Have you got stuck? Need Help? Join our discord server, ask your doubts & get support from our experts.
InCTF Jr 2022
August - November, 2022
Author: Ad0lphus
.intel_syntax noprefix ; Intel syntax without prefixes
.bits 32
.global func
; call: func(0x1,0x25)
func:
push ebp
mov ebp,esp
sub esp,0x10
mov eax,DWORD PTR [ebp+0xc] ; eax = 0x25
mov DWORD PTR [ebp-0x4],eax ; var1 = 0x25
mov eax,DWORD PTR [ebp+0x8] ; eax = 0x1
mov DWORD PTR [ebp-0x8],eax ; var2 = 0x1
jmp kek_boom ; jump to kek_boom
pepe_boom:
add DWORD PTR [ebp-0x4],0x3 ; var1 += 3
xor DWORD PTR [ebp-0x4],0x19 ; var1 ^= 25
sub DWORD PTR [ebp-0x4],0x1 ; var1 -= 1
or DWORD PTR [ebp-0x4],0x2 ; var1 = var1 | 2
add DWORD PTR [ebp+0x8],0x64 ; var2 += 0x64
kek_boom:
cmp DWORD PTR [ebp+0x8],0xb158 ; var2 > 0xb158? True: return var1
jle pepe_boom ; False: add 0x64 to var2 and 1 to var1 (pepe_boom)
mov eax,DWORD PTR [ebp-0x4] ; return var1
mov esp,ebp
pop ebp
retwe can make a simple python script to get the flag.
kek = 0x25
num = 0x1
while num < 0xb158:
kek += 3
kek ^=25
kek-=1
kek= kek | 2
num += 0x64
print("inctfj{",kek,"}",sep='')