POL1TC@L HOOK
  • Home
  • About
  • Cyber Security
  • Politics
  • Sports
  • Contact

microcorruption: level 2 - sydney

6/13/2019

 
​This the second level of Microcorruption. If you haven’t seen the first level, please go back.
Let’s Begin!
 
This level is slightly more difficult than the previous level, but again nothing strenuous. Scrolling through the disassembly we again see the check_password function. Quick analysis of it shows several compare functions (cmp). This shows us its comparing our input to a hard-coded password little by little.
​ 
Picture

​Converting these Hex values gives us the following password: Sl)pQ/*b
However, we must take into account the endianness of the system. Simply put, there are two ways to arrange data in memory, big endian and little endian.
In big-endian the most significant byte, the byte containing the most significant bit (the leftmost byte), is stored first, at the lowest address. The least significant byte, then, has the higher address.
In little-endian the least significant byte, (the rightmost byte) is stored first, at the lowest address. The most significant byte, then, has the higher address.
The diagram below explains how this works. 
​
Picture

​This essentially means we have to change the alphabetical order of our passwords around. E.g the first hex value may be “0x536c = Sl”, this in reality should be “lS”. The endianness switches the position of the letters around. Doing this for all hex values gives us the correct password: lSp)/Qb*

Comments are closed.

    Archives

    February 2024
    January 2023
    December 2022
    March 2020
    June 2019
    January 2019

    Categories

    All
    Malware
    Privilege Escalation
    Python
    Reverse Engineering
    Splunk

Powered by Create your own unique website with customizable templates.
  • Home
  • About
  • Cyber Security
  • Politics
  • Sports
  • Contact