Microcorruption

Microcorruption CTF is a capture the flag (CTF) competition designed to teach low-level reverse engineering by pitting the user against a lock mechanism running on a simulated MSP430 controller. The user exploits MSP430 assembly to gain access to the device and unlock the door.

Microcorruption (Sydney)

This is Software Revision 02. We have received reports that the prior version of the lock was bypassable without knowing the password. We have fixed this and removed the password from memory.

`main`

assembly

; call <get_password>
; move stack pointer to r15
; call <check_password>
; if r15 is not zero, success

`get_password`

assembly

; load r14 = 0x64 (max input length)
; call <getsn> (read string input)
; returns SP buffer

`getsn`

assembly

; pushes r14 to stack (size value)
; pushes r15 to stack (buffer pointer)
; pushses #0x2 to stack (<INT> arg)
; calls <INT> with arg #2
; restores stack to original position by adding 6 to value

; with each push stack value grows downward, subtracted by 2
; add is the same as pop 3 times, without returning a value

`check_password`

assembly

; compare byte 1 of sp to 0x577b
; jump if not zero
; compare byte 2 of sp to 0x605b
; jump if not zero
; compare byte 3 of sp to 0x5862
; jump if not zero
; compare byte 2 of sp to 0x3d77
; jump if not zero
; clear r14
; load r14 to r15

Solution

Enter hex value 0x7B575B606258773D

Microcorruption ​

Microcorruption (Sydney) ​

main ​

get_password ​

getsn ​

check_password ​

Solution ​

Microcorruption

Microcorruption (Sydney)

`main`

`get_password`

`getsn`

`check_password`

Solution