Hanoi

 

This is the third challenge attempted. As usual I run through it without any breaks just to take a look. Hit c to continue, enter in a test password, and continue through the rest. Similar to the previous two, although this is a little more verbose, and now states that passwords are between 8 and 16 chars.

RESET 

BREAK MAIN

Continue

Main is very simple, it calls the function login.

Stepping into the login function, we see a few things.

It looks like it will move \x00  into location 0x2410 (which is already \x00). Then put some strings to stdout. Put \x1c into r14, put \x2400 into r15, and then call getsn. After the call, test password will be called, tst against r15 and some jumps depending on the test.

I'll put a break at getsn, and then step through and input a test password, and then return back to main.

When I get back to main, it looks like my password is stored at address 2400, and that the next instruction is to put that address into r15, and then test if the password is valid. (I am assuming based on function name...).

I'll step past the mov and into the test_password_valid function.

First couple times through I tried to figure out how this function verifies the password, when I realized that it appears to be doing nothing of the sort. I'm not entirely sure why this is there or what it is doing entirely, but after a couple times of resetting, I noticed that cmp.b instruction at 455a.

After we return from the test password valid function, there is a little prep work right before the cmp.b, and it looks like it is checking if memory address location 2410 is \x51. This would be the 17th byte of a password, that was previously stated to be 8-16. So I'll try entering in whatever 16 times and then entering 51 for the 17th byte. Looking at the instructions below, it appears that if I pass the cmp.b, I'll jump through and unlock.

RESET

Enter Password:

After stepping through execution, getting back to 445a again, i see that \x51 is stored at 2410 this time.

Theoretically I should pass the cmp.b and move down to unlock_door.

And after stepping through it looks like I was correct. Success.

Notes:

Looks like they put in some rabbit holes and it got me. I spent a lot of time looking at "Test_Password_valid" trying to figure out what it was doing, but more importantly why it was doing what it was doing. I'm still not really sure what was going on, other than filler to confuse me?