Assembly job offer... "Follow the white rabbit" solution

In a cold Novemeber night I was standing at a bus stop and saw and advertisement on the streets of Wrocław. What was odd about it it was written purely in assembly.

23926567_10211888897952419_3769252655839556878_o

Ok, to tell you the truth I was nothing like that. In reallity I was just browsing through my Facebook wall and see this on my screen.

Imeddiately I wanted to have a look at it but since the quality wasn't that good it might be a bit of a problem. Fortunatelly the URL page was clearly visible at the bottom so we could get the code and not to retrype it. So let's visit the url: https://git.io/vFmiE

There's not that much assembly going there so what I did was to analyze it an write a short python script to revers it. What Might ba a problem is only those 5 bytes just before .A.

The assmebly is not complex, we can indentify a loop over the bytes, defined at the bottom. 0x21 is subsctracted from each character and then based on the value we do one of two things:

  • if value is greater than 0x5d then we jump to .B where we move to the next char and jump 11 bytes back (we will analyze later what that is)
  • if value is less than 0x4f we juma to .A, where we add 0x2f and fall through the .B.

Ok, now what is with this jumping back 11 bytes. If we try to translate those bytes to the instruction(s) we will get an error but from the use of $-11 we can deduct that we will be jumping in the middle of the instruction and if we drop the first byte and decompile we get what's probably there:

mov al,1
int 0x80

so simply exit. Knowing this we can write a solution script. It would look like like that

Running it we get:

5dc2a48c125fe0f157f8b2fa2c71e83.com

So it looks like it might be more fun. After landing on the page we see a bit of a C++ code with the request to find the mistake in code and send the correct result.

From reading the code we can identify what might be as a Fourier transform (name of the method suggests that).

My assumption was that the error would be there as the code compile and calcualted some results. After checking on the internet how Fourier was supposed to be calculated it was obvious that even and odd values are mixed. What was left was to change the '+' for '-' and calculate the new result.

The correct algorithm is here:

Run it, paste the output in the form on the page and...error. Solution not correct. Information about spaces? Should I remove them? Hmm...WTF? I've struggle a bit here but in the end managed to figured it out.

My first mistake was that I did not noticed that the input is changed every time the page refreshed, so I've needed to update my script each time.

The second mistake was that I've missed one space at the end of the output.

nokia_it

Done.