Multipart corruption! Like paying a lobbyist to pay a senator! This is our first example of corrupting one value, thereby changing the behavior of the program and allowing further corruption.Santa Cruz introduces the username input! We’ve got multiple locations to write to, new values to corrupt, and our old friend unlock_door plays a central role.I sat down for this one at the end of the night hoping to take a look at it before bed and get a sense of the problem for tomorrow. Johannesburg turned out to be a fairly small modification of Montevideo and I was able to get a working attempt string in twenty minutes or so.Montevideo adds another layer of indirection to the problem we encountered in Whitehorse. The device is still vulnerable to overflow, but we can’t just encode whatever we want!NCC Group hosts an embedded security CTF game at microcorruption.com. I’m not much of an expert in embedded anything, but the game is quite a bit of fun. I completed the first few levels a few days ago, so this is post-facto write-up, but I intend to write an article as I go for future levels.