New Orleans

User Manual

Lockitall                                            LOCKIT PRO r a.01
______________________________________________________________________

              User Manual: Lockitall LockIT Pro, rev a.01              
______________________________________________________________________


OVERVIEW

    - This is the first LockIT Pro Lock.
    - This lock is not attached to any hardware security module.


DETAILS

    The LockIT Pro a.01  is the first of a new series  of locks. It is
    controlled by a  MSP430 microcontroller, and is  the most advanced
    MCU-controlled lock available on the  market. The MSP430 is a very
    low-power device which allows the LockIT  Pro to run in almost any
    environment.

    The  LockIT  Pro   contains  a  Bluetooth  chip   allowing  it  to
    communiciate with the  LockIT Pro App, allowing the  LockIT Pro to
    be inaccessable from the exterior of the building.

    There is  no default password  on the LockIT  Pro---upon receiving
    the LockIT Pro, a new password must be set by connecting it to the
    LockIT Pro  App and  entering a password  when prompted,  and then
    restarting the LockIT Pro using the red button on the back.
    
    This is Hardware  Version A.  It contains  the Bluetooth connector
    built in, and one available port  to which the LockIT Pro Deadbolt
    should be connected.

    This is Software Revision 01.

    


(c) 2013 LOCKITALL                                            Page 1/1

`main`

We can set a breakpoint at main.

Debugger console

> break main
  Breakpoint set

We can see that the breakpoint has been set.

If we continue through the program using the continue or c command, the program stops execution at the breakpoint.

Debugger console

> continue

The program calls the following functions:

create_password: Creates and sets a password for the lock.
get_password: Takes user input.
check_password: Checks if user input is correct.

`create_password`

The create_password function seems interesting. Let's set a breakpoint there using and the continue execution flow.

Debugger console
> break create_password
  Breakpoint set
> continue

We can see that we are now inside the create_password function.

So this function sets the value of r15 to be equal to the address 0x2400 in memory. It then treats r15 as memory pointer and moves some characters which seem to be our password into that memory address.

Let's set a breakpoint at 44b0 and continue the execution.

Debugger console
> break 0x44b0
  Breakpoint set
> continue

Once we hit the breakpoint we can check the memory location using the R 2400 command.

Debugger console
> R 0x2400
2400 697a 3746 727a 2a00 0000 0000 0000 0000  iz7Frz*.........
2410 0000 0000 0000 0000 0000 0000 0000 0000  ................

Or we can just look in the Live Memory Dump section.