Special instruction challenge

Some programs using the special instruction are running
on GDB simulator with special instruction patches.
You can connect to the remote debugging server and debug the programs.
Besides, you can download the program for password using similar special instruction.
Let's guess the specification of the special instruction and execute the program for password.

Running ProgramPort of Remote Debugging Server
Blackfin10000
MSP430 10001
MN10300 10002
V850 10003
MIPS64 10004

Program for password to commit your team flag
(Updated every 5 minutes)

This program uses similar special instruction too.
You can execute this program on the simulator implemented with
the similar special instruction and get the password to commit your team flag.
Also, you can use the simulator on this server too, but this server has many limits,
and some other architectures without the debugging server are discovered.

Flag page

CONNECT TO THE SERVER

  • Connect to the remote debugging server. 
    Example:

$ bfin-elf-gdb bfin-elf.x
(gdb) target remote <address of this server>:10000
(gdb) break main
(gdb) continue

ATTACK POINTS

  • The running program decrypts and outputs attack keyword.
  • Submit the attack keyword to the score board. (ATTACK POINTS)

DEFENSE POINTS

  • You can execute the program for password on the simulator with the similar special instruction.
  • If you get the password, commit your team's defense keyword to this server as below, 
    $ echo "<password> <keyword>" | nc <address of this server> 9999
  • The committed keyword is registered with the flag page in realtime. (DEFENSE POINTS)
  • The program for password is updated every 5 minutes.

INFORMATION

  • These programs are running on gdb-7.12.1 with special instruction patches.
  • But, the special instruction patches are closed.
  • This system is based on Linux.
  • Marsaglia (2003/07). "Xorshift RNGs". Journal of Statistical Software Vol.8 (Issue 14).
    http://www.jstatsoft.org/v08/i14/paper

DOWNLOAD

LIMITS OF THIS SERVER

  • The big mount of execution of instructions are canceled.
  • Many execution of the special instruction are canceled. (several hundreds)
  • The server gets input until the limit of size. (several kilo bytes)
    Setting registers needs high cost. You can check the traffic by the following setting. 
    (gdb) set debug remote 1
  • A long connection is disconnected automatically. (several minutes)
  • A request of a connection in a short interval is ignored. (several seconds)