=

Bit-O-Asm-1-2-3-4 Picoctf writeup

Table of Contents

    Bit-O-Asm-1 solution

    Can you figure out what is in the eax register? Put your answer in the picoCTF flag format: picoCTF{n} where n is the contents of the eax register in the decimal number base. If the answer was 0x11 your flag would be picoCTF{17}.

    The challenge has give a text file which includes following :

    Code x86asm
    <+0>:     endbr64
<+4>:     push   rbp
<+5>:     mov    rbp,rsp
<+8>:     mov    DWORD PTR [rbp-0x4],edi
<+11>:    mov    QWORD PTR [rbp-0x10],rsi
<+15>:    mov    eax,0x30   ; hex value 0x30 is copied into eax
<+20>:    pop    rbp
<+21>:    ret

    We have to find the value of eax. We can clearly see that a move operation is performed which stores the value 0x30 in eax. So the value is 0x30 but it is in hex, convert it in decimal and put it into picoCTF{value}.

    you can use the command : python -c "print(0x30)"

    Flag :picoCTF{48}

    Bit-O-Asm-2 solution

    Can you figure out what is in the eax register? Put your answer in the picoCTF flag format: picoCTF{n} where n is the contents of the eax register in the decimal number base. If the answer was 0x11 your flag would be picoCTF{17}.

    Code x86asm
    <+0>:     endbr64
<+4>:     push   rbp
<+5>:     mov    rbp,rsp
<+8>:     mov    DWORD PTR [rbp-0x14],edi
<+11>:    mov    QWORD PTR [rbp-0x20],rsi
<+15>:    mov    DWORD PTR [rbp-0x4],0x9fe1a    ; 0x9fe1a is copied on the address [rbp-0x4]
<+22>:    mov    eax,DWORD PTR [rbp-0x4]        ; same value is copied into eax
<+25>:    pop    rbp
<+26>:    ret

    On +22 the value of address which is 0x9fe1a (654874 in decimal) is copied into eax , so eax have that value.

    you can use the command : python -c "print(0x9fe1a)"

    Flag :picoCTF{654874}

    Bit-O-Asm-3 solution

    Can you figure out what is in the eax register? Put your answer in the picoCTF flag format: picoCTF{n} where n is the contents of the eax register in the decimal number base. If the answer was 0x11 your flag would be picoCTF{17}.

    Code x86asm
    <+0>:     endbr64
<+4>:     push   rbp
<+5>:     mov    rbp,rsp
<+8>:     mov    DWORD PTR [rbp-0x14],edi
<+11>:    mov    QWORD PTR [rbp-0x20],rsi
<+15>:    mov    DWORD PTR [rbp-0xc],0x9fe1a    ; [rbp-0xc] = 0x9fe1a (654874 in decimal)
<+22>:    mov    DWORD PTR [rbp-0x8],0x4        ; [rbp-0x8] = 0x4 (4 in decimal) 
<+29>:    mov    eax,DWORD PTR [rbp-0xc]        ; eax = [rbp-0xc] => 0x9fe1a (654874 in decimal)
<+32>:    imul   eax,DWORD PTR [rbp-0x8]        ; eax =  eax * [rbp-0x8]
<+36>:    add    eax,0x1f5                      ; eax = eax + 0x1f5 
<+41>:    mov    DWORD PTR [rbp-0x4],eax        ; [rbp-0x4] = eax 
<+44>:    mov    eax,DWORD PTR [rbp-0x4]        ; eax = [rbp-0x4]
<+47>:    pop    rbp
<+48>:    ret

    Read and understand carefully ,if you are a beginner then I recommend you to write somewhere the values and operation. It is a simple math operation.

    you can use the command : python -c "print((0x9fe1a * 0x4) + 0x1f5)"

    Flag :picoCTF{2619997}

    Bit-O-Asm-4 solution

    Can you figure out what is in the eax register? Put your answer in the picoCTF flag format: picoCTF{n} where n is the contents of the eax register in the decimal number base. If the answer was 0x11 your flag would be picoCTF{17}.

    Code x86asm
    <+0>:     endbr64
<+4>:     push   rbp
<+5>:     mov    rbp,rsp
<+8>:     mov    DWORD PTR [rbp-0x14],edi
<+11>:    mov    QWORD PTR [rbp-0x20],rsi
<+15>:    mov    DWORD PTR [rbp-0x4],0x9fe1a    ; [rbp-0x4] = 0x9fe1a
<+22>:    cmp    DWORD PTR [rbp-0x4],0x2710     ; 0x9fe1a <= 0x2710 ???? Nooo
<+29>:    jle    0x55555555514e <main+37>       ; no jump
<+31>:    sub    DWORD PTR [rbp-0x4],0x65       ; eax = 0x9fe1a - 0x65
<+35>:    jmp    0x555555555152 <main+41>       ; jump
<+37>:    add    DWORD PTR [rbp-0x4],0x65
<+41>:    mov    eax,DWORD PTR [rbp-0x4]        ; eax = 0x9fdb5 (654773 in decimal)
<+44>:    pop    rbp
<+45>:    ret

    you can use the command : python -c "print(0x9fe1a - 0x65)"

    Flag :picoCTF{654773}