CRACK Solution
DRIFT BY INDEX
CRACK position add

Prerequisites
Unlocks
LEVEL5
Techniqueposition add
Rulenonzero
SampleLEVEL5
Walkthrough
Six bytes. Each char gets its own position added on: byte 0 plus 0, byte 1 plus 1, on up to byte 5 plus 5. Crack the word that fits.
Position add: the check does input[i] plus i, so subtract the slot number from each target to read it.
Hints
- HINT 1: Six bytes. The add immediate climbs 0, 1, 2, 3, 4, 5 down the listing.
- HINT 2: Undo it per slot: subtract the position index from each target.
- HINT 3: 0x4C 0x46 0x58 0x48 0x50 0x3A minus 0 1 2 3 4 5 is 0x4C 0x45 0x56 0x45 0x4C 0x35.
Reject Samples
- LEVEL
- LEVEL55
- level5
- LEVEK5
Verifier Listing
; g12_easy3: position-dependent add. Each input byte has its own INDEX added to
; it (byte 0 +0, byte 1 +1, ... byte 5 +5), then matched against a stored target.
; Technique: position add (input[i] + i). To decode you subtract the position from
; each target. r0 = 1 on accept. Accept rule: nonzero. Six bytes long.
;
; targets = 0x4C 0x46 0x58 0x48 0x50 0x3A -> password "LEVEL5"
; 'L'(0x4C)+0=0x4C, 'E'(0x45)+1=0x46, 'V'(0x56)+2=0x58,
; 'E'(0x45)+3=0x48, 'L'(0x4C)+4=0x50, '5'(0x35)+5=0x3A
len r1
cmp r1, 6
jnz bad ; exactly 6 bytes
mov r7, 0
ldb r0, [r7]
add r0, 0
cmp r0, 0x4c
jnz bad
inc r7
ldb r0, [r7]
add r0, 1
cmp r0, 0x46
jnz bad
inc r7
ldb r0, [r7]
add r0, 2
cmp r0, 0x58
jnz bad
inc r7
ldb r0, [r7]
add r0, 3
cmp r0, 0x48
jnz bad
inc r7
ldb r0, [r7]
add r0, 4
cmp r0, 0x50
jnz bad
inc r7
ldb r0, [r7]
add r0, 5
cmp r0, 0x3a
jnz bad
mov r0, 1
ret
bad: mov r0, 0
ret