Faculty of Science and Engineering
Coursework – 2020/21 Academic Year
Module Code: SEC204
Module Title: Computer Architecture and Low Level Programming
School: Computing, Electronics and Mathematics
SEC204 Coursework Assignment 2020/2021
Overview
This is individual coursework consisting of two tasks:
1. Hack/Unlock the ‘Tower of Hanoi’ game provided. To this end, you must reverse
engineer the binary code provided, analyse what it does and extract the
appropriate information [70%].
2. Write a small report describing methods and techniques to mitigate against
buffer overflow security exploit [30%].
Learning Outcomes
The above parts cover the following module learning outcomes, as described into
the module record on the DLE:
1. Interpret and manipulate assembly code via hardware debugging techniques
2. Apply reverse engineering techniques to identify main software flaws
3. Identify relevant countermeasures for main software flaws.
Part 1: Hack the Tower of Hanoi game
You are provided with a x86-64 binary file. This binary file runs only on Linux and
contains a well-known mathematical game / puzzle called ‘The Tower of Hanoi’. The
game is developed in the C programming language. To play the game you need to
type a valid username and password which are unknown. Your task is to extract the
username and password and thus unlock the game. To this end, you must reverse
engineer the binary file provided, analyse what it does and extract the information
needed. You are expected to use ‘gdb’ debugger, as you did in the ‘bomb’ lab session.
Assignment Brief
Assignment Title: Computer Architecture and Low Level
Programming - Coursework
Submission Deadline: Please check the DLE submission point
Submission: Online (DLE)
Contribution to Module Grade: 50%
Individual/Group Assignment: Individual
Module: SEC204
Module Leader: Dr Vasilios Kelefouras
This is an individual coursework. Collaboration with other students will be
considered as plagiarism and you may be required to attend a verbal examination
on request of the module leader.
The marking criteria are as follows (please see the rubric table below):
1. Extract the username. Justify the procedure followed. Provide the gdb
commands used to extract the username. [20 marks]
2. Extract the password. Justify the procedure followed. Provide the gdb
commands used to extract the username. [25 marks]
3. Unlock the next level of the game. Justify the procedure followed. Provide the
gdb commands used to extract the username. [25 marks]
Hint #1: the input is stored as an array of characters (1 byte each).
Hint #2: In the beginning of encrypt_phase2(), the values $0x236b6f23 and
$0x236b23 refer to ASCII characters [30 marks]
Marking criteria
Question.1