diff --git a/rev/armssembly_1/chall_1.S b/rev/armssembly_1/chall_1.S new file mode 100644 index 0000000..3728745 --- /dev/null +++ b/rev/armssembly_1/chall_1.S @@ -0,0 +1,73 @@ + .arch armv8-a + .file "chall_1_gen.c" + .text + .align 2 + .global func + .type func, %function +func: + sub sp, sp, #32 + str w0, [sp, 12] + ; mov w0, 88 + mov w0, 86 + str w0, [sp, 16] + ; mov w0, 4 + mov w0, 3 + str w0, [sp, 20] + mov w0, 3 + str w0, [sp, 24] + ldr w0, [sp, 20] + ldr w1, [sp, 16] + lsl w0, w1, w0 + str w0, [sp, 28] + ldr w1, [sp, 28] + ldr w0, [sp, 24] + sdiv w0, w1, w0 + str w0, [sp, 28] + ldr w1, [sp, 28] + ldr w0, [sp, 12] + sub w0, w1, w0 + str w0, [sp, 28] + ldr w0, [sp, 28] + add sp, sp, 32 + ret + .size func, .-func + .section .rodata + .align 3 +.LC0: + .string "You win!" + .align 3 +.LC1: + .string "You Lose :(" + .text + .align 2 + .global main + .type main, %function +main: + stp x29, x30, [sp, -48]! + add x29, sp, 0 + str w0, [x29, 28] + str x1, [x29, 16] + ldr x0, [x29, 16] + add x0, x0, 8 + ldr x0, [x0] + bl atoi + str w0, [x29, 44] + ldr w0, [x29, 44] + bl func + cmp w0, 0 + bne .L4 + adrp x0, .LC0 + add x0, x0, :lo12:.LC0 + bl puts + b .L6 +.L4: + adrp x0, .LC1 + add x0, x0, :lo12:.LC1 + bl puts +.L6: + nop + ldp x29, x30, [sp], 48 + ret + .size main, .-main + .ident "GCC: (Ubuntu/Linaro 7.5.0-3ubuntu1~18.04) 7.5.0" + .section .note.GNU-stack,"",@progbits diff --git a/rev/armssembly_1/solve.sh b/rev/armssembly_1/solve.sh new file mode 100755 index 0000000..4ea8e09 --- /dev/null +++ b/rev/armssembly_1/solve.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p pkgsCross.aarch64-multiplatform.stdenv.cc + +"$CC_FOR_TARGET" chall_1.S -o chall + +# Output from Ghidra: +# int func(int param_1) +# { +# return 0xe5 - param_1; +# } +# +# int main(undefined8 param_1,long param_2) +# { +# int iVar1; +# +# iVar1 = atoi(*(char **)(param_2 + 8)); +# iVar1 = func(iVar1); +# if (iVar1 == 0) { +# iVar1 = puts("You win!"); +# } +# else { +# iVar1 = puts("You Lose :("); +# } +# return iVar1; +# } + +./chall "$((16#e5))" + +printf "picoCTF{%08x}\n" "$((16#e5))"