Boston Key Party 2017: memo - Change Password

Details

Article Index

Page 6 of 9

Change Password

 Before we change password, let's take a peek at what happens when we set the password.

 

 

Writing down the steps as follows:

 

  1. print message
  2. read 32 bytes into global username buffer
  3. ask if want to set pass
    1. Get 2 chars
    2. if not y, print ok and exit function
  4. print message
  5. read in 32 bytes into global password buffer
  6. print message

 

Pretty strait forward, just filling in global variables. As shown before, the username and password fields are right next to each other in the global address space and appear to each legitimately have 32 bytes of space.

 

Here's an example run of password change:

 

What's user name: user
Do you wanna set password? (y/n) y
Password must be set to 32 digits or less.
Password: test
Done! have a good day user

1. Leave message on memo
2. Edit message last memo
3. View memo
4. Delete memo
5. Change password
6. Quit.
>> 5

Password: test
New user name: user
New password: pass
Done! changed user by user

1. Leave message on memo
2. Edit message last memo
3. View memo
4. Delete memo
5. Change password
6. Quit.
>> 5

Password: pass
wrong password!

 

Interestingly, it does not accept the password that i just gave it as my new password. Sounds like something is a bit off here.

 

 

Looking at the first block, it reads in 32 bytes of input into a buffer, then string compares it against what's in the global variable. This seems normal enough. The second block checks the length of the existing username and password fields, then adds one and zeros that much space out. Strange and excessive calls in my opinion, but ok.

 

 

Finally, it goes into an iterative loop to get the new password... This is also strange since all the rest of the times we've gotten input as been simply read calls. In C, it would look something like this:

 

for (i = 0; i <= 32; i++) {

    cChar = getchar();

    if ( cChar == 0xff )

        break;

    if (cChar == 0xa)

        break;

    global_password[i] = cChar;

}

printf("Done! changed user by %s\n",global_username);

 

So basically, not only is it going to stop reading at the newline, it will also stop reading at 0xff. Perhaps this affected the solution you were supposed to use, but I didn't notice it affect my solution.

 

Note, however, that this read function does not null terminate. This is why the new password didn't work right. Given the way it is being read, this is overcome by simply using a null terminator in your new password. I.e.: instead of setting the password to "pass", set it to "pass\x00".