syclops
commented
9 years ago Way to spoil the fun for everyone else.
Closed bartavelle closed 9 years ago
syclops
commented
9 years ago Way to spoil the fun for everyone else.
bartavelle
commented
9 years ago I took care not to post the solution, so you are still free to try it the hard way.
I filled this issue quickly and laconically in the hopes that it wouldn't be hard for the author to replace the strlen with a loop using a fixed number of steps. The cool thing about this obfuscation scheme, if I understand it correctly, is that it should not be possible to differentiate between conditional branches just by counting instructions.
syclops
commented
9 years ago Hopefully the author does replace it. But in general even mentioning what you did in the first comment can leak some information, so I'd be careful. It's always more fun to let everyone take a shot with a blank slate. :)
xoreaxeaxeax
commented
9 years ago Thanks, added a new version; same as original, but with a new key and constant time strcmp. Should prevent the easiest solutions.
bartavelle
commented
9 years ago great !
You should have used something that can't be trivially solved with instruction counting. A fixed
memcmpwould require more work.