In the end, one line of code shows you how to open the lock. Security through obscurity ... isn't. Sure don't be the tallest nail near the hammer, but that shouldn't be your entire game plan.
What follows is my thought process while analyzing the code, scroll to the end for the facepalm.
do_clear – writes 00 to x100 bytes
starting at x247c to initialize that portion of memory to x0 values.
While I personally feel that initializing things like variables and
pointers is good, safe practice in coding, it does serve to highlight
that this area of memory may be important to the encryption/
decryption/ password recognition process.
Main – puts x4520 into r14 and then
into r15. If this is meant as an address it puts you halfway into
“do_nothing”. Then promptly overwrites r14 with xf8 and r15 with
2400. Then calls ENC.
ENC – begins by writing values 0 to
x100 in sequential order to bytes starting at x247C and rising. Given
that we just spent all that time writing zeros to them, only to then
re-initialize them all again with specific values is … uh … part
of the game I guess. Moving along then....
44a4: R8 = 0
… an algorithm?
44b0: references troll text:
“ThisIsSecureRight?” and puts “T” (x54) in R10
44b4: sign extend R10 … this
shouldn't produce any result on an ascii character as the highest is
x7f. However if a non ascii character is entered there may be things.
44b6: R10+R13->R13 (54, 54)
44b8: Set high order bits to zero,
resulting in new byte. So if we sign extend, then add, then overflow
the register and set the high order bits back to zero, we can get a
new ascii character. Adding xffff to x53, then anding with xff yields
x52.
x247c: There appears to be something
being put starting here again...
444a: call 2400 program is now
executing code that it appears to have generated in the previous
portions.
Then I see it, the snippet of code that says: Compare d7c5 <---- this is the
password for opening the door.
Face, palm.
No comments:
Post a Comment