The ART of IOT

Category: IOT
400 points
Solved by JCTF Team

Description

problem description

Solution

😀 Introduction

We’ve been given a single file: The-ART-of-IOT.atkdl. The acronym “ART” and the description—**Why So Serial?**—nudges us toward serial communication. But let's not jump to conclusions...yet.

🔍 Inspecting the File

FIrst, let’s check the file header:

$ xxd The-ART-of-IOT.atkdl | head -1
00000000: 504b 0304 1400 0008 0800 8e9a b85a bf48  PK...........Z.H

The PK header (0x50 0x4B) reveals that this is a ZIP archive "in disguise".

Unpack the archive:

$ unzip The-ART-of-IOT.atkdl -d The-ART-of-IOT

Directory structure:

The-ART-of-IOT
├── 0
│   └── channel.ini
├── 1
│   ├── 0-0.bin
│   ├── 0-1.bin
│   └── channel.ini
├── 2 … 15  each with channel.ini
├── channel.ini
├── set.ini
└── vernier.ini

Only 1/ contains data (0-0.bin, 0-1.bin); the rest are configuration files.

🧐 Identifying the Format

Examining channel.ini at the root:

SessionName=DL16 Plus
SamplingFrequency=20000  ; samples per second
SamplingDepth=40000000   ; max samples
TriggerSamplingDepth=400000

And set.ini:

favoritesList=["SPI", null, "UART"]

DL16 Plus matches an Alientek logic analyzer.
The .atkdl extension is its native dump format.
“Why So Serial?” + (U)ART → we’re decoding UART traffic.

🤓 UART Refresher

UART (Universal Asynchronous Receiver/Transmitter) is a simple serial protocol:

Data lines idle HIGH (logic 1); a START bit pulls the line LOW (0).
Data frame (commonly 8‑bit, LSB first): D0 … D7.
Optional parity bit for error checking.
STOP bit(s) return the line to HIGH.

|   1    |   0   | D0 | D1 | … | D7 | Parity? |   1   |
 Idle   Start                                    Stop

Baud rate (e.g., 115200) = bit‑times per second.
Logic analyzer sampling rate should be ≥ 8× the baud to cleanly reconstruct bits.

We could spend (a lot of) time to decode the dump. But since the software for this Alientek DL16 Plus logic analyzer is available, why bother?

🛠️ Decoding with the Logic Analyzer Software

Launch DL16 Plus software (or compatible).
Open The-ART-of-IOT.atkdl directly—the software auto‑loads channel configs and sampling settings.
Select the channel containing data.
Enable UART decode (e.g., 115200 baud, 8‑N‑1).
Filter or discard idle/noisy segments.

Here’s the decoded output in the UI:

Logic Analyzer Screenshot

Figure: UART decoding in ATK DL16 Plus.

🏁 Extracting the Flag

The decoded byte sequence:

41 70 70 53 65 63 2D 49 4C 7B 66 72 30 6D 5F 77
31 72 33 5F 74 6F 5F 66 6C 61 67 7D 0D 0A

Converting to ASCII give us the flag:

AppSec-IL{fr0m_w1r3_to_flag} 🎉

🎓 Key Takeaways

Title/Description cleverly points to serial/UART.
File header reveals a ZIP archive.
Extension hint at Alientek DL16 Plus .atkdl format.
Config files (.ini) reveal sampling rates and protocols.
UART basics: framing, parity, stop bits, and sampling considerations.
Sometimes the simplest path is using the vendor’s own decoding tool.