GBAND is a GBC emulator written for NorthSec CTF 2022. The emulator supports async link cable transfer, which was used for the final exploit.
The contestants had to reverse engineer the emulator and a ROM to find a flag and a backdoor that could be used to leak another flag. At the very end, the contestants were required to exploit a buffer overflow using the link cable on a headless emulator instance and exfiltrate the flag that was stored in the save data of that instance.
This snapshot of the repo was made for a cybersecurity competition and contains a backdoor and code specific to that competition. A cleaned and current version of the emulator can be found here!
The repository uses Git LFS, so you need it to access non-text files in the repo.
You also need to have a working Rust toolchain set up, and on linux you need libudev
for gamepad support.
The emulator uses wgpu
, which translates graphics call to Vulkan/DirectX12/Metal. Note that only those recent graphic APIs are well supported for now.
Building roms requires make
, python and the RGBDS toolchain available in your PATH.
Refer to vuln-rom/README.md
. Note that a prebuilt version can be found in gband-webclient/roms/super-myco-boi.gbc
.
You can use the -s
and -c
command line argument to connect via link cable as a server or client, respectively.
cd gband-wgpu
cargo run --release -- <path/to/rom>
To build and run the server, run the following commands. Note that the following command assumed the vulnerable rom is built and in the right directory:
cd gband-server
cargo run --release -- -a 0.0.0.0:8080 -i ./inputs.ron -r ./super-myco-boi.gbc
This componnent is optionnal to setup the challenge, and contains a few links hardcoded from the northsec infrastructure. However it does contain a webassembly version of the emulator and can be fun to play with:
cd gband-webclient
trunk serve
Solutions for the challenges can be found in the writeups
directory. If you want to link your own writeup here, simply open a Pull Request!
Code is provided under the MIT or Apache license.