commit 7edc5d5fa41347458031fe9fd5c6428515a961f1 Author: Kaushik Narayan R Date: Tue Sep 3 17:53:16 2024 -0700 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ed7735f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*/result diff --git a/1.12/sha256_crack.py b/1.12/sha256_crack.py new file mode 100644 index 0000000..b1c9fe5 --- /dev/null +++ b/1.12/sha256_crack.py @@ -0,0 +1,80 @@ +import hashlib +import string +import itertools +import argparse +import time +import json +import re + + +def gen_perm_cipher(plain_text): + cipher_text = hashlib.sha256(plain_text.encode("ascii")).hexdigest() + return cipher_text + + +def gen_all_perms( + perm_len=6, + char_set=string.ascii_lowercase, + prefix_len=0, + resuming=False, + resume_pos=0, +): + """ + Permutation generator. Can specify length, character set and prefix length to rotate result files. + + Can resume from a specified position as well. + + If resuming, please ensure the other parameters are identical to the previous run. resume_pos is included + """ + + if prefix_len == 0: + prefix_len = perm_len // 2 + split_len = len(char_set) ** (perm_len - prefix_len) + + print( + f"Permuting {perm_len}-character strings from {char_set}. Splitting on a {prefix_len}-character prefix." + ) + if resuming: + print(f"Resuming from permutation {resume_pos}") + + perms = {} + for i, item in enumerate(itertools.product(char_set, repeat=perm_len)): + if resuming and i < resume_pos: + pass + perm_plain = "".join(item) + perm_cipher = gen_perm_cipher(perm_plain) + perms[perm_plain] = perm_cipher + + if (i + 1) % split_len == 0: + perms_str = json.dumps(perms, indent=0)[2:-2] + perms_str = re.sub(r'[":,]', "", perms_str) + print(f"saving {split_len} permutations...") + with open( + f"result/{next(iter(perms.keys()))[:prefix_len]}.perms", "w" + ) as out_f: + print(perms_str, file=out_f) + perms = {} + + +if __name__ == "__main__": + parser = argparse.ArgumentParser() + parser.add_argument( + "-p", "--perm_len", required=False, default=6, dest="p", type=int + ) + parser.add_argument( + "-f", "--prefix_len", required=False, default=0, dest="f", type=int + ) + parser.add_argument( + "-c", + "--char_set", + required=False, + default=string.ascii_lowercase, + dest="chars", + type=str, + ) + args = parser.parse_args() + + start_t = time.time() + gen_all_perms(args.p, args.chars, args.f) + end_t = time.time() + print(f"generated all pairs in {end_t-start_t} seconds") diff --git a/1.12/sha256_gen.py b/1.12/sha256_gen.py new file mode 100644 index 0000000..1aadf99 --- /dev/null +++ b/1.12/sha256_gen.py @@ -0,0 +1,28 @@ +from typing import Tuple +import hashlib +import random +import string + + +def gen_plain_cipher() -> Tuple[str, str]: + plain_text = "".join([random.choice(string.ascii_lowercase) for _ in range(6)]) + cipher_text = hashlib.sha256(plain_text.encode("ascii")).hexdigest() + return plain_text, cipher_text + + +def main(): + plain_text, cipher_text = gen_plain_cipher() + print(f"Please submit the *plain-text string* for the SHA256 hash of \"{cipher_text}\".") + print("") + + input_str = input("Your answer: ") + if input_str.strip(" \n\r") == plain_text: + with open("/flag", "r") as f: + print("Congrats! Your flag:", f.read()) + else: + print("Incorrect input. Try again!") + + +if __name__ == "__main__": + main() + diff --git a/2.04/crack.c b/2.04/crack.c new file mode 100644 index 0000000..041e2a1 --- /dev/null +++ b/2.04/crack.c @@ -0,0 +1,34 @@ +#include +#include +#include + +int verify(unsigned int v0, unsigned int v1, unsigned int v2, unsigned int v3) +{ + if (!v0 || !v1 || !v2 || !v3) + return 0; + if (v1 * v0 + v2 - v3 != 1208779703) + return 0; + if (v1 - v0 != -24223) + return 0; + if (v3 - 5 * v2 == -129519) + return (v3 + v1) % 100000 == 40256; + return 0; +} + +int main() +{ + for (unsigned int v1 = 1; v1 < 75777; v1++) + { + unsigned int v0 = v1 + 24223; + for (unsigned int v2 = 25904; v2 < 45904; v2++) + { + unsigned int v3 = (5 * v2) - 129519; + if (verify(v0, v1, v2, v3)) + { + printf("%u-%u-%u-%u\n", v0, v1, v2, v3); + return 0; + } + } + } + return 0; +} \ No newline at end of file diff --git a/2.06/soln.py b/2.06/soln.py new file mode 100644 index 0000000..89c0e31 --- /dev/null +++ b/2.06/soln.py @@ -0,0 +1,551 @@ +import argparse +import time + + +def verify(ctx: str) -> bool: + result = 0 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[0]) > 127: # 0 + result = result | 0x26 + + if ord(ctx[0]) & 0x40 != 0: # 0 + result = result | 0x26 + + if ord(ctx[0]) & 0x20 == 0: # 1 + result = result | 0x27 + + if ord(ctx[0]) & 0x10 == 0: # 1 + result = result | 0x26 + + if ord(ctx[0]) & 8 != 0: # 0 + result = result | 4 + + if ord(ctx[0]) & 4 == 0: # 1 + result = result | 0x11 + + if ord(ctx[0]) & 2 == 0: # 1 + result = result | 5 + + if ord(ctx[0]) & 1 != 0: # 0 + result = result | 0x22 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[1]) > 127: # 0 + result = result | 2 + + if ord(ctx[1]) & 0x40 != 0: # 0 + result = result | 2 + + if ord(ctx[1]) & 0x20 == 0: # 1 + result = result | 0x25 + + if ord(ctx[1]) & 0x10 == 0: # 1 + result = result | 0x12 + + if ord(ctx[1]) & 8 != 0: # 0 + result = result | 0x27 + + if ord(ctx[1]) & 4 == 0: # 1 + result = result | 0x1C + + if ord(ctx[1]) & 2 == 0: # 1 + result = result | 9 + + if ord(ctx[1]) & 1 == 0: # 1 + result = result | 0x11 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[2]) > 127: # 0 + result = result | 0x11 + + if ord(ctx[2]) & 0x40 == 0: # 1 + result = result | 0x15 + + if ord(ctx[2]) & 0x20 == 0: # 1 + result = result | 0x11 + + if ord(ctx[2]) & 0x10 != 0: # 0 + result = result | 0xD + + if ord(ctx[2]) & 8 == 0: # 1 + result = result | 0x29 + + if ord(ctx[2]) & 4 != 0: # 0 + result = result | 0x23 + + if ord(ctx[2]) & 2 == 0: # 1 + result = result | 0xD + + if ord(ctx[2]) & 1 == 0: # 1 + result = result | 0x1C + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[3]) > 127: # 0 + result = result | 0x1E + + if ord(ctx[3]) & 0x40 == 0: # 1 + result = result | 0x28 + + if ord(ctx[3]) & 0x20 != 0: # 0 + result = result | 0x28 + + if ord(ctx[3]) & 0x10 == 0: # 1 + result = result | 0x14 + + if ord(ctx[3]) & 8 != 0: # 0 + result = result | 0x1F + + if ord(ctx[3]) & 4 == 0: # 1 + result = result | 0x28 + + if ord(ctx[3]) & 2 == 0: # 1 + result = result | 0x13 + + if ord(ctx[3]) & 1 == 0: # 1 + result = result | 0x2C + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[4]) > 127: # 0 + result = result | 0x19 + + if ord(ctx[4]) & 0x40 != 0: # 0 + result = result | 0x11 + + if ord(ctx[4]) & 0x20 == 0: # 1 + result = result | 0x1F + + if ord(ctx[4]) & 0x10 == 0: # 1 + result = result | 8 + + if ord(ctx[4]) & 8 != 0: # 0 + result = result | 0x2D + + if ord(ctx[4]) & 4 == 0: # 1 + result = result | 0x1C + + if ord(ctx[4]) & 2 == 0: # 1 + result = result | 8 + + if ord(ctx[4]) & 1 != 0: # 0 + result = result | 0x10 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[5]) > 127: # 0 + result = result | 9 + + if ord(ctx[5]) & 0x40 == 0: # 1 + result = result | 0x19 + + if ord(ctx[5]) & 0x20 != 0: # 0 + result = result | 0x1C + + if ord(ctx[5]) & 0x10 == 0: # 1 + result = result | 0x17 + + if ord(ctx[5]) & 8 == 0: # 1 + result = result | 0x27 + + if ord(ctx[5]) & 4 != 0: # 0 + result = result | 0x18 + + if ord(ctx[5]) & 2 != 0: # 0 + result = result | 0x2D + + if ord(ctx[5]) & 1 == 0: # 1 + result = result | 0x1A + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[6]) > 127: # 0 + result = result | 0x10 + + if ord(ctx[6]) & 0x40 == 0: # 1 + result = result | 7 + + if ord(ctx[6]) & 0x20 == 0: # 1 + result = result | 0x2B + + if ord(ctx[6]) & 0x10 != 0: # 0 + result = result | 0x24 + + if ord(ctx[6]) & 8 == 0: # 1 + result = result | 0x15 + + if ord(ctx[6]) & 4 == 0: # 1 + result = result | 0xF + + if ord(ctx[6]) & 2 == 0: # 1 + result = result | 9 + + if ord(ctx[6]) & 1 != 0: # 0 + result = result | 1 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[7]) > 127: # 0 + result = result | 0x27 + + if ord(ctx[7]) & 0x40 == 0: # 1 + result = result | 0xC + + if ord(ctx[7]) & 0x20 != 0: # 0 + result = result | 4 + + if ord(ctx[7]) & 0x10 != 0: # 0 + result = result | 0x1A + + if ord(ctx[7]) & 8 == 0: # 1 + result = result | 0x14 + + if ord(ctx[7]) & 4 != 0: # 0 + result = result | 0x1A + + if ord(ctx[7]) & 2 == 0: # 1 + result = result | 8 + + if ord(ctx[7]) & 1 == 0: # 1 + result = result | 9 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[8]) > 127: # 0 + result = result | 0x2C + + if ord(ctx[8]) & 0x40 == 0: # 1 + result = result | 0x16 + + if ord(ctx[8]) & 0x20 == 0: # 1 + result = result | 0x22 + + if ord(ctx[8]) & 0x10 == 0: # 1 + result = result | 0x28 + + if ord(ctx[8]) & 8 != 0: # 0 + result = result | 0x22 + + if ord(ctx[8]) & 4 == 0: # 1 + result = result | 9 + + if ord(ctx[8]) & 2 == 0: # 1 + result = result | 0x17 + + if ord(ctx[8]) & 1 != 0: # 0 + result = result | 0x22 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[9]) > 127: # 0 + result = result | 0x19 + + if ord(ctx[9]) & 0x40 == 0: # 1 + result = result | 0x29 + + if ord(ctx[9]) & 0x20 != 0: # 0 + result = result | 0x2D + + if ord(ctx[9]) & 0x10 == 0: # 1 + result = result | 0x23 + + if ord(ctx[9]) & 8 != 0: # 0 + result = result | 0x12 + + if ord(ctx[9]) & 4 == 0: # 1 + result = result | 2 + + if ord(ctx[9]) & 2 != 0: # 0 + result = result | 0x11 + + if ord(ctx[9]) & 1 != 0: # 0 + result = result | 4 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[10]) > 127: # 0 + result = result | 0x26 + + if ord(ctx[10]) & 0x40 == 0: # 1 + result = result | 0x15 + + if ord(ctx[10]) & 0x20 == 0: # 1 + result = result | 0xC + + if ord(ctx[10]) & 0x10 == 0: # 1 + result = 0x1B + + if ord(ctx[10]) & 8 != 0: # 0 + result = result | 0xD + + if ord(ctx[10]) & 4 != 0: # 0 + result = result | 0x24 + + if ord(ctx[10]) & 2 != 0: # 0 + result = result | 0x21 + + if ord(ctx[10]) & 1 != 0: # 0 + result = result | 0x23 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[0xB]) > 127: # 0 + result = result | 0x16 + + if ord(ctx[0xB]) & 0x40 == 0: # 1 + result = result | 0x11 + + if ord(ctx[0xB]) & 0x20 == 0: # 1 + result = result | 7 + + if ord(ctx[0xB]) & 0x10 != 0: # 0 + result = result | 0x19 + + if ord(ctx[0xB]) & 8 != 0: # 0 + result = result | 0x1A + + if ord(ctx[0xB]) & 4 != 0: # 0 + result = result | 0x29 + + if ord(ctx[0xB]) & 2 != 0: # 0 + result = result | 0x23 + + if ord(ctx[0xB]) & 1 == 0: # 1 + result = result | 0x2A + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[0xC]) > 127: # 0 + result = result | 0x2B + + if ord(ctx[0xC]) & 0x40 == 0: # 1 + result = result | 0x10 + + if ord(ctx[0xC]) & 0x20 == 0: # 1 + result = result | 0x12 + + if ord(ctx[0xC]) & 0x10 == 0: # 1 + result = result | 0x29 + + if ord(ctx[0xC]) & 8 != 0: # 0 + result = result | 3 + + if ord(ctx[0xC]) & 4 != 0: # 0 + result = result | 0x1C + + if ord(ctx[0xC]) & 2 != 0: # 0 + result = result | 0x11 + + if ord(ctx[0xC]) & 1 == 0: # 1 + result = result | 4 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[0xD]) > 127: # 0 + result = result | 0x16 + + if ord(ctx[0xD]) & 0x40 == 0: # 1 + result = result | 0x21 + + if ord(ctx[0xD]) & 0x20 == 0: # 1 + result = result | 2 + + if ord(ctx[0xD]) & 0x10 != 0: # 0 + result = result | 0x2D + + if ord(ctx[0xD]) & 8 == 0: # 1 + result = result | 0x1D + + if ord(ctx[0xD]) & 4 == 0: # 1 + result = result | 0xB + + if ord(ctx[0xD]) & 2 == 0: # 1 + result = result | 9 + + if ord(ctx[0xD]) & 1 == 0: # 1 + result = result | 0xC + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[0xE]) > 127: # 0 + result = result | 0x24 + + if ord(ctx[0xE]) & 0x40 == 0: # 1 + result = result | 0x12 + + if ord(ctx[0xE]) & 0x20 != 0: # 0 + result = result | 0x22 + + if ord(ctx[0xE]) & 0x10 != 0: # 0 + result = result | 0xE + + if ord(ctx[0xE]) & 8 != 0: # 0 + result = result | 9 + + if ord(ctx[0xE]) & 4 != 0: # 0 + result = result | 2 + + if ord(ctx[0xE]) & 2 == 0: # 1 + result = result | 0x28 + + if ord(ctx[0xE]) & 1 != 0: # 0 + result = result | 0x2C + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[0xF]) > 127: # 0 + result = result | 0x2B + + if ord(ctx[0xF]) & 0x40 == 0: # 1 + result = result | 0x27 + + if ord(ctx[0xF]) & 0x20 != 0: # 0 + result = result | 0x21 + + if ord(ctx[0xF]) & 0x10 == 0: # 1 + result = result | 0x1F + + if ord(ctx[0xF]) & 8 == 0: # 1 + result = result | 9 + + if ord(ctx[0xF]) & 4 != 0: # 0 + result = result | 10 + + if ord(ctx[0xF]) & 2 != 0: # 0 + result = result | 0xC + + if ord(ctx[0xF]) & 1 != 0: # 0 + result = result | 0x23 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[0x10]) > 127: # 0 + result = result | 7 + + if ord(ctx[0x10]) & 0x40 != 0: # 0 + result = result | 0x2B + + if ord(ctx[0x10]) & 0x20 == 0: # 1 + result = result | 0x21 + + if ord(ctx[0x10]) & 0x10 == 0: # 1 + result = result | 0x28 + + if ord(ctx[0x10]) & 8 != 0: # 0 + result = result | 0x2B + + if ord(ctx[0x10]) & 4 != 0: # 0 + result = result | 4 + + if ord(ctx[0x10]) & 2 != 0: # 0 + result = result | 8 + + if ord(ctx[0x10]) & 1 == 0: # 1 + result = result | 0x26 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[0x11]) > 127: # 0 + result = result | 0x1E + + if ord(ctx[0x11]) & 0x40 == 0: # 1 + result = result | 0x11 + + if ord(ctx[0x11]) & 0x20 != 0: # 0 + result = result | 2 + + if ord(ctx[0x11]) & 0x10 != 0: # 0 + result = result | 0x19 + + if ord(ctx[0x11]) & 8 != 0: # 0 + result = result | 0x29 + + if ord(ctx[0x11]) & 4 == 0: # 1 + result = result | 0x18 + + if ord(ctx[0x11]) & 2 == 0: # 1 + result = result | 3 + + if ord(ctx[0x11]) & 1 != 0: # 0 + result = result | 0x1D + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[0x12]) > 127: # 0 + result = result | 0x1A + + if ord(ctx[0x12]) & 0x40 != 0: # 0 + result = result | 0x25 + + if ord(ctx[0x12]) & 0x20 == 0: # 1 + result = result | 0x26 + + if ord(ctx[0x12]) & 0x10 == 0: # 1 + result = result | 0x11 + + if ord(ctx[0x12]) & 8 == 0: # 1 + result = result | 0x1A + + if ord(ctx[0x12]) & 4 != 0: # 0 + result = result | 0x28 + + if ord(ctx[0x12]) & 2 != 0: # 0 + result = result | 0x15 + + if ord(ctx[0x12]) & 1 != 0: # 0 + result = result | 0x10 + + """""" """""" """""" """""" """""" """""" """""" """""" """""" """""" + + if ord(ctx[0x13]) > 127: # 0 + result = result | 0x27 + + if ord(ctx[0x13]) & 0x40 == 0: # 1 + result = result | 0xB + + if ord(ctx[0x13]) & 0x20 == 0: # 1 + result = result | 0x21 + + if ord(ctx[0x13]) & 0x10 != 0: # 0 + result = result | 0x2C + + if ord(ctx[0x13]) & 8 == 0: # 1 + result = result | 0x1C + + if ord(ctx[0x13]) & 4 == 0: # 1 + result = result | 0xD + + if ord(ctx[0x13]) & 2 != 0: # 0 + result = result | 0x14 + + if ord(ctx[0x13]) & 1 != 0: # 0 + result = result | 0x14 + + # 00110110 00110111 01101011 01010111 00110110 01011001 01101110 01001011 01110110 01010100 01110000 01100001 01110001 01101111 01000010 01011000 00110001 01000110 00111000 01101100 + + return result == 0 + + +def main(): + parser = argparse.ArgumentParser() + parser.add_argument("-s", "--binary_str", required=True, dest="in_str", type=str) + args = parser.parse_args() + + target_str = "".join([chr(int(x, base=2)) for x in args.in_str.split()]) + print(target_str) + + start_t = time.time() + if verify(target_str): + print("OMG") + print(args.in_str) + print(target_str) + end_t = time.time() + print(f"checked string in {end_t-start_t} seconds") + + +if __name__ == "__main__": + main() diff --git a/Dojo Notes.md b/Dojo Notes.md new file mode 100644 index 0000000..c0fae86 --- /dev/null +++ b/Dojo Notes.md @@ -0,0 +1,115 @@ +# CSE 545 pwn.college Dojo + +## Project 01 Linux Lifter + +### .05 - find + +- `find / randomly_placed_file` - way too many files +- read the man page. `find -name randomly_placed_file` found it +- didn't specify a folder to search in tho, ig it's cuz cwd is / + +### .06 - find and exec + +- "Optional Exercise: Why do they think it worked with `-exec` parameter of the `find` command, but we get permission denied using standalone `cat` command? Hint: SUID bit was set for the `find` command." +- indeed, we see that `/usr/bin/find` has its *setuid* bit set: +![-rwsr-xr-x 1 root root 320160 Feb 18 2020 /usr/bin/find*](ss1.png) +- [see here](https://unix.stackexchange.com/a/389706/595039) for find stuff +- `find / -name random_cant_flag -exec cat {} ';'` worked + +### .07 - return code + +- `$?` is the return code of the last executed command +- range 0 to 255 + +### .08 - python + +- SUID on python this time + +### .11 - search me + +- `/challenge/tester.sh` is printing `/flag` but the file is missing +- `/challenge/cp` has SUID bit set +- preliminary find revealed a possible file deep in `/tmp` +- `find /tmp/that/full/path -name flag -exec /challenge/cp {} /flag ';'` + +### .12 - hash it out + +- used online tool to generate SHA256 + +### .13 - hash full + +- here we go +- a-z, 6 spaces, so 26^6 possibilities +- plaintext is 6 letters, so 48 bits. hash is SHA256 so 256 bits. +- storage per line:`` that's 304 bits, 312 if including newline character +- total storage exceeds 11GB!! +- refinement 1: 256-bit hash is pretty unique. if we cut down on the portion of the hash stored, we should be able to save a ton of space while only slightly increasing the margin of error. let's assume plaintext has to be stored entirely for now, so total per line is 184 bits. +- eh fk it, just generated all permutations. 22GB storage, 20 min to generate, search using VSCode search took a few more minutes + +## Project 02 Unwinding Binaries (Reversing) + +### .01 - looking inside + +- not sure how to use ghidra, didn't seem to work either +- `angr decompile /challenge/run` revealed a `strcmp` with the key, ez + +### .02 - the mangler + +- 'mangling' is just subtracting 3 from the char's ascii value. so just add 3 to the key + +### .03 - xor plus + +- mangling is adding 3 then xor with 2. so just xor with 2, then subtract 3 + +#### lab 2a.02 + +![lab code snippet](ss2.png) + +- ascii values + +### .04 - solve for x + +- NOTE: angr screwed up, and gave an incorrect result (== instead of !=) +- use ghidra (GUI) or [dogbolt](https://dogbolt.org) for binaries under 2MB +- anyway, math solving: + - we get a few eqns: + - v1 = v0 - 24223 + - v3 = 5v2 - 129519 + - use these eqns to reduce from brute-force 4 nested loops to 2 nested loops + - then verifying the rest gets us one soln +- runtime < 3 seconds + +### .05 - extra verification + +- angr just straight up hangs lol +- holy sh*t so many if statements +- boils down to byte by byte, check 1 or 0, check +ve or -ve (MSB) + - 00 - 00110111 + - 01 - 01000111 + - 02 - 01000011 + - 03 - 01010110 + - 04 - 00110100 + - 05 - 01010010 + - 06 - 01011010 + - 07 - 01001001 + - 08 - 01000001 + - 09 - 00110100 + - 10 - 01011001 + - 11 - 00111000 + - 12 - 01111001 + - 13 - 00110011 + - 14 - 01110011 + - 15 - 01001000 + - 16 - 00110101 + - 17 - 00111000 + - 18 - 01101010 + - 19 - 01010111 (binary ninja and hex-rays disagreed on this, binary ninja was right) +- could have automated this smh + +### .06 - extra verification II + +- first ordered all if statements to get bitwise order of the string (hell.) +- for result to be 0 at the end, just don't modify it at all +- so for each if statement, check which of 0/1 makes it false (find and replace ftw) +- ascii string is 67kW6YnKvTpaqoBX1F8l +- really should have automated this diff --git a/README.md b/README.md new file mode 100644 index 0000000..ab66706 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# Assignments for Fall 2024 CSE545 - Software Security at ASU diff --git a/ss1.png b/ss1.png new file mode 100644 index 0000000..c5aefaf Binary files /dev/null and b/ss1.png differ diff --git a/ss2.png b/ss2.png new file mode 100644 index 0000000..45a9462 Binary files /dev/null and b/ss2.png differ