R Puzzle: Gnireenigne Laboratory

by C. Scott Ananian

This is an actual working device, similar to the one described here. (The linked site was taken down and de-googled for the duration of the hunt.)

It is a simple one-input one-output embedded system. A rotating mirror and switched laser draw text on any nearby surface. You were given a schematic for the system, directions for making an origami model of the mirror assembly (which should help you understand how vertical displacements of the laser beam work), and the software running on the processor. I also provided links to the processor manual, a description of the file format the software is provided in, and a link to a google page on "PIC disassemblers" which should help you turn the file provided into a more-or-less readable version of the code, albeit without comments or descriptive register names.

The challenge is to reverse-engineer the given system to determine what is does and how it does it. This is hinted by the name of the puzzle, which is "engineering" backwards, or "reverse-engineering", and also by the phrase "reverse that" in the flavortext.

The code is provided as a binary image; the commented assembly source is available if you'd like to compare your solution.

The code given to you displays the massage "VNSU FGHI CWQJSR KXLUXI LK OUGL DH TYAEZZN" using this font:

The line on top is the font; the line on the bottom displays a 'normal' ASCII encoding for comparison, since the shapes of the upper- and lower-case letters have been modified.

If you turned the machine on, you'd get the message KEEP FONT; CHANGE OUTPUT TO "SPOT" IN BRAILLE, since the upper case letters in the font implement a substitution cipher. As you closely examine the font file, you should notice that the lowercase alphabetic characters map to a variety of patterns that could be used to construct braille characters. The word "SPOT" in braille is:
⠎ ⠏ ⠕ ⠞

The 'k' in the font generates the three dot column corresponding to the left half of S and T; the 'a' generates the right half of S and P; the 'r' generates the left half of P, the 'o' generates the entire braille character O, and the 'e' generates the right half of T. So if you replaces the message in the device with "karaoke" it would display the braille for SPOT. Thus KARAOKE is the answer to the puzzle.