CRACK Solution
ROLL CAGE
CRACK bit-rotation + XOR cipher

CRACKED
Techniquebit-rotation + XOR cipher
Rulenonzero
SampleCRACKED
Walkthrough
A two-step byte scrambler guards the gate. Each character gets spun left then XOR keyed before the compare. Peel both layers off in reverse to read the pass.
It is a rotate-left-then-XOR cipher: undo it by XORing with the key, then rotating right by the same count, position by position.
Hints
- HINT 1: Length is fixed at 7. The loop scrambles each byte the same way before comparing it to a stored target.
- HINT 2: Two ops hit every byte: a rotate-left by 5 and an XOR with 0x5D. Order matters when you invert.
- HINT 3: To recover a byte, XOR the target with 0x5D, then rotate it right by 5. Doing all 7 spells CRACKED.
Reject Samples
- CRACKER
- cracked
- CRACKE
- CRACKEDD
- PAYLOAD
Verifier Listing
; g22_med1: "Roll Cage". Two-step per-byte cipher: each input byte is rotated
; left by 5, then XOR'd with the fixed key 0x5D, and the scrambled byte is
; compared against a stored target at each of 7 positions. To crack it, invert
; both steps in reverse order (XOR back with 0x5D, then rotate right by 5) to
; recover the password CRACKED. Technique: bit-rotation + XOR cipher.
; r0 = 1 on accept; rule: nonzero.
;
; targets B5..: rol8(c,5) ^ 0x5D of "CRACKED"
; C=0x35 R=0x17 A=0x75 C=0x35 K=0x34 E=0xF5 D=0xD5
len r2
cmp r2, 7
jnz bad ; fixed length 7
mov r7, 0 ; position index
loop: cmp r7, 7
jge ok ; all 7 matched -> accept
ldb r0, [r7] ; r0 = input[r7]
rol r0, 5 ; 8-bit rotate left by 5
xor r0, 0x5D ; XOR with the fixed key
; select the target for this position
cmp r7, 0
jz t0
cmp r7, 1
jz t1
cmp r7, 2
jz t2
cmp r7, 3
jz t3
cmp r7, 4
jz t4
cmp r7, 5
jz t5
mov r1, 0xD5 ; position 6
jmp chk
t0: mov r1, 0x35
jmp chk
t1: mov r1, 0x17
jmp chk
t2: mov r1, 0x75
jmp chk
t3: mov r1, 0x35
jmp chk
t4: mov r1, 0x34
jmp chk
t5: mov r1, 0xF5
chk: cmp r0, r1
jnz bad
inc r7
jmp loop
ok: mov r0, 1
ret
bad: mov r0, 0
ret