Description
What does asm2(0x6, 0x24) return? Trace through the x86 assembly with loop logic. Submit the flag as a hexadecimal value.
Setup
Download the assembly file.
wget <url>/test.SSolution
Walk me through it- Step 1Read the assemblyOpen test.S. The function asm2 takes two arguments: 0x4 at [ebp+8] and 0x2d at [ebp+12]. It contains a loop. Identify the loop variable, the loop condition, the loop body operations, and the exit value.bash
cat test.SLearn more
Assembly loops use conditional jumps to backward labels. A typical loop structure: initialize a counter, compare it to a limit, do the body, increment the counter, and jump back if the condition still holds.
The two arguments are stored at fixed offsets from ebp: first argument at [ebp+8], second at [ebp+12]. Local variables are at negative offsets: [ebp-4], [ebp-8], etc.
- Step 2Simulate the loop on paperInitialize the local variables with the given arguments. Step through each iteration of the loop, tracking register and memory values, until the exit condition is met. Note the value in eax at the ret instruction.
Learn more
Alternatively, translate the assembly to Python for rapid simulation: replace each assembly instruction with equivalent Python operations and print intermediate values to verify.
- Step 3Submit the return valueThe return value in hex (preceded by 0x) is the answer. Check if it should be wrapped in picoCTF{...}.
Learn more
Understanding loop patterns in assembly is essential for reversing cryptographic algorithms, where loops process data byte-by-byte or block-by-block. Recognizing the loop structure quickly is more valuable than tracing every iteration manually.
Flag
picoCTF{0x63}
asm2(0x6, 0x24): the loop adds 0xf9 each iteration until the accumulated value meets the loop condition, and the function returns 0x63.