CRACK Solution

PLUS TEN

CRACK additive cipher

In-game screenshot of PLUS TEN
In-game view
FamilyCRACK Graph0.230 DifficultyEasy Ring02 IDg12_easy2

Prerequisites

LINE NOISE

Unlocks

DOTTED RAMP

Accepted input BYTES
Techniqueadditive cipher Rulenonzero SampleBYTES

Walkthrough

Five bytes. The check bumps every char up by 0x0A and then compares. Find the word that hits all five targets.

Additive cipher: the check does plain plus 0x0A, so subtract 0x0A from each target to recover the password.

Hints

  • HINT 1: Five bytes exactly. Every byte gets add 0x0A before the compare.
  • HINT 2: Undo the add. Subtract 0x0A (decimal 10) from each stored target.
  • HINT 3: 0x4C 0x63 0x5E 0x4F 0x5D minus 0x0A is 0x42 0x59 0x54 0x45 0x53.

Reject Samples

  • BYTE
  • BYTESS
  • bytes
  • BYTEX
Verifier Listing
; g12_easy2: additive cipher. Each input byte has 0x0A ADDED, then the result
; is matched against a stored target. Technique: additive cipher (key 0x0A). To
; decode you SUBTRACT 0x0A from each target. r0 = 1 on accept. Accept rule:
; nonzero. Five bytes long.
;
; targets = 0x4C 0x63 0x5E 0x4F 0x5D  ->  password "BYTES"
;   'B'(0x42)+0x0A=0x4C, 'Y'(0x59)+0x0A=0x63, 'T'(0x54)+0x0A=0x5E,
;   'E'(0x45)+0x0A=0x4F, 'S'(0x53)+0x0A=0x5D

        len   r1
        cmp   r1, 5
        jnz   bad           ; exactly 5 bytes

        mov   r7, 0
        ldb   r0, [r7]
        add   r0, 0x0a
        cmp   r0, 0x4c
        jnz   bad
        inc   r7
        ldb   r0, [r7]
        add   r0, 0x0a
        cmp   r0, 0x63
        jnz   bad
        inc   r7
        ldb   r0, [r7]
        add   r0, 0x0a
        cmp   r0, 0x5e
        jnz   bad
        inc   r7
        ldb   r0, [r7]
        add   r0, 0x0a
        cmp   r0, 0x4f
        jnz   bad
        inc   r7
        ldb   r0, [r7]
        add   r0, 0x0a
        cmp   r0, 0x5d
        jnz   bad

        mov   r0, 1
        ret
bad:    mov   r0, 0
        ret