Kat H.

asked • 05/23/21

Computer Assembly/Architecture. Your task is to figure out what password to enter to get a message saying you have been granted access.

Computer Assembly/Architecture


Download the lousylogin program. It works similar to the login program that controls access to UNIX systems, except that instead of actually granting or denying access to anything, it just prints messages, and also it is terrible.


When you run lousylogin, it will prompt you for a username; use your actual username from your email (for example johnsmith2). Then, it will prompt you for a password. Your task is to figure out what password to enter to get a message saying you have been granted access. Just getting the right answer isn’t enough; it's expected of you to explain how you found the answer and include snippets from using gdb to gather evidence. Put together a document that includes your username and shows what password will grant you access, and how you know.


There is another program included in the download, named verylousylogin. It is not super bad, because some techniques that will solve lousylogin do not work on verylousylogin.


lousylogin:

Dump of assembler code for function main:

  0x0000000000000850 <+0>: push %rbp

  0x0000000000000851 <+1>: mov %rsp,%rbp

  0x0000000000000854 <+4>: callq 0x7aa <checkpassword>

  0x0000000000000859 <+9>: test %eax,%eax

  0x000000000000085b <+11>: je 0x86b <main+27>

  0x000000000000085d <+13>: lea 0xc2(%rip),%rdi # 0x926

  0x0000000000000864 <+20>: callq 0x640 <puts@plt>

  0x0000000000000869 <+25>: jmp 0x877 <main+39>

  0x000000000000086b <+27>: lea 0xc4(%rip),%rdi # 0x936

  0x0000000000000872 <+34>: callq 0x640 <puts@plt>

  0x0000000000000877 <+39>: mov $0x0,%eax

  0x000000000000087c <+44>: pop %rbp

  0x000000000000087d <+45>: retq

End of assembler dump.

(gdb)



verylousylogin:

Dump of assembler code for function main:

  0x00000000000009d8 <+0>: push %rbp

  0x00000000000009d9 <+1>: mov %rsp,%rbp

  0x00000000000009dc <+4>: callq 0x907 <checkpassword>

  0x00000000000009e1 <+9>: test %eax,%eax

  0x00000000000009e3 <+11>: je 0x9f3 <main+27>

  0x00000000000009e5 <+13>: lea 0xc1(%rip),%rdi # 0xaad

  0x00000000000009ec <+20>: callq 0x6e0 <puts@plt>

  0x00000000000009f1 <+25>: jmp 0x9ff <main+39>

  0x00000000000009f3 <+27>: lea 0xc3(%rip),%rdi # 0xabd

  0x00000000000009fa <+34>: callq 0x6e0 <puts@plt>

  0x00000000000009ff <+39>: mov $0x0,%eax

  0x0000000000000a04 <+44>: pop %rbp

  0x0000000000000a05 <+45>: retq

End of assembler dump.


1 Expert Answer

By:

Gabriel T. answered • 04/30/25

Tutor
New to Wyzant

Hi, I'm Gabriel! I'm excited to share my love of computers!

See tutors like this
See tutors like this

As I see it there are two approaches to this. Best bet I figure would be to debug it with a tool like gdb. Set break points and set through watching the movement of memory and registers.

You could always brute force, but there is the lesser approach.

Upvote 0 Downvote
More
Report

Still looking for help? Get the right answer, fast.

Ask a question for free

Get a free answer to a quick problem.
Most questions answered within 4 hours.

OR

Find an Online Tutor Now

Choose an expert and meet online. No packages or subscriptions, pay only for the time you need.