Add winning inputs.

Author: dagnir

montevideo/notes.markdown

@@ -18,3 +18,5 @@ call #454c
 {% endhighlight %}
 
 Luckily this sequence of instructions does not have a null in it.  Note what we do here: we move the constant #0xff7f to a `r5`.  Then we clear the high byte using `mov.b` to move the register to itself; now we have `#0x007f` in `r5`, and from here, we just push it, then call `INT`.
+
+### input: `35407fff45450512b0124c4511111111ee43`

whitehorse/notes.markdown

@@ -28,3 +28,5 @@ At the beginning, we have 16 bytes of spaces, which is enough for our shellcode
 Like in the previous buffer overflow attack, we have to write past the end of the buffer, and overwrite the return address of `login`.  In this case, the address we want it to jump to is the start of the buffer.
 
 That's it; after jump, it executes the shellcode, triggering the open deadbolt interrupt, and giving us access.
+
+### input: `30127f00b01232450000000000000000b432`