A binary named vault is available at:
/task/vault
The program accepts user input through stdin and may grant access depending on internally derived runtime state.
- Successful access results in
UNLOCKED - Failed validation results in
DENIED - Repeated invalid submissions terminate the process
The vault uses an active defense mechanism. It spawns a background thread that continuously mutates memory to defeat standard heap scraping techniques. If you attempt to read the process memory while it is running, you will encounter torn reads and corrupted data structures.
The validation state is not stored as a contiguous integer. It is fragmented across a series of pointer-linked memory regions. To reconstruct the PIN, you must:
- Traverse a linked list starting from a global head pointer.
- At each node, extract a single digit by XORing a
pin_maskfield with the lower 32 bits of thenext_ptrfield. - The final node's digit is simply its
pin_mask.
The vault enforces a strict 2-second wall-clock timeout between prompting for input and receiving the response. Slow interactions (e.g., interactive debugging or slow interpreted scripts) will automatically result in DENIED.
Create a bash script at:
/solution/solve.sh
that reliably obtains successful access from the vault.
Your solution must work consistently across repeated executions. Do not modify the vault binary itself.