Gili Yankovitch's Sword of Secrets Is an Open, RISC-V-Powered Hardware Capture-the-Flag Contest

Powered by the low-cost WCH Electronics CH32V003, this sword-like USB stick plays host to a game of hardware and firmware exploitation.

Gareth Halfacree
7 months ago β€’ HW101 / Security

Security researcher Gili Yankovitch is preparing to launch a crowdfunding campaign for an open source capture-the-flag challenge based around an unusually-shaped USB key: the Sword of Secrets.

"Sword of Secrets is a multi-stage hardware Capture The Flag (CTF) challenge designed for hackers, tinkerers, and puzzle lovers who crave hands-on problem-solving," Yankovitch explains. "Housed in a sleek, keychain-sized board, this open-source adventure weaves together hardware hacking, cryptographic trickery, and low-level exploitation. As you delve through the stages, your mastery of embedded systems, RISC-V assembly code, datasheets, and creative debugging will be tested. Solving it means digging into both the schematics and source code β€” and truly understanding them."

If you fancy taking on a hardware-based capture-the-flag contest, the crowdfunded Sword of Secrets could offer you a real challenge. (πŸ“·: Gili Yankovitch)

The Sword of Secrets is, as the name suggests, a sword β€” albeit a blunt one, built in miniature from a PCB substrate. The "blade" is a simple USB Type-A plug, which connects the on-board WCH Electronics CH32V003 32-bit RISC-V microcontroller to a host computer via a CH340E USB to UART bridge chip. The final major component: a Winbond W29Q128 serial NOR flash storage chip.

The idea is simple: secrets are embedded in the device, and the user needs to break various protection systems in order to access them. "Many challenges rely on spotting subtle design choices and using that knowledge to uncover hidden functionality or bypass protections," Yankovitch promises. "You'll face cryptographic challenges inspired by real-world exploits. The tasks focus on identifying flawed assumptions and implementation issues, requiring a solid understanding of how cryptography can fail in practice, not just in theory."

Yankovitch has promised to release KiCad project files for the hardware when the contest launches. (πŸ“·: Gili Yankovitch)

The hardware is also designed to accept new firmware β€” though only cryptographically signed official firmware, unless you pick up a planned unlocked variant for use with your own code β€” which will add new puzzle stages over time, Yankovitch says. The firmware is open source, though the cryptographic keys are not included for obvious reasons; the hardware design files will be available when the device launches, Yankovitch promises.

Interested parties can sign up to be notified when the crowdfunding campaign goes live on Crowd Supply; the firmware source code, meanwhile, is already available on GitHub under the permissive MIT license.

open source hardware
development board
microcontroller
security
pcb
Gareth Halfacree
Freelance journalist, technical author, hacker, tinkerer, erstwhile sysadmin. For hire: freelance@halfacree.co.uk.
Latest articles
Sponsored articles
Related articles
Latest articles
Read more
Related articles