Hex: :10 4400 00 55425C0135D0085A8245602831400044 4D :10 4410 00 3F4060000F930824924260285C012F83 84 :10 4420 00 9F4F28470024F8233F4000040F930724 A0 :10 4430 00 924260285C011F83CF436024F9233150 EE :10 4440 00 C0FF3F404046B012A4453F406646B012 10 :10 4450 00 A4453D4000040E433F406024B012D445 C3 :10 4460 00 3E40FF033F406024B01286455B426024 1B :10 4470 00 8B105F4261240BDF5A4263240B930334 99 :10 4480 00 3B9001F005283F408246B012A445DD3F 35 :10 4490 00 1BB305243F40B646B012A445D63F0F4A 91 :10 44A0 00 3F50FAFF3F90BB0305283F40CD46B012 76 :10 44B0 00 A445CB3F3D4040000E4A3E5060240F41 92 :10 44C0 00 B012C2450C410D4A3E4060243F404024 9A :10 44D0 00 B01252451F9305243F40E446B012A445 54 :10 44E0 00 B43F3F400447B012A4450D4A3E406424 07 :10 44F0 00 0F4BB012C2458B12A83F32D0F000FD3F E7 :10 4500 00 30403E461F41020002124F4F8F103FD0 F5 :10 4510 00 0080024FB0121000324130410D120E12 D5 :10 4520 00 0F1230123000B0120445315230410D12 DA :10 4530 00 0E120F1230123100B012044531523041 C8 :10 4540 00 0D120E120F1230123200B01204453152 09 :10 4550 00 30410B1204120441245221838443FAFF 98 :10 4560 00 3B40FAFF0B540B120C120D120E120F12 DD :10 4570 00 30123300B01204451F44FAFF31500E00 D0 :10 4580 00 34413B4130410E120F122312B0120445 48 :10 4590 00 3150060030418F110F120312B0120445 42 :10 45A0 00 215230410B120B4F033C1B53B0129645 66 :10 45B0 00 6F4B4F93FA237F400A00B01296453B41 60 :10 45C0 00 30410C4F043CFC4E00001C533D530D93 F6 :10 45D0 00 FA2330410B120A12091208123D900600 0C :10 45E0 00 092C0C4F043CCC4E00001C533D530D93 42 :10 45F0 00 FA23203C4E4E4B4E0B9303240C4B8C10 55 :10 4600 00 0BDC1FB306243D53CF4E0000094F1953 56 :10 4610 00 013C094F0C4D12C30C100A49084C8A4B 3F :10 4620 00 00002A533853FB230C5C0C591DF30224 61 :10 4630 00 CC4E0000384139413A413B4130410013 F2 :10 4640 00 57656C636F6D6520746F207468652073 A7 :10 4650 00 65637572652070726F6772616D206C6F 33 :10 4660 00 616465722E00506C6561736520656E74 BF :10 4670 00 6572206465627567207061796C6F6164 32 :10 4680 00 2E004C6F61642061646472657373206F E7 :10 4690 00 75747369646520616C6C6F7765642072 F2 :10 46A0 00 616E6765206F66203078383030302D30 8D :10 46B0 00 7846303030004C6F6164206164647265 0C :10 46C0 00 737320756E616C69676E656400496E76 00 :10 46D0 00 616C6964207061796C6F6164206C656E D7 :10 46E0 00 67746800496E636F7272656374207369 E2 :10 46F0 00 676E61747572652C20636F6E74696E75 78 :10 4700 00 696E67005369676E6174757265207661 C2 :10 4710 00 6C69642C20657865637574696E672070 B8 :08 4720 00 61796C6F61640000 17 Strings: :10 4728 00 70C3679B43365CA01131991CC462135B 4C :10 4738 00 ECAE7DF973D62B163C05C679746CE52F 63 :10 4748 00 08218D19996D174F147F157B9F2C8011 A7 :10 4758 00 4AB3D2D12532D2EAB925616146A815BE 3D :10 4768 00 08218D19996D174F147F157B9F2C8011 87 :10 4778 00 4AB3D2D12532D2EAB925616146A815BE 1D Exception_Vectors: :10 FF80 00 00450045004500450045004500450045 49 :10 FF90 00 00450045004500450045004500450044 3A Start: :04 0000 03 00004400 B5 What: ; does this do? :00 0000 01 FF Obj: 0010 <__trap_interrupt> 0010: 3041 ret 4400 <__watchdog_support> 4400: 5542 5c01 mov.b &0x015c, r5 4404: 35d0 085a bis #0x5a08, r5 4408: 8245 6028 mov r5, &0x2860 440c <__init_stack> 440c: 3140 0044 mov #0x4400 <__watchdog_support>, sp 4410 <__do_copy_data> 4410: 3f40 6000 mov #0x60, r15 4414: 0f93 tst r15 4416: 0824 jz #0x4428 <__do_clear_bss+0x0> 4418: 9242 6028 5c01 mov &0x2860, &0x015c 441e: 2f83 decd r15 4420: 9f4f 2847 0024 mov 0x4728(r15), 0x2400(r15) 4426: f823 jnz #0x4418 <__do_copy_data+0x8> 4428 <__do_clear_bss> 4428: 3f40 0004 mov #0x400, r15 442c: 0f93 tst r15 442e: 0724 jz #0x443e 4430: 9242 6028 5c01 mov &0x2860, &0x015c 4436: 1f83 dec r15 4438: cf43 6024 mov.b #0x0, 0x2460(r15) 443c: f923 jnz #0x4430 <__do_clear_bss+0x8> 443e
;? char sig_buf[64]; // >=> sp 443e: 3150 c0ff add #0xffc0, sp ;* puts ("Welcome to the secure program loader."); 4442: 3f40 4046 mov #0x4640 "Welcome to the secure program loader." r15 4446: b012 a445 call #0x45a4 ;* while (1) continue: ;* puts ("Please enter debug payload."); 444a: 3f40 6646 mov #0x4666 "Please enter debug payload." r15 444e: b012 a445 call #0x45a4 ;? u8 buf[0x400]; // >=> 0x2460 ;* memset (buf, 0, 0x400); 4452: 3d40 0004 mov #0x400, r13 4456: 0e43 clr r14 4458: 3f40 6024 mov #0x2460, r15 445c: b012 d445 call #0x45d4 ;* getsn(buf, 0x3ff); 4460: 3e40 ff03 mov #0x3ff, r14 4464: 3f40 6024 mov #0x2460, r15 4468: b012 8645 call #0x4586 ;* void * loadaddr /* r11 */ = (buf[0] << 8) + (buf[1]); 446c: 5b42 6024 mov.b &0x2460, r11 4470: 8b10 swpb r11 4472: 5f42 6124 mov.b &0x2461, r15 4476: 0bdf bis r15, r11 ;! byte index 0x2 goes unused! ;*size_t len = buf[3]; 4478: 5a42 6324 mov.b &0x2463, r10 ;*if (0x8000 > loadaddr || loadaddr >= 0xf001) 447c: 0b93 tst r11 447e: 0334 jge #0x4486 4480: 3b90 01f0 cmp #0xf001, r11 4484: 0528 jnc #0x4490 ;* puts ("Load address outside allowed range of 0x8000-0xF000"); 4486: 3f40 8246 mov #0x4682 "Load address outside allowed range of 0x8000-0xF000" r15 448a: b012 a445 call #0x45a4 ;* continue; 448e: dd3f jmp #0x444a ;* if (loadaddr & 1) 4490: 1bb3 bit #0x1, r11 4492: 0524 jz #0x449e ;* puts ("Load address unaligned"); 4494: 3f40 b646 mov #0x46b6 "Load address unaligned" r15 4498: b012 a445 call #0x45a4 ;* continue; 449c: d63f jmp #0x444a ;* if (len - 6 > 0x3bb) 449e: 0f4a mov r10, r15 44a0: 3f50 faff add #0xfffa, r15 44a4: 3f90 bb03 cmp #0x3bb, r15 44a8: 0528 jnc #0x44b4 ;* puts ("Invalid payload length"); 44aa: 3f40 cd46 mov #0x46cd "Invalid payload length" r15 44ae: b012 a445 call #0x45a4 ;* continue; 44b2: cb3f jmp #0x444a ;* memcpy (sig_buf, buf+len, 0x40) 44b4: 3d40 4000 mov #0x40, r13 44b8: 0e4a mov r10, r14 44ba: 3e50 6024 add #0x2460, r14 44be: 0f41 mov sp, r15 44c0: b012 c245 call #0x45c2 ;* verify_ed25519 (ed25519_pubkey /*0x2440*/, buf /*0x2460*/, size /*r10*/, sig_buf /*sp*/); 44c4: 0c41 mov sp, r12 44c6: 0d4a mov r10, r13 44c8: 3e40 6024 mov #0x2460, r14 44cc: 3f40 4024 mov #0x2440, r15 44d0: b012 5245 call #0x4552 ;* if (result != 0x1) 44d4: 1f93 cmp #0x1, r15 44d6: 0524 jeq #0x44e2 ;* puts ("Incorrect signature, continuing"); 44d8: 3f40 e446 mov #0x46e4 "Incorrect signature, continuing" r15 44dc: b012 a445 call #0x45a4 ;* continue; 44e0: b43f jmp #0x444a ;* puts ("Signature valid, executing payload"); 44e2: 3f40 0447 mov #0x4704 "Signature valid, executing payload" r15 44e6: b012 a445 call #0x45a4 ;* memcpy ( loadaddr /*dest*/, buf + 0x4 /*src*/, len /*size*/); 44ea: 0d4a mov r10, r13 44ec: 3e40 6424 mov #0x2464, r14 44f0: 0f4b mov r11, r15 44f2: b012 c245 call #0x45c2 ;* payload (); 44f6: 8b12 call r11 ;* continue; 44f8: a83f jmp #0x444a 44fa <__stop_progExec__> 44fa: 32d0 f000 bis #0xf0, sr 44fe: fd3f jmp #0x44fa <__stop_progExec__+0x0> 4500 <__ctors_end> 4500: 3040 3e46 br #0x463e <_unexpected_> 4504 4504: 1f41 0200 mov 0x2(sp), r15 4508: 0212 push sr 450a: 4f4f mov.b r15, r15 450c: 8f10 swpb r15 450e: 3fd0 0080 bis #0x8000, r15 4512: 024f mov r15, sr 4514: b012 1000 call #0x10 4518: 3241 pop sr 451a: 3041 ret 451c 451c: 0d12 push r13 451e: 0e12 push r14 4520: 0f12 push r15 4522: 3012 3000 push #0x30 4526: b012 0445 call #0x4504 452a: 3152 add #0x8, sp 452c: 3041 ret 452e 452e: 0d12 push r13 4530: 0e12 push r14 4532: 0f12 push r15 4534: 3012 3100 push #0x31 4538: b012 0445 call #0x4504 453c: 3152 add #0x8, sp 453e: 3041 ret 4540 4540: 0d12 push r13 4542: 0e12 push r14 4544: 0f12 push r15 4546: 3012 3200 push #0x32 454a: b012 0445 call #0x4504 454e: 3152 add #0x8, sp 4550: 3041 ret 4552 4552: 0b12 push r11 4554: 0412 push r4 4556: 0441 mov sp, r4 4558: 2452 add #0x4, r4 455a: 2183 decd sp 455c: 8443 faff clr -0x6(r4) 4560: 3b40 faff mov #0xfffa, r11 4564: 0b54 add r4, r11 4566: 0b12 push r11 4568: 0c12 push r12 456a: 0d12 push r13 456c: 0e12 push r14 456e: 0f12 push r15 4570: 3012 3300 push #0x33 4574: b012 0445 call #0x4504 4578: 1f44 faff mov -0x6(r4), r15 457c: 3150 0e00 add #0xe, sp 4580: 3441 pop r4 4582: 3b41 pop r11 4584: 3041 ret 4586 4586: 0e12 push r14 4588: 0f12 push r15 458a: 2312 push #0x2 458c: b012 0445 call #0x4504 4590: 3150 0600 add #0x6, sp 4594: 3041 ret 4596 4596: 8f11 sxt r15 4598: 0f12 push r15 459a: 0312 push #0x0 459c: b012 0445 call #0x4504 45a0: 2152 add #0x4, sp 45a2: 3041 ret 45a4 45a4: 0b12 push r11 45a6: 0b4f mov r15, r11 45a8: 033c jmp #0x45b0 45aa: 1b53 inc r11 45ac: b012 9645 call #0x4596 45b0: 6f4b mov.b @r11, r15 45b2: 4f93 tst.b r15 45b4: fa23 jnz #0x45aa 45b6: 7f40 0a00 mov.b #0xa, r15 45ba: b012 9645 call #0x4596 45be: 3b41 pop r11 45c0: 3041 ret 45c2 45c2: 0c4f mov r15, r12 45c4: 043c jmp #0x45ce 45c6: fc4e 0000 mov.b @r14+, 0x0(r12) 45ca: 1c53 inc r12 45cc: 3d53 add #-0x1, r13 45ce: 0d93 tst r13 45d0: fa23 jnz #0x45c6 45d2: 3041 ret 45d4 45d4: 0b12 push r11 45d6: 0a12 push r10 45d8: 0912 push r9 45da: 0812 push r8 45dc: 3d90 0600 cmp #0x6, r13 45e0: 092c jc #0x45f4 45e2: 0c4f mov r15, r12 45e4: 043c jmp #0x45ee 45e6: cc4e 0000 mov.b r14, 0x0(r12) 45ea: 1c53 inc r12 45ec: 3d53 add #-0x1, r13 45ee: 0d93 tst r13 45f0: fa23 jnz #0x45e6 45f2: 203c jmp #0x4634 45f4: 4e4e mov.b r14, r14 45f6: 4b4e mov.b r14, r11 45f8: 0b93 tst r11 45fa: 0324 jz #0x4602 45fc: 0c4b mov r11, r12 45fe: 8c10 swpb r12 4600: 0bdc bis r12, r11 4602: 1fb3 bit #0x1, r15 4604: 0624 jz #0x4612 4606: 3d53 add #-0x1, r13 4608: cf4e 0000 mov.b r14, 0x0(r15) 460c: 094f mov r15, r9 460e: 1953 inc r9 4610: 013c jmp #0x4614 4612: 094f mov r15, r9 4614: 0c4d mov r13, r12 4616: 12c3 clrc 4618: 0c10 rrc r12 461a: 0a49 mov r9, r10 461c: 084c mov r12, r8 461e: 8a4b 0000 mov r11, 0x0(r10) 4622: 2a53 incd r10 4624: 3853 add #-0x1, r8 4626: fb23 jnz #0x461e 4628: 0c5c add r12, r12 462a: 0c59 add r9, r12 462c: 1df3 and #0x1, r13 462e: 0224 jz #0x4634 4630: cc4e 0000 mov.b r14, 0x0(r12) 4634: 3841 pop r8 4636: 3941 pop r9 4638: 3a41 pop r10 463a: 3b41 pop r11 463c: 3041 ret 463e <_unexpected_> 463e: 0013 reti pc 4640 .strings: 4640: "Welcome to the secure program loader." 4666: "Please enter debug payload." 4682: "Load address outside allowed range of 0x8000-0xF000" 46b6: "Load address unaligned" 46cd: "Invalid payload length" 46e4: "Incorrect signature, continuing" 4704: "Signature valid, executing payload" Prereqs:"Churchill" Name:"St. John's" Text: """ Lockitall LOCKIT 2 r A.01 ______________________________________________________________________ User Manual: Lockitall LockIT 2, rev a.01 ______________________________________________________________________ OVERVIEW - The firmware has been updated to resolve a vulnerability. DETAILS The LockIT 2 A.01 is the second of a new series of locks. It is controlled by a MSP430 microcontroller. The MSP430 is a very low- power device, chosen because we found several crates of old stock. This lock only accepts biometric and NFC inputs, and does not have a traditional password prompt. To support rapid development cycles this lock accepts a program from the old password input prompt. 800000063041f23630084d78f18b0ef369693ebdb5eaf1290b3cb4a69815345a0d e53b9bb6cc7de3c46159a7af7c91c28a3d3691309822290d9c6482fefc03cbbcff 35ce9708 This is Hardware Version Beta. This is Software Revision 04. (c) 2021 LOCKITALL Page 1/1 """ X:170 Y:325 Rating:20 Patch:""