diff --git a/_posts/2024-02-04-Ph0wn-Flag-Digger.md b/_posts/2024-02-04-Ph0wn-Flag-Digger.md
new file mode 100644
index 0000000..df3bdad
--- /dev/null
+++ b/_posts/2024-02-04-Ph0wn-Flag-Digger.md
@@ -0,0 +1,97 @@
+---
+layout: post
+title: Ph0wn CTF 2019 - Flag Digger
+---
+
+## Ph0wn CTF 2019 - Flag Digger
+
+TLDR: It's never too late to try to solve an old challenge. This blog post is a quick writeup of challenge from the Ph0wn CTF 2019 where you were given a small chip and you had to extract the flag from it.
+
+![](/images/Ph0wn/ph0wn_chip_dip2deep_min.jpg)
+
+<!--more-->
+
+A long time ago I participated in the Ph0wn CTF and we had to solve a challenge called "Flag Digger".
+Unfortunately at the time I didn't have the tools and gadgets required to solve it.
+But now in 2024 I recently got gifted an Hydrabus and I'm taking back my revenge 😈 
+
+The chip was clean and we can easily read the text on it. If you can't see it correctly, use your phone to take a picture and zoom on it or just buy a new pair of glasses 🤓. We get the following text: **CSI 93C46P 0204H**.
+
+A simple Google search helps us identifying the chip and its pinout: [93C46P datasheet](https://pdf1.alldatasheet.com/datasheet-pdf/view/1715855/ETC/93C46P.html)
+
+![](/images/Ph0wn/datasheet-93C46P-pinout.png)
+
+From there we can deduce from the inscription "DIP2Deep", that we have to use the DIP Package.
+
+Let's connect our HydraBus to the chip, we can use the command `show pin` to know where to connect **CLK**, **SDI** and **SDO**. More commands and details about the connection can be found in this [HydraFW 3wire guide](https://github.com/hydrabus/hydrafw/wiki/HydraFW-3wire-guide).
+
+{% highlight ps1%}
+screen /dev/ttyACM0
+
+> 3-wire
+Device: threewire1
+GPIO resistor: floating
+Frequency: 1000000Hz
+Bit order: MSB first
+
+threewire1> show pin 
+CLK: PB3
+SDI: PB4
+SDO: PB5
+{% endhighlight %}
+
+![](/images/Ph0wn/hydrabus-pinout.png)
+
+To summarize we will connect the pins as follows:
+
+* Pin 3V3: **+3V** (HydraBus)  -> Pin 8: **Vcc** (Chip)
+* Pin GND: **GND** (HydraBus) -> Pin 5: **GND** (Chip)
+* Pin PB4: **SDI** (HydraBus) -> Pin 4: **DO** (Chip)
+* Pin PB5: **SDO** (HydraBus) -> Pin 3: **DI** (Chip)
+* Pin PB3: **CLK** (HydraBus) -> Pin 2: **SK** (Chip)
+* Pin PC1: **CS**  (HydraBus) -> Pin 1: **CS** (Chip)
+
+
+![](/images/Ph0wn/ph0wn_solve_dip2deep_min.jpg)
+
+Now we want to interact with it, a simple READ instruction will do the trick. The datasheet gave us everything we needed to know about it, it has this format:
+
+* Intruction: READ
+* Start Bit: 1
+* Opcode: 10
+* Address
+
+![](/images/Ph0wn/datasheet-93C46P-read-instruction.png)
+
+To read the content starting from address 0x000000 we will send: `1 10 000000`. Using the guide [Bus interaction commands](https://github.com/hydrabus/hydrafw/wiki/Bus-interaction-commands), we can craft a command to read a maximum of 255 bytes.    
+
+{% highlight py%}
+StartBit [Opcode Address]
+0x1      10      000000
+0x1      0b10000000 = hex(128) = 0x80
+{% endhighlight %}
+
+NOTE: Changing the frequency with `threewire1> frequency 50k show`, didn't impact the output result.
+
+{% highlight ps1%}
+threewire1> 0x01 0b10000000 r:255
+WRITE: 0x01 READ: 0xFF
+WRITE: 0x80 READ: 0xFE
+READ: 0x70 0x68 0x30 0x77 0x6E 0x7B 0x4D 0x40 0x73 0x74 0x33 0x72 0x30 0x66 0x33 0x77 0x69 0x72 0x65 0x4D 0x65 0x6D 0x30 0x72 0x79 0x21 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0x70 0x68 0x30 0x77 0x6E 0x7B 0x4D 0x40 0x73 0x74 0x33 0x72 0x30 0x66 0x33 0x77 0x69 0x72 0x65 0x4D 0x65 0x6D 0x30 0x72 0x79 0x21 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
+{% endhighlight %}
+
+The output looks like ASCII characters, let's decode that in a Python interpreter.
+
+{% highlight py%}
+for c in [0x70,0x68,0x30,0x77,0x6E,0x7B,0x4D,0x40,0x73,0x74,0x33,0x72,0x30,0x66,0x33,0x77,0x69,0x72,0x65,0x4D,0x65,0x6D,0x30,0x72,0x79,0x21]: print(chr(c), end="")
+ph0wn{M@st3r0f3wireMem0ry!}
+{% endhighlight %}
+
+Yep, that's a flag: **ph0wn{M@st3r0f3wireMem0ry!}**
+
+
+## References
+
+* [hydrabus/hydrafw - HydraFW Bus 3-wire](https://github.com/hydrabus/hydrafw/wiki/HydraFW-3wire-guide)
+* [hydrabus/hydrafw - Bus interaction commands](https://github.com/hydrabus/hydrafw/wiki/Bus-interaction-commands)
+* [ph0wn/writeups - Official Writeup - Flag Digger 3 Wires](https://github.com/ph0wn/writeups/blob/master/2019/hardware/flagdigger.md)
\ No newline at end of file
diff --git a/images/Ph0wn/datasheet-93C46P-pinout.png b/images/Ph0wn/datasheet-93C46P-pinout.png
new file mode 100644
index 0000000..4737fa4
Binary files /dev/null and b/images/Ph0wn/datasheet-93C46P-pinout.png differ
diff --git a/images/Ph0wn/datasheet-93C46P-read-instruction.png b/images/Ph0wn/datasheet-93C46P-read-instruction.png
new file mode 100644
index 0000000..bf444a1
Binary files /dev/null and b/images/Ph0wn/datasheet-93C46P-read-instruction.png differ
diff --git a/images/Ph0wn/hydrabus-pinout.png b/images/Ph0wn/hydrabus-pinout.png
new file mode 100644
index 0000000..938fef0
Binary files /dev/null and b/images/Ph0wn/hydrabus-pinout.png differ
diff --git a/images/Ph0wn/ph0wn_chip_dip2deep_min.jpg b/images/Ph0wn/ph0wn_chip_dip2deep_min.jpg
new file mode 100644
index 0000000..8ae6917
Binary files /dev/null and b/images/Ph0wn/ph0wn_chip_dip2deep_min.jpg differ
diff --git a/images/Ph0wn/ph0wn_solve_dip2deep_min.jpg b/images/Ph0wn/ph0wn_solve_dip2deep_min.jpg
new file mode 100644
index 0000000..6c11108
Binary files /dev/null and b/images/Ph0wn/ph0wn_solve_dip2deep_min.jpg differ