Hacking Chernobyl, Almost...

I return to the microcorruption.com CTF and almost manage to hack Chernobyl

Every once in a while, when I get some time, I got back to Microcorruption CTF and mess around with another level. I'm fairly far along, having gotten past 17 levels so far (well, truthfully, 16 since I cheated and looked up the details on one of them out of frustration). I didn't keep notes for the early ones, but I started just writing down some thoughts and annotating the assembly code for each since then at leeaustinadams/microcorruption_ctf.

After having done that, I vowed to get through the next one completely on my own. Enter "Chernobyl". Raw notes and annotated assembly can be found in that GitHub repository.

chernobyl

I managed to pull of the hack I was working towards, it said "Access granted." but had I been reading the code a little more critically I would have noticed that that does not actually unlock the lock because nowhere in the code is there a call to the interrupt that does that. So where does that leave us? We must have to execute some of our own code to do it. I did go find some information from other folks who have beaten this level, just to see if there was something I'm missing, but I ended up finding out that just getting a user with access granted is not enough. I'm disappointed because I felt like I really dove into this one and didn't want any hints, but oh well. I tried not to read any specific details, but from this site I came to realize we have to hijack the heap. I tried not to completely spoil it so maybe I'll spend some time on that and post a part 2.