But I already typed that…
** http://assets-2013.legitbs.net/liabilities/policebox**
** http://assets-2013.legitbs.net/liabilities/core**

Opening the core file in gdb reveals that it was “dumped” at the 2nd instruction of main.
Reversing policebox gave:

int __cdecl main()
  signed int v1; // [sp+1Ch] [bp-4h]@5

  if ( !isatty(ttyfd) )
    perror("not on a tty");
  if ( tcgetattr(ttyfd, &orig_termios) < 0 )
    perror("can't get tty settings");
  v1 = 0;
  printf("The key is: ");
  while ( v1 <= 63 )
    if ( (unsigned __int8)getchar() == 13 )
      return 0;
  return 0;

This problem probably gave people the most trouble. As you’re looking for the output of getchar().

Eventually we realized that the core file also contained a gdb execution log using the ProcessRecord feature (http://sourceware.org/gdb/onlinedocs/gdb/Process-Record-and-Replay.html). This means that every instruction that was executed and the result was stored in the core file. Simply loading the record file with “record restore core” and then adding a breakpoint after the getchar() call means we can get the input that was typed to the program.