CRACK Solution

BACK SEVEN

CRACK subtractive cipher

In-game screenshot of BACK SEVEN
In-game view
FamilyCRACK Graph0.226 DifficultyEasy Ring02 IDg12_easy1

Prerequisites

PEAK SELECT

Unlocks

TONE BURST

Accepted input DOOR
Techniquesubtractive cipher Rulenonzero SampleDOOR

Walkthrough

Four bytes. The crackme knocks 7 off every char you type before it checks. Feed it the word that lands on the stored targets.

Subtractive cipher: the check does plain minus 7, so add 7 back to each target to read the password.

Hints

  • HINT 1: Length is locked at 4. Note the sub 0x07 sitting before every compare.
  • HINT 2: Each target was made by taking a letter and subtracting 7. Run that backward.
  • HINT 3: Add 7 to 0x3D 0x48 0x48 0x4B and you get 0x44 0x4F 0x4F 0x52.

Reject Samples

  • DOO
  • DOORS
  • door
  • DOOS
Verifier Listing
; g12_easy1: subtractive cipher. Each input byte has 0x07 SUBTRACTED, then the
; result is matched against a stored target. Technique: subtractive cipher (key
; 0x07). To decode you ADD 0x07 back to each target. r0 = 1 on accept.
; Accept rule: nonzero.
;
; targets = 0x3D 0x48 0x48 0x4B  ->  password "DOOR"
;   'D'(0x44)-7=0x3D, 'O'(0x4F)-7=0x48, 'O'(0x4F)-7=0x48, 'R'(0x52)-7=0x4B

        len   r1
        cmp   r1, 4
        jnz   bad           ; exactly 4 bytes

        mov   r7, 0
        ldb   r0, [r7]
        sub   r0, 0x07
        cmp   r0, 0x3d
        jnz   bad
        inc   r7
        ldb   r0, [r7]
        sub   r0, 0x07
        cmp   r0, 0x48
        jnz   bad
        inc   r7
        ldb   r0, [r7]
        sub   r0, 0x07
        cmp   r0, 0x48
        jnz   bad
        inc   r7
        ldb   r0, [r7]
        sub   r0, 0x07
        cmp   r0, 0x4b
        jnz   bad

        mov   r0, 1
        ret
bad:    mov   r0, 0
        ret