MicroCorruption/22-Churchill/notes.md



Churchill seems to not verify after 0xff bytes?


## Sample input

```hex
8000 00 06 3041 c26436953f8f3cadf1442fc218b185051ab6c20853a45f093fc32adf31529d05a5ec3e96a9e41ed9ad1b14dcbdb98e50e37a7ddc3d595b867807ed1605f2070e
```


## Layout:
Loadaddr | Signature Type | length | payload  | Signature
---------|----------------|--------|----------|----------
8000     | 00   (ed25519) | 06     | 3041 ret | c26436...
8000     | 01    (sha512) | 12     | 324000ffb0121000 | f009805ec519029923b72a6e63589a081295759bbf7e12090be7b784f622a24e135d2603b861cc0398b366b1a5d8a89836544a164c39f4e68361413ab6f049a5

```c
324000ff mov  #ff00, sr
b0121000 call #0010
```

## Payload
8000 01 0c 3240 00ff b012 1000

Hash:
80a0ca7614b653247b207a739e8a5445bfc34f755d4bd0bd413ec5f65a748fe04f9488f7e10700b5bfb57f41ba56f2a314a0f9545b74d08764af7a5c0cfc40ec

complete payload:
8000 01 0c 324000ff b0121000 80a0ca7614b653247b207a739e8a5445bfc34f755d4bd0bd413ec5f65a748fe04f9488f7e10700b5bfb57f41ba56f2a314a0f9545b74d08764af7a5c0cfc40ec

# THE TWIST
The program explicitly checks for `0x1` when evaluating the results of a hash
For perfectly identical strings, this DOESN'T WORK, because, memcmp returns `0`.

Solution: subtract 1 from the last byte of payload_signature. It'll be off by one, and when the program evaluates it, it'll end up with 0x0001 in r15

# Final Answer:
8000 01 0c 324000ff b0121000 80a0ca7614b653247b207a739e8a5445bfc34f755d4bd0bd413ec5f65a748fe04f9488f7e10700b5bfb57f41ba56f2a314a0f9545b74d08764af7a5c0cfc40eb
22: Churchill complete! 2022-12-12 03:03:53 +00:00

			`Churchill seems to not verify after 0xff bytes?`


			`## Sample input`

			```hex
			`8000 00 06 3041 c26436953f8f3cadf1442fc218b185051ab6c20853a45f093fc32adf31529d05a5ec3e96a9e41ed9ad1b14dcbdb98e50e37a7ddc3d595b867807ed1605f2070e`
			```



			`## Layout:`
			`Loadaddr \| Signature Type \| length \| payload \| Signature`
			`---------\|----------------\|--------\|----------\|----------`
			`8000 \| 00 (ed25519) \| 06 \| 3041 ret \| c26436...`
			`8000 \| 01 (sha512) \| 12 \| 324000ffb0121000 \| f009805ec519029923b72a6e63589a081295759bbf7e12090be7b784f622a24e135d2603b861cc0398b366b1a5d8a89836544a164c39f4e68361413ab6f049a5`

			```c
			`324000ff mov #ff00, sr`
			`b0121000 call #0010`
			```

			`## Payload`
			`8000 01 0c 3240 00ff b012 1000`

			`Hash:`
			`80a0ca7614b653247b207a739e8a5445bfc34f755d4bd0bd413ec5f65a748fe04f9488f7e10700b5bfb57f41ba56f2a314a0f9545b74d08764af7a5c0cfc40ec`

			`complete payload:`
			`8000 01 0c 324000ff b0121000 80a0ca7614b653247b207a739e8a5445bfc34f755d4bd0bd413ec5f65a748fe04f9488f7e10700b5bfb57f41ba56f2a314a0f9545b74d08764af7a5c0cfc40ec`

			`# THE TWIST`
			The program explicitly checks for `0x1` when evaluating the results of a hash
			For perfectly identical strings, this DOESN'T WORK, because, memcmp returns `0`.

			`Solution: subtract 1 from the last byte of payload_signature. It'll be off by one, and when the program evaluates it, it'll end up with 0x0001 in r15`

			`# Final Answer:`
			`8000 01 0c 324000ff b0121000 80a0ca7614b653247b207a739e8a5445bfc34f755d4bd0bd413ec5f65a748fe04f9488f7e10700b5bfb57f41ba56f2a314a0f9545b74d08764af7a5c0cfc40eb`