Tuesday, September 22, 2015

CSAW 2015 Reversing 200 - Hacking Time

Description: We're getting a transmission from someone in the past, find out what he wants.

First, I opened up this cool NES game in FCEUX, an NES emulator. It had some funny stuff like, "overflowing the buffer" by pressing (A). Then it wanted a password to disable a lockdown. Lucky for me, FCEUX has a RAM Search tool. I changed the first character in the game to 'A' and pressed enter to see if anything changed. There are some values that changed exactly once after hitting enter, so I decided to look there. While scrolling through my options for the first character I noticed that a corresponding character in memory eventually reached 0. I guessed this was probably some sort of string comparison so 0 means that I have the correct character selected. From here I just went to each character position in the game and changed it until the value in RAM was 0 for the corresponding character. Eventually, I got the password:

No comments:

Post a Comment