# GynvaelEN mission 011 


# cat mission_11-firmware.txt
# Number of arguments this code object expects
co_argcount 1
# Tuple of constant objects
co_consts (None, '4e5d4e92865a4e495a86494b5a5d49525261865f5758534d4a89', 'hex', 89, 255, 115, 50)
# Flags
co_flags 67
# Function name
co_name check_password
# Names used
co_names ('decode', 'len', 'False', 'all', 'zip', 'ord')
# Number of local variables
co_nlocals 4
# The depth of the stack
co_stacksize 6
# Argument names
co_varnames ('s', 'good', 'cs', 'cg')

      0 LOAD_CONST          1  stack[0] = '4e5d4e92865a4e495a86494b5a5d49525261865f5758534d4a89'
      3 LOAD_ATTR           0  names[0] # decode
      6 LOAD_CONST          2  stack[1] = 'hex'
      9 CALL_FUNCTION       1  stack[0] = 'N]N\x92\x86ZNIZ\x86IKZ]IRRa\x86_WXSMJ\x89' # 26
     12 STORE_FAST          1  good = 'N]N\x92\x86ZNIZ\x86IKZ]IRRa\x86_WXSMJ\x89' # 26; stack is empty
     15 LOAD_GLOBAL         1  stack[0] = 'len'
     18 LOAD_FAST           0  stack[1] = 's'
     21 CALL_FUNCTION       1  ?; stack is empty
     24 LOAD_GLOBAL         1  stack[0] = 'len'
     27 LOAD_FAST           1  stack[1] = 'good'
     30 CALL_FUNCTION       1  26; stack is empty
     33 COMPARE_OP          3 (!=) len(s) != len(goog)
     36 POP_JUMP_IF_FALSE  43    if eq goto 43
     39 LOAD_GLOBAL         2    else stack[0] = 'False'
     42 RETURN_VALUE   return 'False'
>>   43 LOAD_GLOBAL         3    stack[0] = 'all'
     46 BUILD_LIST          0    stack[0] = ['all']
     49 LOAD_GLOBAL         4    stack[1] = 'zip'
     52 LOAD_FAST           0    stack[2] = 's'
     55 LOAD_FAST           1    stack[3] = 'good'
     58 CALL_FUNCTION       2    stack[0] = zip(s, good)
     61 GET_ITER      stack[0] = iter(zip(s, good))
>>   62 FOR_ITER           52 (to 117)
     65 UNPACK_SEQUENCE     2    stack[1] = s[i], good[i]
     68 STORE_FAST          2    cs = s[i]
     71 STORE_FAST          3    cg = good[i]
     74 LOAD_GLOBAL         5    stack[0] = 'ord'
     77 LOAD_FAST           2    stack[1] = cs
     80 CALL_FUNCTION       1    stack[0] = ord(cs)
     83 LOAD_CONST          3    stack[1] = 89
     86 BINARY_SUBTRACT     stack[0] = ord(cs) - 89
     87 LOAD_CONST          4    stack[1] = 255
     90 BINARY_AND      stack[0] = (ord(cs) - 89) & 255
     91 LOAD_CONST          5    stack[1] = 115
     94 BINARY_XOR      stack[0] = ((ord(cs) - 89) & 255) ^ 115
     95 LOAD_CONST          6    stack[1] = 50
     98 BINARY_XOR      stack[0] = (((ord(cs) - 89) & 255) ^ 115) ^ 50
     99 LOAD_GLOBAL         5    stack[1] = 'ord'
    102 LOAD_FAST           3    stack[2] = cg
    105 CALL_FUNCTION       1    stack[1] = ord(cg)
    108 COMPARE_OP          2 (==)  computed_cg == cg
    111 LIST_APPEND         2
    114 JUMP_ABSOLUTE      62    goto 62
>>  117 CALL_FUNCTION       1
    120 RETURN_VALUE

# cat mission_11.py
password = ''

for i in '4e5d4e92865a4e495a86494b5a5d49525261865f5758534d4a89'.decode('hex'):
    password += chr(255 & (89 + (ord(i) ^ 50 ^ 115)))

print password

# python mission_11.py
huh, that actually worked!

Source

https://www.youtube.com/watch?v=s5gOW-N9AAo (1:46:20)
Posted by t0n1
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)