010 #
      #2150000000
      1!
      #2150000000
      #2200000000
      0!
      #2200000000
      b01100100 "
      b01100100 #
      #2250000000
      1!
      #2250000000
      #2300000000
      0!
      #2300000000
      b01110111 "
      b01110111 #
      #2350000000
      1!
      #2350000000
      #2400000000
      0!
      #2400000000
      b01000000 "
      b01000000 #
      #2450000000
      1!
      #2450000000
      #2500000000
      0!
      #2500000000
      b01110010 "
      b01110010 #
      #2550000000
      1!
      #2550000000
      #2600000000
      0!
      #2600000000
      b00110011 "
      b00110011 #
      #2650000000
      1!
      #2650000000
      #2700000000
      0!
      #2700000000
      b01111101 "
      b01111101 #
      #2750000000
      1!
      #2750000000
      #2800000000
      0!
      #2800000000
    
  

Steps

1.) The most immediately obvious thing about this challange is the binary data that changes as the signal state appears to change over time. Unironically, those binary values are the focus of this challenge, we just need to see past the preceeding ‘b’ values.

2.) Inside of the description, it is apparent that the first character we need is a capital ‘p.’ I took the first binary value (01010000), converted it to numerical representation (80), and finally to ASCII (P). It became clear that I had found the path to solve.

3.) I took all of the values into Excel to trim them, but I probably would have written a script if this was any longer. The visual below is easier to follow for how I collected the flag. Duplicates needed to be removed, so I took that liberty for your ease of understanding:

4.) I submitted my flag and got the solve: PCTF{RTL_i$_D@D_0F_H@rdw@r3}


Lessons Learned

1.) Learning new stuff is always a fun time. Prior to this experience, I had not been exposed to RTL, so I am glad to have the chance.

2.) Persistence and attention to detail are key if you don’t know where to start.

3.) I need to expose myself to more new concepts!

Footnotes