Set

2 (IPC 1)
This is for the IPC that was delayed by an hour, because we had
to re-write questions for you guys.

Question 1
Question description

This question required you to write out the function that was
transforming the given input into its corresponding output.

Answer

The function computed the Fibonacci sequence of the given

length. And since we asked for code, a sample implementation
in C goes like this :

int fib(int n) {
if (n == 0) {
return 0;
} else if (n == 1) {
return 1;
} else {
return fib(n - 1) + fib(n - 2);
}
}

Question 2
Question description

This question involved a cipher which was used to encrypt the

input text. What you were required to do was give us the input
string that would result in an output of
vrroiczhqiawzcfpnngslcpqpsgqqmkvhe.

Answer

The cipher we used was a Vigenere cipher, with the key

highway. After encrypting, the string was reversed. So the
required answer (you can check), was :
eloeejsgwikhvnskghhyezatciabcmhljo

Question 3
Question description

This was a slightly theoretical question. Ostensibly, there was a

string Helloworld, and you were asked for an integer input. If the
integer was within the range of the length of the string, the
letter at the index corresponding to the integer, was
incremented by 1. So if the input was 1, the output string was
Hflloworld, and so on.

Except on the input of 3. The question asked you why there was
a segmentation fault on the input of 3.

Answer

To answer this, you would have needed to delve into the

assembly. Internally, there were two strings.

char a[] = "Helloworld";

char *b = "Helloworld";
Now, an ELF executable has various sections. The .text section
is where the code exists, the .data section is where global
variables are stored, and so on. Now, there is another section
called .rodata . For read-only data.

The first string, char a[] = "Helloworld" was allocated on the

stack. This is where local variables are allocated. And since local
variables are mutable, similarly, you could edit this string, and
there was no error.

On the other hand, in the second string char *b = "Helloworld"

b is actually a pointer to an immutable or constant string in the
.rotata section. So when you try to change values that b points
to, you are trying to modify data in a read-only section. And so,
since you don't have permission to do so, you get a
segmentation fault.

And yeah, there was an if condition, but not like how some
people thought.

if (i == 3) {
b[i] += 1;
} else if (i >= 0 || i < strlen(a)) {
a[i] += 1;
}

Question 4
Question description

The last question. For anyone who even tried to solve this, you
probably saw a string which basically said that, if you solved this
question entirely, you'd be inducted into CRUx, no questions
asked.

No one solved it, though.

The question was, I'd say, "inspired", by the famous "bombs lab"
pattern of problems. Google will be better able to tell you what
they are.

Anyway, specific to this question, you were basically required to

input 5 different passwords, to defuse a bomb, and save the day.

Answer

One

The first answer was sort-of obvious. A lot of people got this one.
Even something as simple as opening the executable in Gedit,
would get you the answer. The string was This is Arsenal,
Arsenal FC.

Two

This is where it starts to get interesting. You would need to start

actual disassembly. The objdump command would be your friend
here. A simple man-page lookup would tell you that the most
useful usage for this case would be objdump -drS q_4

Looking through the output, you can see that main calls
phase_1 , phase_2 and so on. Since we're in phase_2 , we look
at it's code. We see that it calls a util_1 function. Looking into
that funcion, we see that it calls the C library function sscanf .
Looking at the parameters that it takes, we see that the second
parameter is the format string (like your %d for scanf). And the
second parameter that has been passed to sscanf here is a
pointer. Looking at the memory location of the pointer, we see a
string of 8 %d. So we know that the input is 8 integers. Looking
back in the phase_2 function, we see that there's a for loop,
which builds a sequence. Something that looks like

a[i] = a[i - 1] + (i / 2) + (a[i - 1] / 2);

And that the first number needs to be 1. So the password would

be

1 1 2 4 8 14 24 39

Three

Similarly, we find that we need 2 integers here. And the relations

is that the second integer needs to be (considering them to be a
and b) :

...
if (b != func(a)) {
explode_bomb();
}
...
...
int func(int a) {
int c = 10000000;
if (a < 2) {
return 1;
} else {
return ((func(a - 1) % c) + (func(a - 2) % c)) % c;
}
}

So the password could be something like

 2 2

Four

This phase required you to input 2 integers and 1 character. %d

%d %c

Depending on the character (c), various operations were

performed on the two integers (a and b), and then they were
compared to a target value. If not equal, the bomb exploded.

The target value was kept at 30.

if (c == 'd') {
if (a + b != target) {
explode_bomb();
}
} else if (c == 'c') {
if (a - b != target) {
explode_bomb();
}
} else if (c == 'b') {
if (a * b != target) {
explode_bomb();
}
} else if (c == 'a') {
if (b == 0 || a / b != target) {
explode_bomb();
}
}

So a possible password could be something like

20 20 d
Five

So you thought this one was simple, right? ilovecandy ? You

think it would be that easy?

There was a simple shift cipher involved. Caesar cipher, with a

shift of 2. So your password would be shifted by 4, and
compared to ilovacandy

So the answer would be

gjmtcaylbw