Somebody set up us the bomb. Our only chance of survival is to input the disarm code. Unfortunately, the bomb is a really strange device.
From the provided tarball we recieve a unstripped 32-bit ELF binary, our "VM", and a ~900 byte file for our binary to interpret. Reversing the instructions used is trivial, but we couldn't be bothered debugging the thing in GDB.
So we messed around a bit with ltrace:
So, as long as a correct character has been entered we're greeted with another getchar(). From there we wrote an awful python script to brute the flag for us:
from pwn import *
import string
def main():
cool_string = ""
while True:
for cool_new_char in string.printable:
i = 0
p = process("timeout 0.05s ltrace ./vm chall.o", shell=True)
p.sendline(cool_string + cool_new_char)
getchar_found = False
while True:
try:
l = p.recvline()
except:
break
if "getchar" in l:
i += 1
getchar_found = True
if not "getchar" in l and getchar_found:
break
if (i > len(cool_string) + 1):
cool_string += cool_new_char
break
print cool_string + cool_new_char
p.close()
if __name__ == "__main__":
main()```