Symposium sur la Sécurité des Techologies de l’Information et des Communications is a security conference held each year in Rennes, France. Each year, they release a challenge usually divided into several smaller tasks. 2017 was my third participation and, just like the previous editions, it has proven to be really challenging and interesting, so I highly recommand giving it a try ! Today’s post will be a write up of the 3rd task. I particuliary enjoyed this one, so I’m gonna share it here. Background : Once you complete the first task, you’re given instructions to setup the environment for the rest of the challenge and here’s what it looks like when you’re done doing it : What’s you’re seeing is an OpenRisk1000 virtual machine written in Javascript (based on the opensource project jor1k) and executed in a web browser. It is worth mentioning the presence of a Trusted Execution Environment (TEE), in the shape of a second virtual machine, this time for the RiscV architecture. First approach : The zip archive contains 4 files : 2 binaries : TA.elf.signed : ELF 32-bit LSB executable, UCB RISC-V, version 1 (SYSV), statically linked, not stripped trustzone_decrypt : ELF 32-bit MSB…