Yesterday Lisa shared a systems programming assignment. The course started in September. I recently wrote about a homework assignment where I had to reverse-engineer C code from assembly. What I saw yesterday is another level up. Essentially, it’s a practical task in reverse engineering under Linux.
Look, the assignment is a Linux-compiled executable file with all optimizations enabled. The file can only be run on a server, which is accessible via SSH. To make it interesting, it’s sort of a bomb, and you need to defuse it—supply a specific set of input data that will lead to victory messages, not an “explosion.” Figuring out which data to input requires analyzing the logic of the “black box.” Guessing won’t help; you need to take objdump disassembler in hand and go forward. Each run of the program reports the results back to the server. Every failed attempt deducts points. There are seven phases. You must “defuse” from the simplest to the most complex. If you falter at phase X, moving forward is pointless. There are also various secret levels which the program reports to the server, and nothing is known about them except that they exist somewhere.
The logic at phases five and six is quite complex. I mean, it’s complex everywhere, but especially at phase five and six. First, it has no other purpose but to be complex. For instance, there are recursions and some non-obvious checks and modifications added just “off the top of the head.” Secondly, finding the answer by brute force is either impossible or takes a very long time. Technically, you could, of course, (create a separate class in C, link it to the executable, and call these functions in a loop, cycling through options), but for most tasks there are too many variables to just stumble upon the right answer. Additionally, you must be cautious because you need to figure out if the program reports back to the server during such calls (and deducts points).
Binary Ninja helps a bit, but lies because of the enabled optimizations, and Angr, Ghidra, and similar tools also lie, each in different ways.
Each student receives a personalized assignment with their own functions, apparently generated randomly. So, it seems you cannot simply copy the answer.
In general, Lisa—the architect (of buildings, interiors) is leveling up. I can’t say how useful this will be to an architect, but kudos to the computer science department at university—they’ve done well.
Today she has an exam in this subject. Good luck!
Hi, I'm Rauf Aliev. 