Rating:

# Omega Stonks

## Challenge
![alt text](https://github.com/Ale0x78/2020-CTF-Writeups/raw/master/uiu-ctf/images/omega_challange.png "If you solve this challenge, straightup you have Omega Stonks.(Buy this flag from IsabelleBot)")
## Plan of attack
You can type `!work` in the chat with ***IsabelleBot*** to earn stonks + it's late at night, and I need to get 8 hours of sleep = automate sending `!work` to ***IsabelleBot***.

In High School I used to make costume controllers for our robotics team using Arduino Boards (essentially they would mimic a keyboard), so for nostalgia's sake (and because I didn't want to look into making a Discord bot), I grabbed my old friend DigiSpark (with an **ATTINY85**) and started automating!

## Setup
DigiSpark ships with a library called [DigiKeyboard](https://github.com/digistump/DigistumpArduino/blob/master/digistump-avr/libraries/DigisparkKeyboard/DigiKeyboard.h) which lets you send keystrokes over USB.

![alt text](https://github.com/Ale0x78/2020-CTF-Writeups/raw/master/uiu-ctf/images/Digispark.png "My DigiSpark")

So after adding the `http://digistump.com/package_digistump_index.json` to my board manager URLs under Arduino Preferences, all I had to do is write the code to spam `!work`.

## Code

```Arduino
#include "DigiKeyboard.h"

void setup() {

}

void print(char *str) {
char c = str[0];
byte i = 0;
DigiKeyboard.update();
DigiKeyboard.sendKeyStroke(0); //this is generally not necessary but with some older systems it seems to prevent missing the first character after a delay
while (c != 0) {
if (c==' ')
DigiKeyboard.sendKeyStroke(KEY_SPACE);
if (c>='A' && c<='Z')
DigiKeyboard.sendKeyStroke(KEY_A+(c-'A'), MOD_SHIFT_LEFT);
if (c>='a' && c<='z')
DigiKeyboard.sendKeyStroke(KEY_A+(c-'a'));
if (c=='0')
DigiKeyboard.sendKeyStroke(KEY_0);
if (c>='1' && c<='9')
DigiKeyboard.sendKeyStroke(KEY_1+(c-'1'));
if (c == '!')
DigiKeyboard.sendKeyStroke(KEY_1, MOD_SHIFT_LEFT);
i++;
c = str[ i ];
}
}

void println (char *str) {
print(str);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
}
void sleep(int seconds) {
delay(seconds * 1000);
}
void loop() {
println ("!work");
sleep(17);
}
```
## Issues
The code took a few tries to upload to the board. I suspect it's because my Mac only has USB-C ports, and using a converter makes it go funky; however, after a few plug cycles, it started working, so I stayed with the DigiSpark. Alternatively, you could use an Arduino UNO. However, you would have to put it in [DFU mode and flash a custom firmware](http://mitchtech.net/arduino-usb-hid-keyboard/), which I didn't feel like doing.

## It's Alive!!

Ignore the chewed up USB-C dongle, my dog managed to get to it the day before. Now it's a matter of leaving it running overnight.

![alt text](https://github.com/Ale0x78/2020-CTF-Writeups/raw/master/uiu-ctf/images/stonks1.gif "")

## My AtTiny Got in trouble

The next morning I noticed that I was muted from the chat, with got about 450,000 (you needed 500,000 for the flag). So close! What happened? Was automation against the rules? (I should mention I didn't really look into the challenge that much). Did my little Arduino mess up and started sending bad words?

I opened a ticket with the CTF organizers, and after telling them honestly that my Arduino was doing most of the typing, and that it shall go to Android Hell for all of its wrongdoings, we were back in business.

![alt text](https://github.com/Ale0x78/2020-CTF-Writeups/raw/master/uiu-ctf/images/sad_digispark.png "My Sad DigiSpark")

And they even let me keep using it!!

## Final Push

After re-plugging the DigiSpark into my computer and having it run for a little longer, we finally got enough Stonks to buy the flag!

To avoid looking like a robot, I added a few random delays.

```Arduino
#include "DigiKeyboard.h"

void setup() {

}

void print(char *str) {
char c = str[0];
byte i = 0;
DigiKeyboard.update();
DigiKeyboard.sendKeyStroke(0); //this is generally not necessary but with some older systems it seems to prevent missing the first character after a delay
while (c != 0) {
if (c==' ')
DigiKeyboard.sendKeyStroke(KEY_SPACE);
if (c>='A' && c<='Z')
DigiKeyboard.sendKeyStroke(KEY_A+(c-'A'), MOD_SHIFT_LEFT);
if (c>='a' && c<='z')
DigiKeyboard.sendKeyStroke(KEY_A+(c-'a'));
if (c=='0')
DigiKeyboard.sendKeyStroke(KEY_0);
if (c>='1' && c<='9')
DigiKeyboard.sendKeyStroke(KEY_1+(c-'1'));
if (c == '!')
DigiKeyboard.sendKeyStroke(KEY_1, MOD_SHIFT_LEFT);
i++;
c = str[ i ];
}
}

void println (char *str) {
print(str);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
}
void sleep(int seconds) {
delay(seconds * 1000);
}
void loop() {
println ("!work");
sleep(16 + random(1,4));
}
```

And we get the flag!

![alt text](https://github.com/Ale0x78/2020-CTF-Writeups/raw/master/uiu-ctf/images/flag.png "Finally! The flag!")

## Conclusion
Main takeaway, ask admins about automating something before doing it. But if you are going to do it `Arduino HID emulation >>>>> Any other kind of scripting`

If I had a Raspberry Pi doing the automation, I could have said that my ARM was doing the typing...

Original writeup (https://github.com/Ale0x78/2020-CTF-Writeups/blob/master/uiu-ctf/Omega%20Stonks.md).
krystof1119July 20, 2020, 6:02 p.m.

I was there when you got muted, and I can tell you how they found out you (and many other people) were using a bot, along with why the random delays would not have helped. The bot was taken down for some maintenance at one point, and it was down for a few minutes. However, certain people continued typing, even though they got no response from the bot and the admins wrote that the bot was taken down for maintenance into the bot channel itself. The people that continued typing were muted, because it was pretty obvious they were not at the conputer typing.