Skip to content

begoon/nor

BranchesTags

Repository files navigation

NORCPU Hackme Challenge

A hackme puzzle built on a one-instruction CPU (OISC) that uses only the NOR operation. Originally created by Alexander Demin in 2011, based on the NORCPU concept by Alexander Peslyak.

How it works

norcpu.py is both a compiler and an emulator for a virtual CPU whose only instruction is NOR (bitwise NOT-OR on two 16-bit words). All higher-level operations — MOV, ADD, XOR, PUSH/POP, CALL/RET, branching — are built as macros that expand into sequences of NOR instructions.

The script:

  1. Compiles a password-checking program from macro calls into a flat array of 16-bit words (code + data in a single address space).
  2. Runs the program in the built-in emulator to verify correctness.
  3. Emits a self-contained HTML/JavaScript page (norcpu.html) that embeds the compiled memory image and runs the same NOR CPU in the browser.

The challenge: given only the HTML page, figure out the password that produces the secret magic message.

Program logic

Both the password and the secret code are stored in memory pre-encoded: each character is XORed with a rolling 16-bit mask. The CPU program, reconstructed as Python pseudocode:

# Phase 1: compare user input against the encoded password.
# Both sides are XORed with the same rolling mask, so the masks cancel out
# and the comparison is effectively plaintext vs plaintext.
mask = password.xor_mask
cmp_flag = 0
for i in range(len(password)):
    ch = input[i] ^ mask
    stored = encoded_password[i]         # == password[i] ^ mask
    cmp_flag |= ch ^ stored              # zero iff input[i] == password[i]
    mask = (mask * 3 + password.add_const) & 0xFFFF

if cmp_flag != 0:
    return ""                             # wrong password

# Phase 2: decrypt the secret code by XORing the stored (encoded) bytes
# with the same rolling mask used to encode them — double XOR recovers
# the plaintext.
mask = code.xor_mask
result = ""
for i in range(len(code)):
    result += chr(encoded_code[i] ^ mask) # (plain ^ mask) ^ mask == plain
    mask = (mask * 3 + code.add_const) & 0xFFFF

return result

Running

uv run norcpu.py --password "MySecret" --secret-code "You win!"

This compiles the program, performs a test run to verify the password produces the expected secret code, and generates:

  • norcpu.asm — the compiled assembly listing
  • norcpu.html — the standalone hackme challenge page

Testing

uv run pytest

About

One-instruction CPU (OISC) NOR

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages