Microcorruption - Intro and Tutorial
Introduction
Microcorruption is a wargame that emulates a debugger with the goal of opening locks using a variety of different flaws. I have recently been going through these challenges and decided that I wanted to write about my experience and thoughts while going through each challenge. I will try to provide links to different resources as they are relevant for the challenges.
Here is the link to the microcorruption wargames if you’d like to try it yourself: Try it here
The website says this but make sure to save your progress on your pc so you don't lose it! Or keep good notes on how to solve them.
The first few challenge writeups are going to be made with knowledge of later challenges so I’m going to point out things that will become relevant later. That being said, I’m not going to focus on the basics of how the debugger operates. I would encourage you to do the tutorial for yourselves and come back as needed to see how I thought through the challenges. Keep in mind this is my perspective and understanding of each of the challenges so there could be mistakes along the way, this is just how I got to the answers.
Tutorial Challenge
I believe that the tutorial for the challenge covers how to get to the answer really well so I will use this section to point out a few important details that help with understanding later challenges.
1) On the assembler page, there are multiple useful resources. For now I would recommend reading through the “Lockitail Manual.” It will help especially with understanding how the <INT> (Interrupt) system works.
2) The “chip” that this system runs on is similar to the MSP430 microcontroller which is one of the other documents available on the assembler page. In this it describes an important piece of information about the hardware: it’s memory is stored in little endian format. Meaning to store the number #0x1234 it would actually be stored in the memory as #0x3412 with lower byte first. Here is a GeeksForGeeks article that explains it in more detail.
3) Lastly, the interrupt function works by first having the arguments pushed onto the stack in reverse order. So if the values 1, 2, and 3 were pushed in that order then 3 would be argument one, 2 would be argument 2, and 1 would be argument 3. This is important when crafting your own shellcode.
To give an example of how the interrupt function works I have commented the code from a later challenge:
1
2
3
4
446a: 0e12 push r14 // The third argument is pushed onto the stack
446c: 0f12 push r15 // The second argument is pushed onto the stack
446e: 3012 7d00 push #0x7d // The first argument (Interrupt code) is pushed onto the stack.
4472: b012 c446 call #0x46c4 <INT> // Interrupt function is called.
We’ll expand more on this as we go, but I wanted to show an example of this process happening in the code. Thank you for reading through this word heavy introduction but I look forward to this series!