CSAW Challenge Reflections on Pools of Radiance

Doug Burks who maintains the Security Onion project turned me on to the CSAW’s Exercises for the burgeoning Army of ninjas. As I went through the challenges two things came to mind. First I thought it might make a good blog posting. Secondly I started reminiscing about Dungeons and Dragons’ Pools of Radiance.
Pool’s of Radiance was a Dungeons and Dragons simulation for my Commodore 64. The game was great, but in order to combat the software privacy that was so prevelant at the time Strategic Simulation, the games manufacturer, required that you enter a code off of a code wheel to play the game. If you didn’t buy the game you supposedly wouldn’t have a code wheel and you wouldn’t be able to play. Well, I did have a code wheel, but having to dig it out every time I wanted to play was a pain. The result was my first soiree with assembly language. I didn’t know what I was doing, but I quickly learned that by changing JZ, JNE, JE and other “conditional jumps” to JMP (an unconditional jump) I could alter the way the game operated and remove the required code wheel. This was of course prior to the DCMA. :) But the excitement only started there, I soon learned I could alter the code that took away my characters hit point, guarantee a successful attack every time and otherwise cheat my way to victory. My love for assembly coding was born.
The CSAW challenges are fun and educational. The skills you learn go beyond protecting Zelda’s lifepoints! Going through the exercises will help you with analyzing malware, understanding software bugs and developing exploits.
So check out the exercises HERE
I haven’t had a chance to go through all of them, but here are some video’s with an overview of using OllyDbg of the first few. Thanks the Matasano and NYU and everyone at the CSAW for sharing them. If you like these challenges there are some similar training exercises on Bright Shadow and Crackmes.
Solution Exercises 1 & 2