Requirements and Specifications
A valid password consists of up to 7 characters and must contain one lowercase letter, one uppercase letter, and one digit from 0-9. You are a security consultant for XYZ. Your job is to assess the security of their password-protected network. To enter their network, the user must pass the password checker. This is accomplished by calling a function and passing into the function a password string:
int check_password(char *passwd);
check_password returns a 7-digit integer of 0s and 1s to indicate which character was correct (0 to indicate a character was incorrect, 1 to indicate it is correct, and 2 to indicate it was not used). If the password entered is "aB2" and the passwd is "a11", then check_password returns the integer 2222100. If the password entered is "ab2", then check_password returns the integer 2222101.
To write an assembly language assignment function "hack_password" that will find the secret password stored in "check_password" by iterating through all possible combinations of a-z, A-Z, and 0-9 according to password rule given above and calling the function check_password to determine when the return value is all 1's and 2's (e.g., 2211111,
1111111, 2222111, etc...). Note that the correct password decoder returns an indicator that a character was not used as well. hack_password will print out the correct password.
arch armv7 br>
.cpu cortex-a53
password: .asciz "pA5SwD" @ internal password
@ check the password that contains lowercase, uppercase and digits by comparing
@ it with the internal password, returns the number with the comparison result
@ The function expects r0 = password to check
@ Returns r0 = ckeck result number
.global check_password
.type check_password, %function
push {r4-r7, fp, lr} @ save used registers
mov r4, r0 @ copy string address in r4
bl str_len @ calculate string length
mov r5, r0 @ save length in r5
ldr r0, =password @ load password string address
mov r7, r0 @ save pointer
bl str_len @ calculate string length
mov r6, r5 @ load test pwd len
mov r3, #0 @ start num in zero
mov r2, #6 @ maximum length - 1
mov r1, #10 @ to multiply by 10
cmp r2, r0 @ if i >= passwd len
blt low1
mul r3, r1, r3 @ multiply old number by 10
add r3, r3, #2 @ save current digit (not used)
cmp r2, r6 @ if i < test passwd len
bge chk1_next
sub r5, r5, #1 @ decrement test string length
add r4, r4, #1 @ increment test string start
b chk1_next
cmp r2, r6 @ if i >= test passwd len
blt compare
mul r3, r1, r3 @ multiply old number by 10 (save zero)
add r7, r7, #1 @ increment pwd string start
sub r2, r2, #1 @ decrement chars to check
cmp r2, #0 @ if i >= 0
bge chk1_loop @ repeat loop
mov r0, r5 @ loop length of test string
ldrb r1, [r4], #1 @ load char from tst password
ldrb r2, [r7], #1 @ load char from preset password
cmp r1, r2 @ compare chars
bne not_eq @ if equal
mov r2, #1 @ save a 1
b chk2_nxt
mov r2, #0 @ else, save a zero
mov r1, #10 @ to multiply by 10
mul r3, r1, r3 @ multiply old number by 10
add r3, r3, r2 @ save current digit
sub r0, r0, #1 @ decrement chars to check
cmp r0, #0 @ if not zero
bne chk2_loop @ repeat loop
mov r0, r3 @ return number
pop {r4-r7, fp, lr} @ restore used registers
bx lr @ return
@ Calculate the string length
@ Expects r0 = string address
@ Returns r0 = string length
.type str_len, %function
push {r4-r5,fp, lr} @ save used registers
mov r4, r0 @ copy string address
mov r0, #0 @ count of chars is zero
ldrb r5, [r4], #1 @ load char and advance position
cmp r5, #0 @ if end of string
beq len_end @ end loop
add r0, r0, #1 @ else increment length
b len_loop @ repeat loop
pop {r4-r5, fp, lr} @ restore used registers
bx lr @ return
.arch armv7
.cpu cortex-a53
pass: .space 8 @ max 7 chars + ending zero
result: .asciz "Password is: %s\n"
.type hack_password, %function
.global hack_password
push {r4, fp, lr} @ save used registers
ldr r0, =pass @ point to password string
mov r1, #7 @ clear 7 chars
bl zero_pass @ set pass as all zeros
ldr r0, =pass @ point to password string
bl get_pwd_len @ calculate password length
mov r4, r0 @ save length in r4
ldr r0, =pass @ point to password string
mov r1, r4 @ use found password length
bl zero_pass @ set pass as all zeros
ldr r0, =pass @ point to password string
bl is_correct @ test if current pass is correct
cmp r0, #0 @ if correct
bne gen_end @ end and print
mov r2, r1 @ pass correct mask
ldr r0, =pass @ point to password string
mov r1, r4 @ use given length
bl inc_pass @ increment previous password
b gen_loop @ test new password
ldr r0, =result @ load result message
ldr r1, =pass @ load generated password
bl printf @ print result
pop {r4, fp, lr} @ restore used registers
bx lr @ return
@ Generate a password with only zeros
@ Expects r0 = password address, r1 = password length
.type zero_pass, %function
mov r2, #'0' @ save 0's as initial pass
strb r2, [r0], #1 @ save initial char
sub r1, r1, #1 @ decrement length
cmp r1, #0 @ repeat while not zero
bne init
strb r1, [r0] @ save ending zero
bx lr @ return
@ Increment password, incrementing each char 0 to 9, then A to Z, then a to z
@ and start over to 0 incrementing next character if incrementing z
@ Expects r0 = password address, r1 = password length, r2 = correct mask
.type inc_pass, %function
add r0, r0, r1 @ point to last character
sub r0, r0, #1
and r3, r2, #1 @ check if current character is correct
cmp r3, #0
beq inc_char @ if not correct, increment
lsr r2, r2, #1 @ else, shift mask position
b chg_advance @ and go to next char
ldrb r3, [r0] @ load character
cmp r3, #'9' @ if last digit
beq chg_upper @ change to upper
cmp r3, #'Z' @ if last uppercase
beq chg_lower @ change to lowercase
cmp r3, #'z' @ if last lowercase
beq chg_next @ start over and change next
add r3, r3, #1 @ else, increment ascii
b inc_end @ and return
mov r3, #'A' @ use first uppercase
b inc_end @ and return
mov r3, #'a' @ use first uppercase
b inc_end @ and return
mov r3, #'0' @ wrap around
strb r3, [r0] @ save updated character
sub r0, r0, #1 @ advance to next char
sub r1, r1, #1 @ decrement length
cmp r1, #0
bne inc_loop @ repeat if not zero
b inc_ret
strb r3, [r0] @ save updated character
bx lr @ return
@ get password length by using a test string
@ Expects r0 = password address
@ Returns r0 = password length
.type get_pwd_len, %function
push {r4-r6, fp, lr} @ save used registers
bl check_password @ check the password
mov r1, #10 @ to divide by 10
mov r2, #0 @ length is zero
mov r3, #7 @ check 7 digits
udiv r4, r0, r1 @ divide number by 10
mul r5, r4, r1 @ multiply result by 10
sub r6, r0, r5 @ subtract to get remainder
cmp r6, #2 @ if unused
beq len_end @ end loop
add r2, r2, #1 @ else, increment length
mov r0, r4 @ save quotient as number
sub r3, r3, #1 @ decrement digits
cmp r3, #0 @ repeat while not zero
bne len_loop
mov r0, r2 @ return length
pop {r4-r6, fp, lr} @ restore used registers
bx lr @ return
@ Check if password is correct
@ Expects r0 = password address
@ Returns r0 = 1 if correct, 0 if not, r1 = correct mask
.type is_correct, %function
push {r4-r7, fp, lr} @ save used registers
bl check_password @ check the password
mov r1, #10 @ to divide by 10
mov r2, #1 @ assume correct
mov r3, #0 @ current digit =0
mov r7, #0 @ start mask as all not correct
udiv r4, r0, r1 @ divide number by 10
mul r5, r4, r1 @ multiply result by 10
sub r6, r0, r5 @ subtract to get remainder
cmp r6, #1 @ if correct
beq save_bit @ save bit 1
cmp r6, #0 @ if incorrect
bne save_zero
mov r2, #0 @ set as incorrect
mov r6, #0 @ else, save zero
lsl r6, r6, r3 @ move to bit position
orr r7, r7, r6 @ set correct bit
mov r0, r4 @ save quotient as new number
add r3, r3, #1 @ increment digits
cmp r3, #7 @ repeat while not 7
blt tst_loop
mov r0, r2 @ return correct flag
mov r1, r7 @ return correct mask
pop {r4-r7, fp, lr} @ restore used registers
bx lr @ return
Main program
extern int hack_password();
int main(int argc, char **argv)
return 0;
