# CTF Challenge: RFID Access Door

## Challenge
Unlock API endpoint by sending correct RFID credentials extracted from Saleae logic capture.

## What We Have
- **Saleae capture**: `access_reader_logic_data.sal` (SPI communication between MFRC522 and MIFARE card)
- **Python reader code**: Shows system reads 3 card sectors, generates keys via LCG, sends to API
- **API endpoint**: `http://154.57.164.61:31938/api`

## What We Found
From SPI capture analysis:
- **UID**: `04f6555b`
- **Username**: `axel_outrun` (hex: `6178656c5f6f757472756e`)
- **Sector 22**: `0292640464020a820860081608cd0833`
- **Sector 34**: `085e0831084d084f0886083408cd081f`

## What's Missing
**Passcode** - seed for LCG that generates authentication keys:
```python
def lcg_step(seed):
    return (seed * 0x52c6425d + 0xcc52c) % (2**32)
```

Final auth = `sector_22 + last_2_generated_keys`

## Current Status
- Server confirms our data is correct (returns `HTB{}` instead of error)
- Brute forcing passcode 0-65535 (currently at ~14k/65k)
- Need: Either find passcode in capture or wait for brute force

## Question for Expert
Is there a way to extract the passcode from the Saleae SPI capture, or is brute force the only option?