[picoCTF] Programmers Assemble

Another quick picoCTF challenge. ¬†This one was a easy challenge on reading and understanding x86 assembly. ¬† Let’s take a look.


.global main

main:
    mov $XXXXXXX, %eax
    mov $0, %ebx
    mov $0x8, %ecx
loop:
    test %eax, %eax
    jz fin
    add %ecx, %ebx
    dec %eax
    jmp loop
fin:
    cmp $0xdc98, %ebx
    je good
    mov v$0, %eax
    jmp end
good:
    mov $1, %eax
end:
    ret

So our goal is to get to the “good” block where it moves eax into 1. To get there, we look in the fin block. We jump to good if ebx is the same as 0xdc98. Let’s look at main now. We initialize ebx to 0 and ecx to 8. In the loop, we do a test on eax and jump fin if eax is 0. If it’s not 0, we increment ebx by ecx (which is 8) and decrease eax by 1 and then go back into the loop. So in code.

eax = ??
ebx = 0
ecx = 8
while(eax != 0)
    eax--
    ebx+=ecx
if(ebx == 0xdc98)
    victory!
else
    failure!

So how many times will the program have to loop to get ebx to 0xdc98? 0xdc98/8 = 0x1b93 which is our flag!

Leave a Reply

Your email address will not be published. Required fields are marked *