hxp 36C3 CTF

The CTF is over, thanks for playing! hxp <3 you! ๐Ÿ˜Š
This is a static mirror, we try to keep files online, but all services will be down.

Join us on IRC! freenode | #hxpctf - Stalk us on Twitter @hxpctf
For the 36C3 Junior CTF click here

Totally not BadUSB

by 0xbb

Difficulty estimate: medium - medium

Points: round(1000 ยท min(1, 10 / (9 + [5 solves]))) = 714 points


Time for hxp’s first hardware challenge :>.

important meme

We proudly present the Totally Not BadUSB Stick:

Totally Not BadUSB Stick

If you are playing at the 36C3, please come to the CTF Orga assembly to fetch your own hackable hardware. You may have one device per team.

Edit: Updated challenge archive (added pow-solver.cpp, no other changes).


  • Can I solve the challenge without being physically present at the 36C3?

    • Yes, it can be fully solved from the internet.
  • Can the flag be extracted from the handed out hardware?

    • No, everyone has to pwn the stick remotely.
  • Can I keep the stick after the CTF?

    • Yes! We can even restore its original functionality if you like.
  • How to hack?

    • Please hack.


Totally not BadUSB-20bad6c24c5d9c72.tar.xz (75.9 KiB)


nc 2201


CTFtime Logo CTFtime: Task & Writeups

Solved by:

# Team Time
๐Ÿฅ‡ pasten 2019-12-28 18:34:22 +0000 UTC
๐Ÿฅˆ KJC+f0f+Spotless+SF+mhackeroni 2019-12-29 02:02:50 +0000 UTC
๐Ÿฅ‰ 5BC 2019-12-29 14:15:50 +0000 UTC
4 Dragon Sector 2019-12-29 17:02:23 +0000 UTC
5 A*0*E 2019-12-29 17:05:47 +0000 UTC