ALL THE CODES!

This commit is contained in:
RunasSudo 2017-02-06 22:50:55 +10:30
parent 6e7258c89f
commit 1fa656ddc6
Signed by: RunasSudo
GPG Key ID: 7234E476BF21C61A
2 changed files with 43 additions and 10 deletions

View File

@ -342,4 +342,4 @@ result = (data_0f73 ^ data_0f74) ^ data_0f75
print('0x{:04x}'.format(result)) print('0x{:04x}'.format(result))
``` ```
And with that, we can now programmatically generate every code for any challenge binary! And with that, we can now [programmatically extract *every single code* given any challenge .tgz!](https://github.com/RunasSudo/synacor.py/blob/master/tools/generate_codes.py)

View File

@ -15,8 +15,10 @@
# You should have received a copy of the GNU Affero General Public License # You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
import re
import struct import struct
import sys import sys
import tarfile
IV_LEN = 3 IV_LEN = 3
CODE_LEN = 12 CODE_LEN = 12
@ -43,12 +45,24 @@ def generate_code(R1, R2, R3, R4):
done = True done = True
R7 = R2data[R7] R7 = R2data[R7]
code += chr(R7) code += chr(R7)
return code return code
def mirror_code(code):
alphabet1 = 'dbqpwuiolxv8WTYUIOAHXVM'
alphabet2 = 'bdpqwuiolxv8WTYUIOAHXVM'
mirrored_code = ''
for letter in reversed(code):
if letter not in alphabet1:
raise Exception('Cannot mirror unknown letter ' + letter)
mirrored_code += alphabet2[alphabet1.index(letter)]
return mirrored_code
# Read code into memory # Read code into memory
SYN_MEM = [0] * 32768 SYN_MEM = [0] * 32768
with open(sys.argv[1], 'rb') as data: with tarfile.open(sys.argv[1], 'r:gz') as challenge_file:
with challenge_file.extractfile('challenge.bin') as data:
i = 0 i = 0
while True: while True:
byteData = data.read(2) byteData = data.read(2)
@ -57,6 +71,11 @@ with open(sys.argv[1], 'rb') as data:
SYN_MEM[i] = struct.unpack('<H', byteData)[0] SYN_MEM[i] = struct.unpack('<H', byteData)[0]
i += 1 i += 1
# Extract first code
with challenge_file.extractfile('arch-spec') as data:
spec_data = data.read().decode('utf-8')
print(re.search(r"Here's a code for the challenge website: (............)", spec_data).group(1))
# Emulate 06bb # Emulate 06bb
for R2 in range(0x17b4, 0x7562): for R2 in range(0x17b4, 0x7562):
R1 = SYN_MEM[R2] R1 = SYN_MEM[R2]
@ -64,6 +83,20 @@ for R2 in range(0x17b4, 0x7562):
R1 ^= 0x4154 R1 ^= 0x4154
SYN_MEM[R2] = R1 SYN_MEM[R2] = R1
# Basic codes
print(bytes(SYN_MEM[0x00f5:0x010c:2]).decode('utf-8'))
R1 = 0x68e3
R3 = (SYN_MEM[0x0426] + SYN_MEM[0x0427]) % 0x8000
strlen = SYN_MEM[R1]
strbuf = ''
for i in range(strlen):
encrypted = SYN_MEM[R1 + 1 + i]
decrypted = encrypted ^ R3
strbuf += chr(decrypted)
print(re.match(r"The self-test completion code is: (............)", strbuf).group(1))
# Generated codes
# Calls to 0731 # Calls to 0731
CODE_PARAMS = [ CODE_PARAMS = [
(0x0058, 0x650a, 0x7fff, 0x6e8b), # R1 from the maze (0x0058, 0x650a, 0x7fff, 0x6e8b), # R1 from the maze
@ -74,4 +107,4 @@ CODE_PARAMS = [
] ]
for cp in CODE_PARAMS: for cp in CODE_PARAMS:
print(generate_code(*cp)) print(generate_code(*cp) if cp[1] != 0x653f else mirror_code(generate_code(*cp)))