The stage3.bin binary relies on Signals and Signal Handlers to verify the entred password. A SIGSEGV signal handler will test one char of the password than call a second hander by sending another SIGSEGV signal and so on.
The SIGSEGV signal handlers addresses are the following :
0x4007fd,0x40085c,0x4008c7,0x400926,0x40098a,0x4009e8,0x400a4c,0x400ab0,0x400b14,0x400b73,0x400bd7,0x400c36, 0x400c95,0x400d0c,0x400d6b,0x400dcf,0x400e2e,0x400e8d,0x400eec, 0x400f4b,0x400faa,0x40100e
For each handler you can determine the requested char.
For exampler the handler at 0x4009E8 test the 6th char of the password against 'o' char.
void handler_at_4009e8()
{
signed int x = 1000 * p; // p = password[5]
if ( x / 111 > 999 && x / 111 <= 1000 )
signal(11, (__sighandler_t)handler_at_400a4c);
}
Then you go to handler_at_400a4c() function and do the same
The flag: Did_you_like_signals?
Yes I like them especially SIGSEGV signal :D