codezen.fr code hacking, zen coding

29Jan/12Off

GiTS 2012 In-memory 4004 Write-up

In this challenge, we have connect to a service running on port 4004 :

$ nc inmemory.final2012.ghostintheshellcode.com 4004
Written in memory of a great microprocessor.
Waiting for program...
Too slow!
great microprocessor.. port 4004.. waiting for program... Could this be an Intel 4004 emulator ?
Checking the documentation for the Intel 4004 we see it had a 4096 bytes PROM so we send 4096 bytes down the down and indeed:

Written in memory of a great microprocessor
Waiting for program...
Loading program onto PROM...
Executing program...
Cycle limit reached!
Exiting...
In-memory.. so it probably means the key is in the memory of the emulator. We use http://e4004.szyc.org/ a lot to design some code that will scan all the memory and send it to the ROM port.
Intel 4004 code:

init
        LDM 0
        DCL
  FIM R0R1, 0    ; initialize R0=R1=0
  FIM R2R3, 0    ; initialize R2=R3=0
  LDM 12         ; load 12 to accumulator
  XCH R2         ; initialize R2=12
loop1
  SRC R0R1       ; select register & address
        RDM            ; load accumulator from RAM
  WRR            ; write accumulator to ROM port
  ISZ R1, loop1  ; loop 16 times
        ISZ R0, loop1
  ISZ R2, loop1  ; loop 4 times
We use the assembler on the website to get the object code and we send this using a simple python program:

#!/usr/bin/env python

# aXs ^ Big-Daddy

import socket
import sys
import time

if len(sys.argv) != 3:
 print '\nUsage:\t./inmemory.py [host] [port]'
 sys.exit(1)

host = sys.argv[1]
port = int(