Wednesday, January 22, 2014

Microcorruption - New Orleans


Matasano and Square have created a fun little CTF that simulates a little embedded hardware hacking. They've simulated a debugger that is running on a lock that you access through your browser. The tutorial and the New Orleans challenge involve determining what the password is for a lock in order to move on.

New Orleans

This challenge starts off with a description of the lock with no real useful information in it. 

So off we go into the debugger! 

If you run the program, it asks you to enter a password. Since we don't know what it is we can enter random text and see how the program processes it. 

Entering in some string like, "test", and continuing execution we are ushered quickly out of the program. :(

Bugger, now we'll have to step through and see what it may be doing. Looking at main we see a few interesting items...

The check_password and get_password functions might be worth looking into. The check_password function looks like this:

Before this function is called, it should be mentioned that r15 holds the location in memory of the password that you entered in. What this function looks like it does is compare the string held at r13, which is assigned from r15, to the memory location at 0x2400. Looking in the Live Memory Dump section for whats held at 0x2400 we see this:

At this point we can take a wild guess that the first password is p:J>>V`


This is a pretty fun CTF. I'm looking forward to checking out the other challenges. I'll try and write them up as I go along, but I stink so I'm guessing I'll only be able to get the first challenge =P


  1. I feel best essay writing service could use your helpit is quite rare to find who can manouvre around the fuzzing vulnserver with peach 3 since most servers do not accept tp connections this is such a big deal

  2. Vest Nice blog for learning new things,thanks for such beautiful blog.
    below some new idea plz check once.
    ivanka hot

  3. I strongly recommend the service of a GREAT Hacker to you and his email is
    ( I have used him quite a number of times and he has never disappointed me.

    He does all types of mobile hacks, get unrestricted and unnoticeable access to your Partner/Spouse, Skype, Facebook Account, Email(s), Whatsapp, Instagram, Text messages, In coming and Out going calls, Twitter, Snap Chats, Bank accounts, Deleted files,bitcoin address etc. He can also help you boost your credit score limit and also clear all debts on your card(s).

    Getting the job done is as simple as sending an email to ( stating what you want to do.and his services is cheap and affordable.

  4. Beware of scammers i have been scammed 3 times because i was trying to know if my husband was cheating until i met this hacker named; ( who helped me hack into my spouse phone for real this great hacker hacked into my spouse whats-app messages,Facebook messages.text messages,call logs,deleted text messages,bitcoin account and many more i was impressed with his job and he brought me results under 24 hours believe me he is real and his services are cheap and affordable.

  5. Hello everyone on here, I have found the real hacker ( is the best and reliable for all your hack.
    Thank you once again keyloggershacker for your job. I promised to announce to everyone that you are the best, I know you are seeing this now.
    He can hack into any emails, Twitter, Instagram, Facebook, Text messages...please tell him Kimberly referred you to him

  6. I have been through thick and thin all in search for trustworthy and efficient hacker, For

    me it wasnt about the money all i needed was an hacker who could do what he said he could

    do, after been scammed by several imposters claiming to be hackers i was referred by a

    friend of a friend to contact; who offered me top notch services.

    I am only doing all this for the genuine people out there like me desperately in need of a

    hacker you have just been shown the truth, do mention Kimberly when contacting him


  7. Gaining access into my wife’s device was not that easy, as my expertise wasn’t that much not until I told AFONKAPETROV@TUTANOTA.COM about this. He helped in cracking the AES (Advanced Encryption Standard) and EXPLOITING all VULNERABILITIES in the device hereby providing a thorough access to the mobile’s data. After all, it was not a waste of effort. There was SEVERE INFIDELITY on her part. Now, I guess I need the divorce immediately and child custody too.

  8. If you really need a professional hacker to hack your cheating boyfriend's/girlfriend's/spouse phone, whatsapp, facebook, bank account hack etc. Or credit score upgrade, I would recommend
    He has proven to be trustworthy, His jobs are fast and affordable. He has carried out over 3 jobs for me including helping me hack my ex wife's mobile phone and i can't forget when he cleared my credit card debts and improved my credit score to 750. I can put my money on him at anytime!. He's one of the best out there. Spreading the word as my little favor to him for all he's done. Thank me later.

  9. The worst feeling is you knowing that your partner is cheating on you but you
    don’t have any evidence against him, this was the feeling I battled with for like
    4 months. I tried using the app it didn’t work perfectly. It was until I saw a referral on here about that was how i was saved. He gave me access to my husband’s whatsapp, Facebook account, Instagram and gmail account without his notice and that was how I got all the evidences needed to confronted him, he couldn’t deny it. I had to break up with him, who else would want to stay with a cheater. I’m happy for this great help, if you need similar help to hesitate to reach out. He’s reliable.

  10. I had a fruitless search for a lover, all F.A.K.E acquaintances. I even lost a bit above 39,400 EURO. My worst experience, but I didn’t let him go with this. I had reported this case to AFONKAPETROV@ TUTANOTA. COM . I was able to recover funds he stole from me as a result of AFONKA’S ADVANCED PENETRATION into HIS MOBILE PHONE LINKED TO HIS BANK, SNIFFED HIS MAILS AND WAS ABLE TO H.A.C.K INTO HIS BITCOIN WALLETS. We gained more than I lost and shared BTC with AFONKA. I am so delighted, even donated to charity. I don’t think I’ll try to find love online ever again. It wasn’t a good experience.

  11. MY NIECE HAD ISSUES IN COLLEGE and needed some grades upgraded discreetly, I was directed to contact AFONKAPETROV@ TUTANOTA. COM This was a major breakthrough for us from her failure. The reason behind this was due to s.e.x.u.a.l a.s.s.a.u.l.t.s by the College Professor. This instigated failure for my niece. We had reported the case earlier and nothing was done. Anyway, her grades were successfully changed.


  12. CONTACT US FOR ALL KINDS OF HACKING JOB @ We offer professional hacking services , we offer the following services;
    -University grades changing
    -Bank accounts hack
    -Erase criminal records hack
    -Facebook hack
    -Twitters hack
    -email accounts hack
    -Grade Changes hack
    -Website crashed hack
    -server crashed hack
    -Skype hack
    -Databases hack
    -Word Press Blogs hack
    -Individual computers hack
    Control devices remotely hack
    -Burner Numbers hack
    -Verified Paypal Accounts hack
    -Any social media account hack
    -Android & iPhone Hack
    -Text message interception hack
    -email interception hack
    -Untraceable Ip etc.
    Contact us at or text or call (601) 357-3187 for more inquiry..
    Track Calls log and Spy Call Recording.
    Monitoring SMS text messages remotely.
    Cell phone GPS location tracking. Spy on Whatsapp Messages.
    Free Update and 100% Undetectable.
    Track BBM messages and Line messages. Track Internet Browsing History and Read phone Access Address Book, totally worth your money, please no time wasters, he won't under any circumstances work for free, you can reach him by email or add on Hangout or call on (601) 357-3187 and text

  13. hello i just want to bring to your notice an easy way of becoming a millionaire.I read about a blank ATM card & decided to reach out to this vendor, he then gave me the guidelines & proof of how the card was cloned. Though i wasn’t sure about their services but they assured me of safe & geniue transaction if i obliged to their terms and conditions which i eventually agreed to & 4days later i was delivered a card by the Delivery service which was sent from this hacker. I was shocked when the card dispensed $2000 instant, I've been able to cash out $10k...All thanks to you guys, you can email this real and reliable hacker via email: ( or whatapp +1 (516) 494 0313  

  14. They are all scammers, they will make you pay after which they will give you an excuse asking you to pay more money, they have ripped me of $2000, i promised i was going to expose them.
    I figured it all out when my colleague took me to Pavel

    CELL PHONE +16692252253

    He did perfect job, he hacks all accounts ranging from (Emails, Facebook, whatsapp, imo, skype, instagram, Phone cloning, DMV removal, tracking locations, background checks Kik etc. he also hacks cell phones, cell phone tapping and cloning, clears bad driving and criminal records, bank transfers, locates missing individuals e.t.c. You should contact him and please stop using contacts you see on websites to execute jobs for you, you can ask around to find a real hacker.