From 38b35b77a7f8345bf8f81ecb1a8169b8bc06b894 Mon Sep 17 00:00:00 2001
From: Val <val@soft.fish>
Date: Mon, 12 Dec 2022 00:55:34 -0600
Subject: [PATCH] Complete Baku

---
 23-Baku/baku.md  |  42 ++++
 23-Baku/baku.py  |  46 ++++
 23-Baku/baku.txt | 586 +++++++++++++++++++++++++++++++++++++++++++++++
 readme.md        |   1 +
 4 files changed, 675 insertions(+)
 create mode 100644 23-Baku/baku.md
 create mode 100644 23-Baku/baku.py
 create mode 100644 23-Baku/baku.txt

diff --git a/23-Baku/baku.md b/23-Baku/baku.md
new file mode 100644
index 0000000..2185ae6
--- /dev/null
+++ b/23-Baku/baku.md
@@ -0,0 +1,42 @@
+# Baku
+
+Main is very simple. It decrypts the user input with a preset key
+
+There's a blob of data in the strings section:
+```asm
+48ae:
+7F7875E0C977D30CE85ECA19D02211F7
+4B530B31B5CD58D3F59DC5A9C583C4F3
+6F1AF5BBFE9E53E240509D7A301E015A
+6259A7399184A659BECECE98704E9C20
+539345A8F3DD01602F4A68C1CE8052B8
+70076C8BA04E44C8DC9769A1E1CA3A79
+FF47B02ED04928437CD92D693D5D53D8
+D980482F2F0E986DAC90052A41847EB1
+7DCD0F8EF68ED042839E9D47ED147B9B
+F2138F148B43DFCC75104D056E8AE6DC
+7B2F0D188AF1FA20493CD251F10BBCB5
+495e: ; it's the s box!
+52096AD53036A538BF40A39E81F3D7FB
+7CE339829B2FFF87348E4344C4DEE9CB
+547B9432A6C2233DEE4C950B42FAC34E
+082EA16628D924B2765BA2496D8BD125
+72F8F66486689816D4A45CCC5D65B692
+6C704850FDEDB9DA5E154657A78D9D84
+90D8AB008CBCD30AF7E45805B8B34506
+D02C1E8FCA3F0F02C1AFBD0301138A6B
+3A9111414F67DCEA97F2CFCEF0B4E673
+96AC7422E7AD3585E2F937E81C75DF6E
+47F11A711D29C5896FB7620EAA18BE1B
+FC563E4BC6D279209ADBC0FE78CD5AF4
+1FDDA8338807C731B11210592780EC5F
+60517FA919B54A0D2DE57A9F93C99CEF
+A0E03B4DAE2AF5B0C8EBBB3C83539961
+172B047EBA77D626E169146355210C7D
+```
+One is probably the key
+
+
+494e: 7b2f0d188af1fa20493cd251f10bbcb5
+PT: "ACCESS GRANTED!"
+CT: aaf7e3ad17bcfd3240422d65fe3ea1b7
diff --git a/23-Baku/baku.py b/23-Baku/baku.py
new file mode 100644
index 0000000..63e56c1
--- /dev/null
+++ b/23-Baku/baku.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+
+keys = [
+   "7F7875E0C977D30CE85ECA19D02211F7", # 48ae
+   "4B530B31B5CD58D3F59DC5A9C583C4F3", # 48be
+   "6F1AF5BBFE9E53E240509D7A301E015A", # 48ce
+   "6259A7399184A659BECECE98704E9C20", # 48de
+   "539345A8F3DD01602F4A68C1CE8052B8", # 48ee
+   "70076C8BA04E44C8DC9769A1E1CA3A79", # 48fe
+   "FF47B02ED04928437CD92D693D5D53D8", # 490e
+   "D980482F2F0E986DAC90052A41847EB1", # 491e
+   "7DCD0F8EF68ED042839E9D47ED147B9B", # 492e
+   "F2138F148B43DFCC75104D056E8AE6DC", # 493e
+   "7B2F0D188AF1FA20493CD251F10BBCB5" #! 494e
+   ]
+# It's sbox!!!
+inv_sbox = [
+   "52096AD53036A538BF40A39E81F3D7FB", # 495e
+   "7CE339829B2FFF87348E4344C4DEE9CB", # 496e
+   "547B9432A6C2233DEE4C950B42FAC34E", # 497e
+   "082EA16628D924B2765BA2496D8BD125", # 498e
+   "72F8F66486689816D4A45CCC5D65B692", # 499e
+   "6C704850FDEDB9DA5E154657A78D9D84", # 49ae
+   "90D8AB008CBCD30AF7E45805B8B34506", # 49be
+   "D02C1E8FCA3F0F02C1AFBD0301138A6B", # 49ce
+   "3A9111414F67DCEA97F2CFCEF0B4E673", # 49de
+   "96AC7422E7AD3585E2F937E81C75DF6E", # 49ee
+   "47F11A711D29C5896FB7620EAA18BE1B", # 49fe
+   "FC563E4BC6D279209ADBC0FE78CD5AF4", # 4a0e
+   "1FDDA8338807C731B11210592780EC5F", # 4a1e
+   "60517FA919B54A0D2DE57A9F93C99CEF", # 4a2e
+   "A0E03B4DAE2AF5B0C8EBBB3C83539961", # 4a3e
+   "172B047EBA77D626E169146355210C7D"  # 4a4e
+]
+
+for key in keys:
+
+   key = bytes.fromhex(key)
+
+   cipher = Cipher(algorithms.AES128(key), modes.ECB());
+   enc = cipher.encryptor()
+
+   ciphertext = enc.update(b'ACCESS GRANTED!\x00') + enc.finalize()
+
+   print(key.hex(), ciphertext.hex(), "\n");
diff --git a/23-Baku/baku.txt b/23-Baku/baku.txt
new file mode 100644
index 0000000..986d60f
--- /dev/null
+++ b/23-Baku/baku.txt
@@ -0,0 +1,586 @@
+
+Hex:
+:10 4400 00 55425C0135D0085A8245002431400044 B1
+:10 4410 00 3F4000000F930824924200245C012F83 48
+:10 4420 00 9F4F5E4A0024F8233F4000000F930724 6B
+:10 4430 00 924200245C011F83CF430024F9233150 B2
+:10 4440 00 F0FF3D4010000E430F41B0120E483F40 B8
+:10 4450 00 7A48B012D6443E4010000F41B012B844 22
+:10 4460 00 0E413F40AE48B012FA463D4010000E41 AA
+:10 4470 00 3F408F48B012EE470F93E9233F409F48 DB
+:10 4480 00 B012D6440312031230127F00B012A044 BF
+:10 4490 00 0F433150160032D0F000FD3F30407848 D5
+:10 44A0 00 1F41020002124F4F8F103FD00080024F 79
+:10 44B0 00 B0121000324130410E120F122312B012 0E
+:10 44C0 00 A0443150060030418F110F120312B012 78
+:10 44D0 00 A044215230410B120B4F033C1B53B012 2E
+:10 44E0 00 C8446F4B4F93FA237F400A00B012C844 70
+:10 44F0 00 3B4130414E4F4E5E0E430E6E4C4E4C5C 77
+:10 4500 00 4C5E4E4C4E5E4E5E4E5E4E5C4D4F0D5D B3
+:10 4510 00 4F4E4FED30410D430C4E0C5DEFEC0000 63
+:10 4520 00 1D531F533D901000F72330410B120A12 08
+:10 4530 00 0912081207120612051204123150E8FF 80
+:10 4540 00 814F0000814E10005D4F0D00DF4F0900 CC
+:10 4550 00 0D00DF4F05000900DF4F01000500CF4D C2
+:10 4560 00 01005D4F0200DF4F0A000200CF4D0A00 3C
+:10 4570 00 5D4F0600DF4F0E000600CF4D0E005D4F 71
+:10 4580 00 0300DF4F07000300DF4F0B000700DF4F 82
+:10 4590 00 0F000B00CF4D0F000A4F0D4F0C436F4D 16
+:10 45A0 00 DD4F5E4900001C531D533C901000F723 63
+:10 45B0 00 81430200684A5B4A0100594A0200574A 97
+:10 45C0 00 03004F48B012F4444E4F814E0800B012 21
+:10 45D0 00 F4444D4F814D1600B012F4444E4F4F4B F2
+:10 45E0 00 814F04004F4B814E1400B012F4444C4F E5
+:10 45F0 00 814C1200B012F444C14F0C00B012F444 CC
+:10 4600 00 444F4B49814B06004F49B012F444C14F 0F
+:10 4610 00 0D00B012F4444B4F814B0A00B012F444 29
+:10 4620 00 464F45474F47B012F444C14F0E00B012 F9
+:10 4630 00 F444474FB012F444494F1D4116001B41 4A
+:10 4640 00 08000BED1E4114000BEE1C4112000BEC 98
+:10 4650 00 0BE41BE10A000BE60BE91BE104001BE1 84
+:10 4660 00 06004BE5CA4B00000B485F410C005841 67
+:10 4670 00 0D0047470CEE0CE40CE60CE90CEF0CE8 DF
+:10 4680 00 0CE71CE106000CE54CEBCA4C01005C41 58
+:10 4690 00 0E000DEE0DE41DE10A000DE60DE90DE8 3A
+:10 46A0 00 0DEC1DE104000DE54DEBCA4D02001EE1 CD
+:10 46B0 00 08000EE40EE60EE90EEF0EE70EEC1EE1 2A
+:10 46C0 00 04001EE106004EEBCA4E0300A1520200 98
+:10 46D0 00 2A52B190100002006D231E4110002F41 9C
+:10 46E0 00 B0121645315018003441354136413741 3A
+:10 46F0 00 384139413A413B4130410B120A120A4F CD
+:10 4700 00 0B4E0E4F0F4BB01216450E4A3E501000 86
+:10 4710 00 0F4BB0122C450E4A3E5020000F4BB012 EA
+:10 4720 00 2C450E4A3E5030000F4BB0122C450E4A 1D
+:10 4730 00 3E5040000F4BB0122C450E4A3E505000 E8
+:10 4740 00 0F4BB0122C450E4A3E5060000F4BB012 7A
+:10 4750 00 2C450E4A3E5070000F4BB0122C450E4A AD
+:10 4760 00 3E5080000F4BB0122C450E4A3E509000 38
+:10 4770 00 0F4BB0122C450E4A3E50A0005F4B0D00 6F
+:10 4780 00 DB4B09000D00DB4B05000900DB4B0100 92
+:10 4790 00 0500CB4F01005F4B0200DB4B0A000200 1B
+:10 47A0 00 CB4F0A005F4B0600DB4B0E000600CB4F E1
+:10 47B0 00 0E005F4B0300DB4B07000300DB4B0B00 DD
+:10 47C0 00 0700DB4B0F000B00CB4F0F000F4B0D43 CF
+:10 47D0 00 6C4FDF4C5E4900001D531F533D901000 8D
+:10 47E0 00 F7230F4BB01216453A413B4130410B12 B3
+:10 47F0 00 0D930A247B4F7C4E4B9C04244F4B4E4C 14
+:10 4800 00 0F8E033C3D53F43F0F433B4130410B12 AD
+:10 4810 00 0A12091208123D900600092C0C4F043C A4
+:10 4820 00 CC4E00001C533D530D93FA23203C4E4E BA
+:10 4830 00 4B4E0B9303240C4B8C100BDC1FB30624 44
+:10 4840 00 3D53CF4E0000094F1953013C094F0C4D 09
+:10 4850 00 12C30C100A49084C8A4B00002A533853 E3
+:10 4860 00 FB230C5C0C591DF30224CC4E00003841 94
+:0A 4870 00 39413A413B4130410013             49
+Strings:
+:10 487A 00 5343414E205345435552495459204445 C8
+:10 488A 00 5649434500414343455353204752414E FD
+:10 489A 00 5445442100414343455353204752414E 16
+:10 48AA 00 544544007F7875E0C977D30CE85ECA19 8D
+:10 48BA 00 D02211F74B530B31B5CD58D3F59DC5A9 6D
+:10 48CA 00 C583C4F36F1AF5BBFE9E53E240509D7A 2E
+:10 48DA 00 301E015A6259A7399184A659BECECE98 84
+:10 48EA 00 704E9C20539345A8F3DD01602F4A68C1 9E
+:10 48FA 00 CE8052B870076C8BA04E44C8DC9769A1 71
+:10 490A 00 E1CA3A79FF47B02ED04928437CD92D69 AC
+:10 491A 00 3D5D53D8D980482F2F0E986DAC90052A 4B
+:10 492A 00 41847EB17DCD0F8EF68ED042839E9D47 07
+:10 493A 00 ED147B9BF2138F148B43DFCC75104D05 5E
+:10 494A 00 6E8AE6DC7B2F0D188AF1FA20493CD251 97
+:10 495A 00 F10BBCB552096AD53036A538BF40A39E C3
+:10 496A 00 81F3D7FB7CE339829B2FFF87348E4344 44
+:10 497A 00 C4DEE9CB547B9432A6C2233DEE4C950B A0
+:10 498A 00 42FAC34E082EA16628D924B2765BA249 00
+:10 499A 00 6D8BD12572F8F66486689816D4A45CCC 1F
+:10 49AA 00 5D65B6926C704850FDEDB9DA5E154657 F2
+:10 49BA 00 A78D9D8490D8AB008CBCD30AF7E45805 28
+:10 49CA 00 B8B34506D02C1E8FCA3F0F02C1AFBD03 34
+:10 49DA 00 01138A6B3A9111414F67DCEA97F2CFCE 05
+:10 49EA 00 F0B4E67396AC7422E7AD3585E2F937E8 A0
+:10 49FA 00 1C75DF6E47F11A711D29C5896FB7620E E2
+:10 4A0A 00 AA18BE1BFC563E4BC6D279209ADBC0FE C2
+:10 4A1A 00 78CD5AF41FDDA8338807C731B1121059 6F
+:10 4A2A 00 2780EC5F60517FA919B54A0D2DE57A9F 61
+:10 4A3A 00 93C99CEFA0E03B4DAE2AF5B0C8EBBB3C 56
+:10 4A4A 00 83539961172B047EBA77D626E1691463 DA
+:04 4A5A 00 55210C7D                         59
+Vector_Table:
+:10 FF80 00 9C449C449C449C449C449C449C449C44 71
+:10 FF90 00 9C449C449C449C449C449C449C440044 FD
+Entry:
+:04 0000 03 00004400                         B5
+:00 0000 01                                  FF
+
+
+Obj:
+0010 <__trap_interrupt>
+0010:  3041           ret
+4400 <__watchdog_support>
+4400:  5542 5c01      mov.b	&0x015c, r5
+4404:  35d0 085a      bis	#0x5a08, r5
+4408:  8245 0024      mov	r5, &0x2400
+440c <__init_stack>
+440c:  3140 0044      mov	#0x4400 <__watchdog_support>, sp
+4410 <__do_copy_data>
+4410:  3f40 0000      clr	r15
+4414:  0f93           tst	r15
+4416:  0824           jz	#0x4428 <__do_clear_bss+0x0>
+4418:  9242 0024 5c01 mov	&0x2400, &0x015c
+441e:  2f83           decd	r15
+4420:  9f4f 5e4a 0024 mov	0x4a5e(r15), 0x2400(r15)
+4426:  f823           jnz	#0x4418 <__do_copy_data+0x8>
+4428 <__do_clear_bss>
+4428:  3f40 0000      clr	r15
+442c:  0f93           tst	r15
+442e:  0724           jz	#0x443e <main+0x0>
+4430:  9242 0024 5c01 mov	&0x2400, &0x015c
+4436:  1f83           dec	r15
+4438:  cf43 0024      mov.b	#0x0, 0x2400(r15)
+443c:  f923           jnz	#0x4430 <__do_clear_bss+0x8>
+
+
+443e <main>
+443e:  3150 f0ff      add	#0xfff0, sp
+4442:  3d40 1000      mov	#0x10, r13
+4446:  0e43           clr	r14
+4448:  0f41           mov	sp, r15
+444a:  b012 0e48      call	#0x480e <memset>
+continue:
+444e:  3f40 7a48      mov	#0x487a "SCAN SECURITY DEVICE" <__bss_start+0x247a>, r15
+4452:  b012 d644      call	#0x44d6 <puts>
+4456:  3e40 1000      mov	#0x10, r14
+445a:  0f41           mov	sp, r15
+445c:  b012 b844      call	#0x44b8 <getsn>
+4460:  0e41           mov	sp, r14
+4462:  3f40 ae48      mov	#0x48ae "\x7fxuw\x0c^\x19..." r15
+4466:  b012 fa46      call	#0x46fa <aes_ecb_decrypt>
+446a:  3d40 1000      mov	#0x10, r13
+446e:  0e41           mov	sp, r14
+4470:  3f40 8f48      mov	#0x488f "ACCESS GRANTED!" r15
+4474:  b012 ee47      call	#0x47ee <memcmp>
+4478:  0f93           tst	r15
+447a:  e923           jnz	#0x444e <main+0x10>
+447c:  3f40 9f48      mov	#0x489f "ACCESS GRANTED" r15
+4480:  b012 d644      call	#0x44d6 <puts>
+4484:  0312           push	#0x0
+4486:  0312           push	#0x0
+4488:  3012 7f00      push	#0x7f
+448c:  b012 a044      call	#0x44a0 <INT>
+4490:  0f43           clr	r15
+4492:  3150 1600      add	#0x16, sp
+
+
+4496 <__stop_progExec__>
+4496:  32d0 f000      bis	#0xf0, sr
+449a:  fd3f           jmp	#0x4496 <__stop_progExec__+0x0>
+449c <__ctors_end>
+449c:  3040 7848      br	#0x4878 <_unexpected_>
+44a0 <INT>
+44a0:  1f41 0200      mov	0x2(sp), r15
+44a4:  0212           push	sr
+44a6:  4f4f           mov.b	r15, r15
+44a8:  8f10           swpb	r15
+44aa:  3fd0 0080      bis	#0x8000, r15
+44ae:  024f           mov	r15, sr
+44b0:  b012 1000      call	#0x10
+44b4:  3241           pop	sr
+44b6:  3041           ret
+44b8 <getsn>
+44b8:  0e12           push	r14
+44ba:  0f12           push	r15
+44bc:  2312           push	#0x2
+44be:  b012 a044      call	#0x44a0 <INT>
+44c2:  3150 0600      add	#0x6, sp
+44c6:  3041           ret
+44c8 <putchar>
+44c8:  8f11           sxt	r15
+44ca:  0f12           push	r15
+44cc:  0312           push	#0x0
+44ce:  b012 a044      call	#0x44a0 <INT>
+44d2:  2152           add	#0x4, sp
+44d4:  3041           ret
+44d6 <puts>
+44d6:  0b12           push	r11
+44d8:  0b4f           mov	r15, r11
+44da:  033c           jmp	#0x44e2 <puts+0xc>
+44dc:  1b53           inc	r11
+44de:  b012 c844      call	#0x44c8 <putchar>
+44e2:  6f4b           mov.b	@r11, r15
+44e4:  4f93           tst.b	r15
+44e6:  fa23           jnz	#0x44dc <puts+0x6>
+44e8:  7f40 0a00      mov.b	#0xa, r15
+44ec:  b012 c844      call	#0x44c8 <putchar>
+44f0:  3b41           pop	r11
+44f2:  3041           ret
+44f4 <xtime>
+44f4:  4e4f           mov.b	r15, r14
+44f6:  4e5e           add.b	r14, r14
+44f8:  0e43           clr	r14
+44fa:  0e6e           addc	r14, r14
+44fc:  4c4e           mov.b	r14, r12
+44fe:  4c5c           add.b	r12, r12
+4500:  4c5e           add.b	r14, r12
+4502:  4e4c           mov.b	r12, r14
+4504:  4e5e           add.b	r14, r14
+4506:  4e5e           add.b	r14, r14
+4508:  4e5e           add.b	r14, r14
+450a:  4e5c           add.b	r12, r14
+450c:  4d4f           mov.b	r15, r13
+450e:  0d5d           add	r13, r13
+4510:  4f4e           mov.b	r14, r15
+4512:  4fed           xor.b	r13, r15
+4514:  3041           ret
+4516 <xor128>
+4516:  0d43           clr	r13
+4518:  0c4e           mov	r14, r12
+451a:  0c5d           add	r13, r12
+451c:  efec 0000      xor.b	@r12, 0x0(r15)
+4520:  1d53           inc	r13
+4522:  1f53           inc	r15
+4524:  3d90 1000      cmp	#0x10, r13
+4528:  f723           jne	#0x4518 <xor128+0x2>
+452a:  3041           ret
+452c <aesdec128>
+452c:  0b12           push	r11
+452e:  0a12           push	r10
+4530:  0912           push	r9
+4532:  0812           push	r8
+4534:  0712           push	r7
+4536:  0612           push	r6
+4538:  0512           push	r5
+453a:  0412           push	r4
+453c:  3150 e8ff      add	#0xffe8, sp
+4540:  814f 0000      mov	r15, 0x0(sp)
+4544:  814e 1000      mov	r14, 0x10(sp)
+4548:  5d4f 0d00      mov.b	0xd(r15), r13
+454c:  df4f 0900 0d00 mov.b	0x9(r15), 0xd(r15)
+4552:  df4f 0500 0900 mov.b	0x5(r15), 0x9(r15)
+4558:  df4f 0100 0500 mov.b	0x1(r15), 0x5(r15)
+455e:  cf4d 0100      mov.b	r13, 0x1(r15)
+4562:  5d4f 0200      mov.b	0x2(r15), r13
+4566:  df4f 0a00 0200 mov.b	0xa(r15), 0x2(r15)
+456c:  cf4d 0a00      mov.b	r13, 0xa(r15)
+4570:  5d4f 0600      mov.b	0x6(r15), r13
+4574:  df4f 0e00 0600 mov.b	0xe(r15), 0x6(r15)
+457a:  cf4d 0e00      mov.b	r13, 0xe(r15)
+457e:  5d4f 0300      mov.b	0x3(r15), r13
+4582:  df4f 0700 0300 mov.b	0x7(r15), 0x3(r15)
+4588:  df4f 0b00 0700 mov.b	0xb(r15), 0x7(r15)
+458e:  df4f 0f00 0b00 mov.b	0xf(r15), 0xb(r15)
+4594:  cf4d 0f00      mov.b	r13, 0xf(r15)
+4598:  0a4f           mov	r15, r10
+459a:  0d4f           mov	r15, r13
+459c:  0c43           clr	r12
+459e:  6f4d           mov.b	@r13, r15
+45a0:  dd4f 5e49 0000 mov.b	0x495e(r15), 0x0(r13) ;!!! the box is 495e. What comes before it, then?
+45a6:  1c53           inc	r12
+45a8:  1d53           inc	r13
+45aa:  3c90 1000      cmp	#0x10, r12
+45ae:  f723           jne	#0x459e <aesdec128+0x72>
+45b0:  8143 0200      clr	0x2(sp)
+45b4:  684a           mov.b	@r10, r8
+45b6:  5b4a 0100      mov.b	0x1(r10), r11
+45ba:  594a 0200      mov.b	0x2(r10), r9
+45be:  574a 0300      mov.b	0x3(r10), r7
+45c2:  4f48           mov.b	r8, r15
+45c4:  b012 f444      call	#0x44f4 <xtime>
+45c8:  4e4f           mov.b	r15, r14
+45ca:  814e 0800      mov	r14, 0x8(sp)
+45ce:  b012 f444      call	#0x44f4 <xtime>
+45d2:  4d4f           mov.b	r15, r13
+45d4:  814d 1600      mov	r13, 0x16(sp)
+45d8:  b012 f444      call	#0x44f4 <xtime>
+45dc:  4e4f           mov.b	r15, r14
+45de:  4f4b           mov.b	r11, r15
+45e0:  814f 0400      mov	r15, 0x4(sp)
+45e4:  4f4b           mov.b	r11, r15
+45e6:  814e 1400      mov	r14, 0x14(sp)
+45ea:  b012 f444      call	#0x44f4 <xtime>
+45ee:  4c4f           mov.b	r15, r12
+45f0:  814c 1200      mov	r12, 0x12(sp)
+45f4:  b012 f444      call	#0x44f4 <xtime>
+45f8:  c14f 0c00      mov.b	r15, 0xc(sp)
+45fc:  b012 f444      call	#0x44f4 <xtime>
+4600:  444f           mov.b	r15, r4
+4602:  4b49           mov.b	r9, r11
+4604:  814b 0600      mov	r11, 0x6(sp)
+4608:  4f49           mov.b	r9, r15
+460a:  b012 f444      call	#0x44f4 <xtime>
+460e:  c14f 0d00      mov.b	r15, 0xd(sp)
+4612:  b012 f444      call	#0x44f4 <xtime>
+4616:  4b4f           mov.b	r15, r11
+4618:  814b 0a00      mov	r11, 0xa(sp)
+461c:  b012 f444      call	#0x44f4 <xtime>
+4620:  464f           mov.b	r15, r6
+4622:  4547           mov.b	r7, r5
+4624:  4f47           mov.b	r7, r15
+4626:  b012 f444      call	#0x44f4 <xtime>
+462a:  c14f 0e00      mov.b	r15, 0xe(sp)
+462e:  b012 f444      call	#0x44f4 <xtime>
+4632:  474f           mov.b	r15, r7
+4634:  b012 f444      call	#0x44f4 <xtime>
+4638:  494f           mov.b	r15, r9
+463a:  1d41 1600      mov	0x16(sp), r13
+463e:  1b41 0800      mov	0x8(sp), r11
+4642:  0bed           xor	r13, r11
+4644:  1e41 1400      mov	0x14(sp), r14
+4648:  0bee           xor	r14, r11
+464a:  1c41 1200      mov	0x12(sp), r12
+464e:  0bec           xor	r12, r11
+4650:  0be4           xor	r4, r11
+4652:  1be1 0a00      xor	0xa(sp), r11
+4656:  0be6           xor	r6, r11
+4658:  0be9           xor	r9, r11
+465a:  1be1 0400      xor	0x4(sp), r11
+465e:  1be1 0600      xor	0x6(sp), r11
+4662:  4be5           xor.b	r5, r11
+4664:  ca4b 0000      mov.b	r11, 0x0(r10)
+4668:  0b48           mov	r8, r11
+466a:  5f41 0c00      mov.b	0xc(sp), r15
+466e:  5841 0d00      mov.b	0xd(sp), r8
+4672:  4747           mov.b	r7, r7
+4674:  0cee           xor	r14, r12
+4676:  0ce4           xor	r4, r12
+4678:  0ce6           xor	r6, r12
+467a:  0ce9           xor	r9, r12
+467c:  0cef           xor	r15, r12
+467e:  0ce8           xor	r8, r12
+4680:  0ce7           xor	r7, r12
+4682:  1ce1 0600      xor	0x6(sp), r12
+4686:  0ce5           xor	r5, r12
+4688:  4ceb           xor.b	r11, r12
+468a:  ca4c 0100      mov.b	r12, 0x1(r10)
+468e:  5c41 0e00      mov.b	0xe(sp), r12
+4692:  0dee           xor	r14, r13
+4694:  0de4           xor	r4, r13
+4696:  1de1 0a00      xor	0xa(sp), r13
+469a:  0de6           xor	r6, r13
+469c:  0de9           xor	r9, r13
+469e:  0de8           xor	r8, r13
+46a0:  0dec           xor	r12, r13
+46a2:  1de1 0400      xor	0x4(sp), r13
+46a6:  0de5           xor	r5, r13
+46a8:  4deb           xor.b	r11, r13
+46aa:  ca4d 0200      mov.b	r13, 0x2(r10)
+46ae:  1ee1 0800      xor	0x8(sp), r14
+46b2:  0ee4           xor	r4, r14
+46b4:  0ee6           xor	r6, r14
+46b6:  0ee9           xor	r9, r14
+46b8:  0eef           xor	r15, r14
+46ba:  0ee7           xor	r7, r14
+46bc:  0eec           xor	r12, r14
+46be:  1ee1 0400      xor	0x4(sp), r14
+46c2:  1ee1 0600      xor	0x6(sp), r14
+46c6:  4eeb           xor.b	r11, r14
+46c8:  ca4e 0300      mov.b	r14, 0x3(r10)
+46cc:  a152 0200      add	#0x4, 0x2(sp)
+46d0:  2a52           add	#0x4, r10
+46d2:  b190 1000 0200 cmp	#0x10, 0x2(sp)
+46d8:  6d23           jne	#0x45b4 <aesdec128+0x88>
+46da:  1e41 1000      mov	0x10(sp), r14
+46de:  2f41           mov	@sp, r15
+46e0:  b012 1645      call	#0x4516 <xor128>
+46e4:  3150 1800      add	#0x18, sp
+46e8:  3441           pop	r4
+46ea:  3541           pop	r5
+46ec:  3641           pop	r6
+46ee:  3741           pop	r7
+46f0:  3841           pop	r8
+46f2:  3941           pop	r9
+46f4:  3a41           pop	r10
+46f6:  3b41           pop	r11
+46f8:  3041           ret
+46fa <aes_ecb_decrypt>
+46fa:  0b12           push	r11
+46fc:  0a12           push	r10
+46fe:  0a4f           mov	r15, r10
+4700:  0b4e           mov	r14, r11
+4702:  0e4f           mov	r15, r14
+4704:  0f4b           mov	r11, r15
+4706:  b012 1645      call	#0x4516 <xor128>
+470a:  0e4a           mov	r10, r14
+470c:  3e50 1000      add	#0x10, r14
+4710:  0f4b           mov	r11, r15
+4712:  b012 2c45      call	#0x452c <aesdec128>
+4716:  0e4a           mov	r10, r14
+4718:  3e50 2000      add	#0x20, r14
+471c:  0f4b           mov	r11, r15
+471e:  b012 2c45      call	#0x452c <aesdec128>
+4722:  0e4a           mov	r10, r14
+4724:  3e50 3000      add	#0x30, r14
+4728:  0f4b           mov	r11, r15
+472a:  b012 2c45      call	#0x452c <aesdec128>
+472e:  0e4a           mov	r10, r14
+4730:  3e50 4000      add	#0x40, r14
+4734:  0f4b           mov	r11, r15
+4736:  b012 2c45      call	#0x452c <aesdec128>
+473a:  0e4a           mov	r10, r14
+473c:  3e50 5000      add	#0x50, r14
+4740:  0f4b           mov	r11, r15
+4742:  b012 2c45      call	#0x452c <aesdec128>
+4746:  0e4a           mov	r10, r14
+4748:  3e50 6000      add	#0x60, r14
+474c:  0f4b           mov	r11, r15
+474e:  b012 2c45      call	#0x452c <aesdec128>
+4752:  0e4a           mov	r10, r14
+4754:  3e50 7000      add	#0x70, r14
+4758:  0f4b           mov	r11, r15
+475a:  b012 2c45      call	#0x452c <aesdec128>
+475e:  0e4a           mov	r10, r14
+4760:  3e50 8000      add	#0x80, r14
+4764:  0f4b           mov	r11, r15
+4766:  b012 2c45      call	#0x452c <aesdec128>
+476a:  0e4a           mov	r10, r14
+476c:  3e50 9000      add	#0x90, r14
+4770:  0f4b           mov	r11, r15
+4772:  b012 2c45      call	#0x452c <aesdec128>
+4776:  0e4a           mov	r10, r14
+4778:  3e50 a000      add	#0xa0, r14
+477c:  5f4b 0d00      mov.b	0xd(r11), r15
+4780:  db4b 0900 0d00 mov.b	0x9(r11), 0xd(r11)
+4786:  db4b 0500 0900 mov.b	0x5(r11), 0x9(r11)
+478c:  db4b 0100 0500 mov.b	0x1(r11), 0x5(r11)
+4792:  cb4f 0100      mov.b	r15, 0x1(r11)
+4796:  5f4b 0200      mov.b	0x2(r11), r15
+479a:  db4b 0a00 0200 mov.b	0xa(r11), 0x2(r11)
+47a0:  cb4f 0a00      mov.b	r15, 0xa(r11)
+47a4:  5f4b 0600      mov.b	0x6(r11), r15
+47a8:  db4b 0e00 0600 mov.b	0xe(r11), 0x6(r11)
+47ae:  cb4f 0e00      mov.b	r15, 0xe(r11)
+47b2:  5f4b 0300      mov.b	0x3(r11), r15
+47b6:  db4b 0700 0300 mov.b	0x7(r11), 0x3(r11)
+47bc:  db4b 0b00 0700 mov.b	0xb(r11), 0x7(r11)
+47c2:  db4b 0f00 0b00 mov.b	0xf(r11), 0xb(r11)
+47c8:  cb4f 0f00      mov.b	r15, 0xf(r11)
+47cc:  0f4b           mov	r11, r15
+47ce:  0d43           clr	r13
+47d0:  6c4f           mov.b	@r15, r12
+47d2:  df4c 5e49 0000 mov.b	0x495e(r12), 0x0(r15)
+47d8:  1d53           inc	r13
+47da:  1f53           inc	r15
+47dc:  3d90 1000      cmp	#0x10, r13
+47e0:  f723           jne	#0x47d0 <aes_ecb_decrypt+0xd6>
+47e2:  0f4b           mov	r11, r15
+47e4:  b012 1645      call	#0x4516 <xor128>
+47e8:  3a41           pop	r10
+47ea:  3b41           pop	r11
+47ec:  3041           ret
+47ee <memcmp>
+47ee:  0b12           push	r11
+47f0:  0d93           tst	r13
+47f2:  0a24           jz	#0x4808 <memcmp+0x1a>
+47f4:  7b4f           mov.b	@r15+, r11
+47f6:  7c4e           mov.b	@r14+, r12
+47f8:  4b9c           cmp.b	r12, r11
+47fa:  0424           jeq	#0x4804 <memcmp+0x16>
+47fc:  4f4b           mov.b	r11, r15
+47fe:  4e4c           mov.b	r12, r14
+4800:  0f8e           sub	r14, r15
+4802:  033c           jmp	#0x480a <memcmp+0x1c>
+4804:  3d53           add	#-0x1, r13
+4806:  f43f           jmp	#0x47f0 <memcmp+0x2>
+4808:  0f43           clr	r15
+480a:  3b41           pop	r11
+480c:  3041           ret
+480e <memset>
+480e:  0b12           push	r11
+4810:  0a12           push	r10
+4812:  0912           push	r9
+4814:  0812           push	r8
+4816:  3d90 0600      cmp	#0x6, r13
+481a:  092c           jc	#0x482e <memset+0x20>
+481c:  0c4f           mov	r15, r12
+481e:  043c           jmp	#0x4828 <memset+0x1a>
+4820:  cc4e 0000      mov.b	r14, 0x0(r12)
+4824:  1c53           inc	r12
+4826:  3d53           add	#-0x1, r13
+4828:  0d93           tst	r13
+482a:  fa23           jnz	#0x4820 <memset+0x12>
+482c:  203c           jmp	#0x486e <memset+0x60>
+482e:  4e4e           mov.b	r14, r14
+4830:  4b4e           mov.b	r14, r11
+4832:  0b93           tst	r11
+4834:  0324           jz	#0x483c <memset+0x2e>
+4836:  0c4b           mov	r11, r12
+4838:  8c10           swpb	r12
+483a:  0bdc           bis	r12, r11
+483c:  1fb3           bit	#0x1, r15
+483e:  0624           jz	#0x484c <memset+0x3e>
+4840:  3d53           add	#-0x1, r13
+4842:  cf4e 0000      mov.b	r14, 0x0(r15)
+4846:  094f           mov	r15, r9
+4848:  1953           inc	r9
+484a:  013c           jmp	#0x484e <memset+0x40>
+484c:  094f           mov	r15, r9
+484e:  0c4d           mov	r13, r12
+4850:  12c3           clrc
+4852:  0c10           rrc	r12
+4854:  0a49           mov	r9, r10
+4856:  084c           mov	r12, r8
+4858:  8a4b 0000      mov	r11, 0x0(r10)
+485c:  2a53           incd	r10
+485e:  3853           add	#-0x1, r8
+4860:  fb23           jnz	#0x4858 <memset+0x4a>
+4862:  0c5c           add	r12, r12
+4864:  0c59           add	r9, r12
+4866:  1df3           and	#0x1, r13
+4868:  0224           jz	#0x486e <memset+0x60>
+486a:  cc4e 0000      mov.b	r14, 0x0(r12)
+486e:  3841           pop	r8
+4870:  3941           pop	r9
+4872:  3a41           pop	r10
+4874:  3b41           pop	r11
+4876:  3041           ret
+4878 <_unexpected_>
+4878:  0013           reti	pc
+487a <__bss_start+0x247a>
+487a .strings:
+487a: "SCAN SECURITY DEVICE"
+488f: "ACCESS GRANTED!"
+489f: "ACCESS GRANTED"
+48ae: "\x7fxuw\x0c^\x19     \"\x11KS\x0b1X         o\x1aS@Pz          0\x1e\x01ZbY9Y        pN SE\x01`/Jh      Rp\x07lNDi         :yG.I(C|-i      =\n]SH //\x0em\x05*      A~}\x0fBG          \x14{\x13\x14Cu\x10M\x05       n{/\\x18 I<Q       \x0bR\	j068@        |9/4CD          T{2#=L\x0b         BN\x08.f($v[I      m%rdh\x16\\         ]elpHP^\x15FW"
+49bb: "\nX\x05            E\x06,\x1e?\x0f\x02\x03        \x01\x13k:\x11AOg        st\"57           \x1cunG\x1aq\x1d)ob\x0e     \x18\x1bV>Ky          xZ\x1f3\x071\x12\x10Y       \\'_`Q\x7f\x19J\-z      ;M*<            Sa\x17+\x04~w&i\x14c     U!"
+
+Prereqs:"Tutorial"
+
+Name:"Baku"
+
+Text:
+Lockitall                                     LOCKIT SecurePlus r a.01
+______________________________________________________________________
+
+User Manual: Lockitall LockIT SecurePlus, rev a.01
+______________________________________________________________________
+
+
+OVERVIEW
+
+- This lock contains military grade encryption to secure the lock.
+
+
+DETAILS
+
+The LockIT SecurePlus a.01  is the first of a new series of locks.
+It  is  controlled  by a  MSP430 microcontroller, and is the  most
+advanced  MCU-controlled lock available on the  market. The MSP430
+is a very low-power device which  allows the  LockIT SecurePlus to
+run in almost any environment.
+
+The LockIT SecurePlus contains a NFC reader allowing it to quickly
+read credentials from a smartphone, or any compatible device. This
+allows  LockIT  SecurePlus to use  complex  encrypted  credentials
+without encumbering the user.
+
+This   is  Software   Revision   01.  It is a  much more  advanced
+version of other locks due to the  adoption of  military  strength
+encryption, but the first Version A release.
+
+
+
+
+(c) 2022 LOCKITALL                                            Page 1/1
+
+X:200
+Y:780
+Rating:10
+Patch:""
diff --git a/readme.md b/readme.md
index 5dade64..e3f4409 100644
--- a/readme.md
+++ b/readme.md
@@ -43,3 +43,4 @@ Hopefully in the coming weeks I'll learn enough about malloc and free to get som
 
 ### 2022 Dec 11 PM:
     St. John's
+    Baku