
I was asked to crack a program in a job interview - m00dy
http://erenyagdiran.github.io/I-was-just-asked-to-crack-a-program-Part-1/
======
davidgerard
Real-life tests are _THE_ best thing to send job candidates. It scales well
(you don't have to spend personal hours on them) and you get real information.

This applies even to sysadmins. We have a favourite: set up a VM with a
slightly-broken application in a slightly-broken Apache and Tomcat, and get
them to ssh in and document the process of fixing it. Even people who aren't a
full bottle on Tomcat will give useful information, because we get an insight
into their thought processes. I recommend this to all.

(I note we've just done a round of interviews where we get a nice-looking CV
and conduct a technical grilling. Hideous waste of time for everyone involved.
All CVs should be regarded, on the balance of probabilities, as works of
fiction. Do a remote self-paced test like this. You won't regret it.)

~~~
psychometry
It's an effective strategy from the employer's side, but what about the
applicant who is asked to spend hours on some test for every job he/she
applies for? Are you paying these applicants for the time they spend jumping
through these hoops?

And if your "technical grilling" fails to identify strong candidates, you're
obviously asking the wrong questions or, at the very least, not asking the
right ones.

~~~
bguthrie
As a candidate, I'd much rather they ask; I find that companies that don't ask
for code are almost by definition unlikely to ask the right questions. If you
must screen candidates for skillset, the less you have to rely on a proxy for
that skillset the better off you are. As an employer, I find code samples
irreplaceable, and I'm comfortable screening out candidates who decline to
take the challenge out of principle or limited time.

~~~
rqebmm
I agree, but the OP does raise a good point that employers need to manage how
long it will take to answer the questions for a qualified applicant.

------
meepmorp
> Here is the first thing i typed in the terminal

root@lisa:~# ./CrackTheDoor

Um. I see at least one security issue already.

~~~
scott_karana
Not sure why you're getting downvoted, but debugging a "crack me" app _while
running as root_ is probably a bad idea.

Even if this is inside a VM, it might give the wrong message to someone
wanting to try this for themselves.

~~~
eyeareque
You could also attack the VM:

[http://www.cvedetails.com/vulnerability-
list/vendor_id-93/pr...](http://www.cvedetails.com/vulnerability-
list/vendor_id-93/product_id-20406/Oracle-Vm-Virtualbox.html)

~~~
jfoster
Given this, what is the best first step? Best we can tell, he was running root
in a VM that was running as an ordinary user. What more can be done, aside
from running it on a throwaway machine? Running on a cloud instance, perhaps?

~~~
scott_karana
Perhaps a LiveCD/LiveUSB, with a VM inside of it?

Then a compromise would need to be:

Local VM user -> root VM user -> local LiveCD user -> root liveCD user ->
hardware exploits

------
superuser2
This is Intro to Systems homework at UChicago (the course is heavily based on
CMU's equivalent.) You're given a personalized binary that asks for a series
of passwords to complete each level. If you get a password wrong, it phones
home to a server run by the professor and decrements your grade.

The point is to teach you to reason about assembly using GDB. You can pretty
trivially set a breakpoint at the phoning-home routine so that you never
actually lose any points; then it's just a question of thinking and reading
hard enough before the deadline arrives.

Levels range from very simple string comparison, to arithmetic, to pretty
weird tricks.

It was about the most memorable homework assignment I've ever done.

~~~
TheCapn
How did it identify you as a student? Couldn't you alter the routine to bomb
someone else's grade?

~~~
superuser2
You get a customized binary tied in a server-side database to your campus
single-sign-on identity. Everyone gets different passwords, and the passwords
are validated server-side to make sure you didn't just GOTO the success
reporting routine.

There could easily have been a secret embedded in each bomb, reported on
defusal or detonation, to prevent people from detonating each other. The
project was graded on an absolute rather than relative scale, so there was
little incentive to spend time on something other than defusing your own bomb.

(The project was called "the binary bomb." We all had a great time telling our
friends that we were up all night at the library defusing a bomb.)

~~~
x1798DE
Do you know if they did anything to mitigate replay attacks? If not, you could
potentially capture someone's first call-hope and replay it until they fail.

Presumably no one would want to, but people still like messing with one
another for fun. Also, if you discover a vulnerability like that, you could
plausibly claim that someone exploited it to bomb your grade, particularly if
you used it against a bunch of people.

~~~
superuser2
You would have to be in a position to pcap another person's attempt, which
would itself be a fairly intense project on a WPA2-EAP network.

Definitely worthy of glory, but probably harder than just doing the project.

------
pkaye
I don't know where you find candidates that can even approach this level of
skill or desire to solve puzzles. Most people I interview struggle with a few
lines C program coding.

~~~
harry8
You want experts? Try paying them like they're in the top 1% of their field
and their work is worth at least 10 times if not 100 times the average salary
to many employers. Make an effort to actually, you know, compete to get them.

The market for programmers is really inefficient for pay. Google has exploited
that to the max and succeeded hiring a lot of very talented engineers at rates
you pay for average tax accountants and attourneys. Just like the way they
exploited Free software licensing by expempting themselves from the publish
part by distributing access to the software not the software itself. That's
their two best tricks right there.

Where they crossed the line massively is when they engaged in a criminal
conspiracy with Apple et al to act in a cartel keep those wages down. This in
addition to all the other legal ways they try pushing the market down when it
really should be a sellers market. Andrew Moreton paid less than a football
player of similar standing? How about 2 orders of magnitude less.

~~~
dllthomas
It doesn't take experts - and shouldn't take top 1% salary - to know how to
count the set bits in a word or reverse a string in place.

------
freehunter
Really nice overview of the process. I was hoping to get into debugging and
breaking code, but my career took a wild turn away from that part of the job.
It's still something I would like to learn, so I'm reading as much about it as
I can.

I'm going to take this way off topic here, but it's a curiosity of mine.
Please don't take this as an insult; it seems to be very common and as a
language learner myself I'm just wondering where it comes from.

 _At first , it looks..._

 _analyze.Lets..._

 _debugger.Therefore , there..._

 _mode.In my opinion , Intel..._

 _So , those lines will basically scan the memory , if there is a 0xCC , it
will crash your program and such ..._

Specifically in these examples, I'm seeing a missing space between a period
and the next word, as well as a space before a comma. As English is one of my
native languages, I'm not sure how people go about learning English or what
resources are available to anyone learning English.

I've noticed this with a lot of English as a second language speakers, and it
doesn't seem to matter what their original language is. In this case, Spanish,
but I've seen native Russian and Japanese speakers with the same thing. Can
anyone tell me why this is?

~~~
Swizec
As far as I know, punctuation association rules are the same in all indo-
european languages. Most of them bind to the left and have a space to the
right. Emdash, and ... have two spaces, and endash and apostrophe have no
spaces.

But people struggle with this. I distinctly remembering practicing this in
class when prepping for matura (Slovenian version of SATs) so _I guess_ it
isn't inherently obvious to everyone.

~~~
dragonwriter
> Emdash, and ... have two spaces, and endash and apostrophe have no spaces.

In English, Em-dashes have a couple of different uses, but in the most common
use they are usually set closed (no spaces on either end), though some styles
set them with a space on either end. En-dashes have one use (similar to that
of em-dashes, which is used varies by house style) where they are usually set
open, and a number where they are usually set closed.

Given that the rules for these marks aren't particularly consistent, or even
fixed, in English, I think its safe to say they aren't consistent for the same
piece of punctuation across all uses in all Indo-European languages.

~~~
Swizec
Your description leads me to believe I confused emdashes and endashes again.
Happens every time.

------
AlyssaRowan
Crackmes (as they're known) can be kind of fun.

The late Katja Kladnik once sent me a diskful of 'crackme' virii. I tried to
deadlist one of them; it _infected_ me when I did, and dared me to try a less
obvious approach.

Mangled symbol table => buffer overflow in debugger => arbitrary code.
_Sneaky_.

~~~
creamyhorror
Your comment prompted me to look up Katja Kladnik. I hadn't expected her to
have passed in (edited) _1995_.

[http://spth.virii.lu/coderz1/lucky.html](http://spth.virii.lu/coderz1/lucky.html)
[http://www.st-news.com/rex.htm#lucky](http://www.st-news.com/rex.htm#lucky)

The e-zine this is from
([http://spth.virii.lu/coderz1/](http://spth.virii.lu/coderz1/) /
[http://vxheavens.com/vx.php?fid=177](http://vxheavens.com/vx.php?fid=177))
was pretty interesting, too. Harks back to the time of small, independent
online communities with dark webpage backgrounds.

~~~
AlyssaRowan
I miss her. :(

------
wyc
This reminds me of the popular binary bomb lab offered in some computer
architecture courses:
[http://csapp.cs.cmu.edu/public/labs.html](http://csapp.cs.cmu.edu/public/labs.html)

~~~
mathrat
Haha, if that's the one I remember you could completely trivialize that lab by
fiddling with the program counter in gdb (skipping the line that sets off the
bomb). Don't know if they were able to fix that in later versions of the lab.
Good times, thanks for reminding me.

~~~
elektronjunge
When I did that, it seemed like it was intentional. You could only get to the
portions that signal success to the server by cracking parts of the bomb which
was what we were graded on. The "don't let it explode" part was really the hey
here's how you can use gdb to stop your program before it does anything
serious.

~~~
CocaKoala
Yeah, I thought that's how everybody did it; when my class was assigned the
project, we lost half a percentage point off our final grade for each time the
bomb exploded. We very quickly learned to do things like "b explode_bomb".

------
joezydeco
That's some impressive work. But then...

 _" The company send me another crack me for round 2 :) That's also
interesting.."_

That wasn't enough to get the job?

~~~
scintill76
This is similar to about level 2 or 3, out of 5, of some cracks I've done for
security CTF (capture the flag) competitions. Almost every competitive
team/individual will solve this pretty easily, and I haven't even been in the
elite competitions where it probably gets much harder. So, I would expect
there are harder cracks or exploits, if the company wants to hire the best.

By the way, if this sort of thing interests anyone, look into security CTF
competitions. You'll probably have to read some tutorials to learn, but CTF's
will give the opportunity to apply what you've learned.

------
jsaxton86
Does this guy have any idea how hard it is to come up with good interview
questions? By posting the question and solution online (complete with an
md5sum and everything!), he has ruined the question, and his employer will now
need to spend a significant amount of time coming up with another way to
evaluate candidates.

~~~
lotsofcows
Ah, the good old security through obscurity technique!

------
enjoy-your-stay
Looks like he was doing this on Linux.

A quick experiment shows me that you can call ptrace(PTRACE_TRACEME,..) on OSX
multiple times without it failing (the constant is actually PT_TRACE_ME on
darwin). I wonder if that's the same for all BSDs ?

Interesting and educational writeup though, and just the thing to get me
tinkering myself!

~~~
justincormack
presumably it was a linux binary...

------
ckaygusu
I also tried to crack exactly this program a while ago. The company (I believe
it is MilSoft, one of the most reputable software companies in Turkey) sent
this challenge to university students to hire a part-time CS student.
Nevertheless, this was the first time I've ever attempted to crack something
and while I had little to no idea what was going on, it was a very thrilling
experience. I think I went on 14 hours without taking a break.

I began by trying to run the program in GDB, got SIGSEGV'd. Afterwards I
inspected the faulty address and tried to avoid it by changing its value,
instead it crashed at somewhere else. After trying this hopeless catch-and-run
for several hours, I decided I needed a better disassembly tool and went on to
IDA Pro.

This particular program contains a trick that intrigued me very much, and it
is the reason why I was getting SIGSEGV'd at different locations when altering
the program code.

The main payload of this program is simply XOR-encrypted by some key. The
whole thing begins by decrypting the payload and then begins its execution as
normal. The gist is, the particular key that encrypted the main payload is the
decryption code itself (for the unacquainted, assembly code is also just a
byte stream). Here, this exact part:

    
    
       0x804762d:   mov    $0xaa,%dl
       0x804762f:   mov    $0x8048480,%edi
       0x8047634:   mov    $0x8048cbc,%ecx
       0x8047639:   mov    %edi,0x80476f3
       0x804763f:   mov    %ecx,0x80476f7
       0x8047645:   sub    %edi,%ecx
       0x8047647:   mov    $0x804762f,%esi
       0x804764c:   push   $0x80476c1
       0x8047651:   pusha  
       0x8047652:   mov    $0x55,%al
       0x8047654:   xor    $0x99,%al
       0x8047656:   mov    $0x8047656,%edi
       0x804765b:   mov    $0x80476e5,%ecx
       0x8047660:   sub    $0x8047656,%ecx
       0x8047666:   repnz scas %es:(%edi),%al
       0x8047668:   je     0x804770a
       0x804766e:   mov    %edi,0x80476eb
       0x8047674:   popa   
       0x8047675:   add    0x80476eb,%edx
       0x804767b:   ret
    

As far as I can remember, the key was a bit more than that, but I'm sure it
was including this part.

At the end of every iteration (of something involving this loop which I can't
precisely recall now) the program checks whether it is running under debug
mode (essentially makes a PTRACE call and reads its output, the OP also talks
about it) If this is the case, it makes a jump to random address, so even if
you are just neatly watching the program run under debug mode, you weren't
going to achieve anything.

The next thing that occured to me is to manipulate how PTRACE returns its
value, but I thought it would involve some kernel code fiddling and running
the program under the modified kernel, which is WAY beyond my ability for now.
I didn't know how to do it, but later by some very stupid trick I managed to
pass this decryption part and the program made a jump to something like
"__glibc_start". I needed to save the altered program and run it under gdb
again (I don't remember why), but I was using the trial version of IDA Pro
which prohibits me of such a thing. After making a few more desperate attempts
I gave up.

But this "using the code as the key".. I think spending 14 hours to see this
done was well worth it.

~~~
sillysaurus3
_At the end of every iteration (of something involving this loop which I can
't precisely recall now) the program checks whether it is running under debug
mode (essentially makes a PTRACE call and reads its output, the OP also talks
about it) If this is the case, it makes a jump to random address, so even if
you are just neatly watching the program run under debug mode, you weren't
going to achieve anything._

Could you change the jmp into a nop? That should let you attach in debug mode.

~~~
ckaygusu
I believe it was also the part of the key.

~~~
sillysaurus3
Could you change the jmp into a nop, then xor every nth byte of the program
with jmp xor nop, where n = whatever offset the jmp was at in the key? The
result should be a valid decryption.

~~~
annnnd
Wouldn't that also change the xor-ed instructions? That is, wouldn't the
program behave differently?

~~~
sillysaurus3
Nah, if instruction "foo" is xor'd with "jmp", then xoring foo with "jmp xor
nop" will remove the jmp and add the nop. Then the nop is removed during
decryption, because "foo xor nop" xor nop = foo.

The reason this is clean and convenient is because nop is a single byte (0x0f
or 0x90), which lets you replace any instruction of any size with nops. But if
you had to transform jmp into an instruction of a different size, things could
get hairy if the byte sizes don't line up. But you could still replace several
instructions with other code.

------
professorwimpy
"Now, I have been told that the best crackers in the world can do this in 60
minutes. Unfortunately, I need someone who can do it in 60 seconds."

------
zellyn
If this sounds fun, give microcorruption.com a try :-)

~~~
jere
Yes microcorruption was a lot of fun and the last part of this post reminds me
_very much_ of the last level.

The nice thing about microcorruption was how you didn't need much more than
familiarity with assembly and C (and language of choice in the end game). This
interview challenge on the other hand... I wouldn't even know where to start.

~~~
tptacek
Thanks! It's worth saying here: Hans, Nicholas, Daniel, Andy and I wrote
Microcorruption _in order to be_ the basis of job interviews. :)

~~~
ngcazz
Had a lot of fun with it! Props!

------
imaginenore
If we asked questions like that at our interviews, it would take us 10 years
to hire one candidate. Most people fail at basic basic stuff.

~~~
doktrin
Are you hiring security engineers? I would think stuff like this would be
expected knowledge in the field.

------
sayginbican
Dude?? Did you wait until you go to Spain to post this? Still, it is very fun
to read this post and comments here. Actually, I prepared these two crackmes
in order to arrange a small competition among universities at Turkey. But,
they became very good interview questions also.

It's really good to read these responses. Cracking ability is really rare in
CS student community in Turkey. Our intention was increase awareness. Reading
these comments showed me it was a really good step.

~~~
m00dy
Ma mannn :)) i was just kinda bored here , that's why i posted that blog i
hoped you liked it , it's getting viral :))

------
userbinator
If you want to try cracking one yourself, there are plenty of crackmes at
[http://crackmes.de/](http://crackmes.de/)

------
sbisker
Is this company ok with this being posted?

If so, they should say what company they are, because being associated with a
clever puzzle like this is great for recruiting (even if it's not being used
anymore). Unless they have their own reasons for remaining quiet (government?
:)).

If not, they should probably take it down, as having the solutions posted
would ruin the evaluative value of what must have taken a very long time to
make.

~~~
drblast
Crackme's like this are like a handshake in the reverse engineering world.
This is a basic problem and standard for what I'd expect as an interview first
step.

------
acjohnson55
Back when I was in high school, I had a Palm IIIxe. This was the days before
app markets and nearly everybody who made PalmOS apps tried to sell them as
shareware with a price of $20-50 -- well beyond what I could afford as a broke
high school student.

Fortunately, I had learned Z80 assembly programming my TI-83, which had led me
to dabble in 68k assembly when I bought a TI-89. I never mastered 68k the way
I did Z80, but I knew enough to find the routines that ran the registration
key check when the OK button was pressed, and by trial and error, I'd invert
conditional jumps until I found the one that would turn a failed registration
attempt into a success. Then I'd hex edit the binary to make the switch.
Worked like a charm about 80% of the time!

------
estefan
I remember fravia and +orc back in the day... I think he passed away, but
there are still archives online:
[http://www.woodmann.com/fravia/](http://www.woodmann.com/fravia/)

I spent hours starring at softice & winice, and learning x86 asm

------
diminoten
How the hell do I have a job? I can't even follow most of this...

------
harshil93
This reminds of this quora post. A nice one for beginners like me. The guy
reverse engineered Sublime Text to remove the nagware of registration.

[https://ericjang.quora.com/Reverse-Engineering-Apps-a-
Step-b...](https://ericjang.quora.com/Reverse-Engineering-Apps-a-Step-by-Step-
Beginners-Guide-3)

PS- You should buy ST, it is one of the best code editors out there in the
market.

~~~
h43k3r
Thanks for this. A good read for those who have never used such tools.

------
jonahx
what's a good, simple intro to the basics of this kind of cracking for someone
who is an experienced programmer, knows some C, etc, but has little system
level or assembly experience?

~~~
bubblicious
I would really suggest purchasing a good book about it. From my point of view,
I would go for "Hacking: The Art of Exploitation, 2nd Edition" from Jon
Erickson which goes in depth about how to crack programs using gdb and other
tools. It's really a wonderful book if you want to learn more about the world
of cracking in general, and it doesn't require much prior security experience.

Quick link to Amazon: [http://www.amazon.com/Hacking-The-Art-Exploitation-
Edition/d...](http://www.amazon.com/Hacking-The-Art-Exploitation-
Edition/dp/1593271441)

~~~
FLUX-YOU
I've done some of this book. It's good, but you're better off knowing the
basics before trying to really learn from it I think. I only knew a little C
when I started, so I only got about 4 or 5 chapters after much googling before
I drowned.

Learn some ASM and get familiar with gdb before attempting

~~~
bubblicious
It's definetely out there if you have only done a little C. It doesn't require
any previous security knowledge though as I stated. But like you realized, it
does require you to know your way around low-level programming.

------
aabajian
This is totally nostalgic of the "binary bomb" assignment in CS 107 @
Stanford. You have to run the program from Stanford's network. There are 6
levels and each level has a password you have to enter. If you enter the wrong
password, the course server is notified, and a point is deducted from your
grade. The correct way to solve each level is to disassemble the program and
figure out what it's doing.

Here's Google's cache of this page:

[http://webcache.googleusercontent.com/search?q=cache:uGbSzpZ...](http://webcache.googleusercontent.com/search?q=cache:uGbSzpZhmGsJ:web.stanford.edu/class/cs107/assign5.html+&cd=1&hl=en&ct=clnk&gl=us)

...there's even a secret level in the binary.

~~~
iliis
We did that in our second year and it was awesome. I don't know if it was the
same binary but it was well made. The first password was very easy (just a
constant string) and it got progressively harder from there. At the end we had
to step through some recursive algorithm and you learned to read assembly
almost as well as normal code. And the server for submitting the passwords
didn't filter the username so you could enter arbitrary HTML into the high-
score...

------
skizm
Should have sent them a password locked program called *DoorHasBeenCracked".
The only thing it does is post passwords to an http server that you control.
There is a good chance they try their own password on it. New school phishing
attack. /s

~~~
notfoss
Ignoring the /s tag, it sounds apt for a hollywood movie or a sci-fi show, but
in reality it will most likely be run on an unnetworked VM. But funny
nonetheless :P

------
fsniper
The post started very well but with the first screen shot, my mind started
tingling: What the heck a security engineer is doing in a root shell? An
unknown binary sent via an email is run in a root shell. There is also no
mention of email source tracking.

Hey you are a security engineer you know about weakness of smtp right?

Even if this is a virtual machine, I would really reconsider employment of him
or sit down and do a serious talking about this blog post if I were the
employer.

I could not continue reading the post before ranting about it.

~~~
runamok
Is it really that probable that an email was sent to him from the company he
is applying to and someone spoofed that to send him malware?

I agree with the root point only because the company could have easily done
something like `echo "I just rm -rf'ed your / because you ran me as root"` as
part of the test.

Why would you consider it still an issue if it was a VM he used only for this
purpose?

~~~
fsniper
Well, email is the primary threat distribution medium right now. So If a
security engineer do not show scepticism about an unsigned, unencrypted email
from an unverified source, I get picky.

Looking from probability perspective, yes you are right, this is a low threat
vector.

Also I consider working root in a vm an issue because security 101 lesson 1 is
"avoid privileged accounts as much as possible". Why not work in a
unprivileged shell account and use sudo whenever needed? VMs are not bullet
proof and they can leak memory, can make host machine unstable or even crash
it. There are hardly any poc's out there but VM's _may be_ exploited to switch
context to host machine. Aside from these low probable threats, while working
with unknown originated binaries, losing your whole work is a big probability.
In this case it would not matter if you are inside a vm or not. VM's can be
recovered but lost time can not be.

~~~
claar
"Security 101" isn't all that relevant when you actually understand the threat
vectors. If you can't create a clean, isolated, snapshot'd VM for this sort of
playing, you have no business applying for this sort of job.

~~~
fsniper
You are absolutely right.

But what about screw up vectors or being careless stack up in this?

People are sloppy. It's easy to do mistakes and loose everything. Working with
crackme binaries needs more attention.

------
raverbashing
Very nice

My approach would be to disassemble, then try to find the strings in the
program and see where they're being used and processed.

And kill the CC thing by hexediting the file

------
joeblau
I love the way the way m00dy dissected the problem. About 2 months ago, I was
watching some advanced LLDB videos from Apple and they went into a lot of the
tricks detailed in this post for setting breakpoints and debugging a program.
That being said, some of the knowledge about halting commands and configuring
gdb to ignore debug mode are just some things only a pro would know.

Great job and thanks for the great read.

------
javajosh
So the only way for programs to get data from the outside world is to poll
with system calls? I always thought that programs defined a "holding area"
that the kernel would write into when it had data - the program still _might_
poll, but it's polling (potentially very small, perhaps a single register)
local data rather than making a system call.

~~~
shabble
Largely, yes. Which is why _strace_ is so useful as a debugging tool. It's
also why you want to do buffered IO (read/write in kB at a time) to minimise
call overhead.

There is mmap[1] (controlled, unsurprisingly, by syscalls), which will give
you a memory region that may be updated transparently for you by the kernel,
but in general, it's all syscalls.

The other nice thing about the syscall interface is that it gives the kernel
an opportunity to suspend the calling process and schedule something else if
it can't fulfill their request right now (hence, _blocking_ IO), so you're not
actually polling. Of course, a preeemptive scheduler (like everything actually
is) can step in and suspend you anyway, but the syscall is a nice place to do
it cooperatively.

[1] [https://en.wikipedia.org/wiki/Mmap](https://en.wikipedia.org/wiki/Mmap)

------
turtles
Similarly, I had to debug a vulnerability and write an exploit for a
vulnerability in adobe reader for a job interview. :)

------
mahmoudimus
I have a pretty cool crackme that I programmed and I wanted to offer it as a
puzzle to some candidates, but without the proper reverse engineering tools, I
think most candidates would really struggle -- especially if you're looking
for just general developers.

Haven't given it much thought past this.

~~~
Ysx
If it's no relevance to the job, you're only testing that they share your
interests.

~~~
eru
Which might be a useful tool to attract candidates, but not to select them.
(Compare exploratory data analysis.)

------
marincounty
I've always believed a test a a fair way of hiring. It takes "the good ole
boy", and the whole "my friend is brilliant" out of the equation. Personally,
I've never liked, actually despised, the whole networking thing.

------
mariuolo
You know that by publishing this now YOU will have to write the challenge
programme for the next candidate, right?;)

~~~
notfoss
It's a wonder he wasn't under an NDA or something.

------
terminado
Password variables stored as constants? In _MY_ binary? It's more likely than
you think!

------
Ben-G
Are there any good resources to learn what is necessary to solve this puzzle?

------
ck2
Then gets fired for revealing the answer to the only test they have.

Just kidding, congrats!

------
aceperry
This reminds me of a scene from the movie "Swordfish", starring Hugh Jackman,
John Travolta, and Halle Berry. :-)

------
ohshout
why doesn't the author use objdump so there is no need to bypass ptrace()?

------
tomrod
That, my friends, was a powerful blogpost. Raw, exuberant, and purposeful. I
learned much.

------
fastball
Agh wHy is thE capitalization & puncuation. so inconsistent?

