Hints

Using GDB

GDB is a complex and versatile program, so here I'm going to focus on the commands that are most applicable for analyzing this core dump.

• backtrace - Print information about the call stack
• frame - Select the stack frame to examine. This lets you examine variables from caller functions
• info symbol - Print info for any symbols that map near a memory address
• print - Print variable or data
• examine memory - Print out raw binary data at memory locations
• disassemble - Print memory as assembly instructions. For example, disassemble $pc-64,$pc+64 will print the assembly for the instructions within 64 bytes of the current instruction pointer

The layout can also be customized. For instance, running:

(gdb) frame 2
(gdb) tui layout split

Will show the source and assembly associated with where the coredump crashed. tui focus followd by cmd or asm or src then lets you select which window to interact with.

Corrupt Frames

Some GDB commands have issues giving useful data when the program is in an unexpected state. Try using backtrace and frame to go up the callstack to frames with functional debug data.

Use disassemble $pc-64,$pc+8 to examine the machine code sourounding the crash.

Understanding Assembly / Machine Code

While a basic knowledge of assembly is useful, it is not really the focus of this puzzle. https://halb.it/posts/x64-introduction/ provides a pretty good introduction along with https://cs.brown.edu/courses/cs033/docs/guides/x64_cheatsheet.pdf. Aside from understanding what happened during the memory corruption, you should be able to solve the puzzle by only looking at the C code.

Examine Variables

Use info args and info locals, and the source file to find variables that you can examine with print.

Use info symbols MEMORY_ADDRESS to examine addresses to see if corresponds with functions or variables.

Memory

It is important to understand what memory ranges map to what parts of the address space (program memory, heap, stack, etc). https://courses.grainger.illinois.edu/cs225/sp2022/resources/stack-heap/ is a decent introductory explanation of the program memory layout. Vanilla GDB doesn't have great commands for understanding what memory regions variables map to, but you can look at the addresses of variables from the code to get the general layout.

Other Context

airlock_ctrl.log and access_logs.sql can provide some additional context for the series of events that occurred. The Station Device Network (SDN) Protocol Specification can also give more information on the type of commands the airlock handles.