Let's look at the main function. It has only one instruction that calls the 'login' function.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 4438 <main> | |
| 4438: b012 0045 call #0x4500 <login> |
So lets look at the login function.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 4500 <login> | |
| 4500: 3150 f0ff add #0xfff0, sp | |
| 4504: 3f40 7c44 mov #0x447c "Enter the password to continue.", r15 | |
| 4508: b012 a645 call #0x45a6 <puts> | |
| 450c: 3f40 9c44 mov #0x449c "Remember: passwords are between 8 and 16 characters.", r15 | |
| 4510: b012 a645 call #0x45a6 <puts> | |
| 4514: 3e40 3000 mov #0x30, r14 | |
| 4518: 0f41 mov sp, r15 | |
| 451a: b012 9645 call #0x4596 <getsn> | |
| 451e: 0f41 mov sp, r15 | |
| 4520: b012 5244 call #0x4452 <test_password_valid> | |
| 4524: 0f93 tst r15 | |
| 4526: 0524 jz #0x4532 <login+0x32> | |
| 4528: b012 4644 call #0x4446 <unlock_door> | |
| 452c: 3f40 d144 mov #0x44d1 "Access granted.", r15 | |
| 4530: 023c jmp #0x4536 <login+0x36> | |
| 4532: 3f40 e144 mov #0x44e1 "That password is not correct.", r15 | |
| 4536: b012 a645 call #0x45a6 <puts> | |
| 453a: 3150 1000 add #0x10, sp | |
| 453e: 3041 ret |
The 'test_password_valid' function that is being called is of interest to us. However, after observing the function, nothing stands as important.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 4452 <test_password_valid> | |
| 4452: 0412 push r4 | |
| 4454: 0441 mov sp, r4 | |
| 4456: 2453 incd r4 | |
| 4458: 2183 decd sp | |
| 445a: c443 fcff mov.b #0x0, -0x4(r4) | |
| 445e: 3e40 fcff mov #0xfffc, r14 | |
| 4462: 0e54 add r4, r14 | |
| 4464: 0e12 push r14 | |
| 4466: 0f12 push r15 | |
| 4468: 3012 7d00 push #0x7d | |
| 446c: b012 4245 call #0x4542 <INT> | |
| 4470: 5f44 fcff mov.b -0x4(r4), r15 | |
| 4474: 8f11 sxt r15 | |
| 4476: 3152 add #0x8, sp | |
| 4478: 3441 pop r4 | |
| 447a: 3041 ret |
Now, let's check the unlock_door function that starts at 4446.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 4446 <unlock_door> | |
| 4446: 3012 7f00 push #0x7f | |
| 444a: b012 4245 call #0x4542 <INT> | |
| 444e: 2153 incd sp | |
| 4450: 3041 ret |
We input the password as 16 characters (32 As in hex) with the value 0x4644 as below.
We are successful in solving this level.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.