Can you crack it? – a few hints

The Can you crack it? challenge, run by GCHQ, is ending soon, so here are a few hints to those trying to crack the code. I’ll try not to give too much away, but this should be a help to people who are stuck.

Stage 1 (the code on the website)

For this stage, a Linux computer definitely helps. The Linux file command can reveal (misleadingly) a bit about the code once it is converted to binary. Also note that there is more to the code than is shown on the website – try to find more!

Using GDB to get a memory dump from the program is an easy way to get an answer once you’ve figured out what the code is.

Stage 2

This stage is less of a code cracking challenge, and more of a straight forward programming task. Very little information is provided about what you actually need to do in this stage, however it is useful to know that operand 1 is always an index of a register, starting at 0; even in commands such as movm, the memory address is taken from the selected register, then used to get the value in the memory.

The jmp commands which don’t specify the row of a segment always use cs (this is what it’s for). The jmp commands which specify a register should then also set cs.

The program is self modifying – the program first decodes another part, then runs it. Make sure your program can do this.

Stage 3

Download cygwin and run the program from within it. You need to make a file called ‘license.txt’ containing information which the program will use to give you the password.

Use a disassembler (such as IDA Pro free) to see what the program does. Try to find out what you need to put in license.txt to make it continue.

The extra numbers are located in the previous steps. Look for unused code in Stage 1 and unused numbers in Stage 2 to find numbers that might go here.

I hope these hints will help people having a go at this challenge without giving too much away.