From 646ee7379dac8a521024f2c2cccae16fdbe50ec5 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Sun, 5 Jul 2026 07:12:32 +0900 Subject: [PATCH] rev/armssembly_2 --- rev/armssembly_2/chall_2.S | 57 ++++++++++++++++++++++++++++++++++++++ rev/armssembly_2/solve.sh | 6 ++++ 2 files changed, 63 insertions(+) create mode 100644 rev/armssembly_2/chall_2.S create mode 100755 rev/armssembly_2/solve.sh diff --git a/rev/armssembly_2/chall_2.S b/rev/armssembly_2/chall_2.S new file mode 100644 index 0000000..111bfc5 --- /dev/null +++ b/rev/armssembly_2/chall_2.S @@ -0,0 +1,57 @@ + .arch armv8-a + .file "chall_2_gen.c" + .text + .align 2 + .global func1 + .type func1, %function +func1: + sub sp, sp, #32 + str w0, [sp, 12] + str wzr, [sp, 24] + str wzr, [sp, 28] + b .L2 +.L3: + ldr w0, [sp, 24] + add w0, w0, 3 + str w0, [sp, 24] + ldr w0, [sp, 28] + add w0, w0, 1 + str w0, [sp, 28] +.L2: + ldr w1, [sp, 28] + ldr w0, [sp, 12] + cmp w1, w0 + bcc .L3 + ldr w0, [sp, 24] + add sp, sp, 32 + ret + .size func1, .-func1 + .section .rodata + .align 3 +.LC0: + .string "Result: %ld\n" + .text + .align 2 + .global main + .type main, %function +main: + stp x29, x30, [sp, -48]! + add x29, sp, 0 + str w0, [x29, 28] + str x1, [x29, 16] + ldr x0, [x29, 16] + add x0, x0, 8 + ldr x0, [x0] + bl atoi + bl func1 + str w0, [x29, 44] + adrp x0, .LC0 + add x0, x0, :lo12:.LC0 + ldr w1, [x29, 44] + bl printf + nop + ldp x29, x30, [sp], 48 + ret + .size main, .-main + .ident "GCC: (Ubuntu/Linaro 7.5.0-3ubuntu1~18.04) 7.5.0" + .section .note.GNU-stack,"",@progbits diff --git a/rev/armssembly_2/solve.sh b/rev/armssembly_2/solve.sh new file mode 100755 index 0000000..e05510e --- /dev/null +++ b/rev/armssembly_2/solve.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p pkgsCross.aarch64-multiplatform.stdenv.cc + +"$CC_FOR_TARGET" chall_2.S -o chall + +./chall 2401941830 | cut -d' ' -f2 | xargs printf "picoCTF{%08x}\n"