picoCTF Solutions
picoCTF 2019Reverse EngineeringHard

asm4 picoCTF 2019 Solution

Published: April 2, 2026

Description

What does asm4('picoCTF_d023b4') return? Assembly that processes a string.

Setup

Download the assembly file.

bash
wget <url>/test.S

Solution

Walk me through it
  1. Step 1Understand string processing in assembly
    Open test.S. The function asm4 takes a pointer to the string 'picoCTF_d023b4'. It likely computes a numeric value based on the string contents - perhaps a checksum, hash, or character sum.
    bash
    cat test.S
    Learn more

    When a string pointer is passed to a function, the argument at [ebp+8] is the address of the first character. To access character at index i, the assembly uses movzx eax, byte ptr [reg + i] or loads the pointer and uses an index register.

    Common string-processing loops: iterate while the current character is not null (0x00), computing something with each character (sum of ASCII values, XOR of all chars, polynomial hash, etc.).

  2. Step 2Simulate the function
    Translate the assembly to Python. Set the input string to 'picoCTF_d023b4' and simulate the operations. The final value in eax is the return value.
    python
    python3 << 'EOF'
s = 'picoCTF_d023b4'
# Simulate the asm4 logic in Python based on the assembly
# Example: simple sum
result = 0
for c in s:
    result += ord(c)  # replace with actual operations from assembly
print(hex(result))
EOF
    Learn more

    Compiling and running the assembly directly is the most reliable approach. Create a C wrapper: extern int asm4(char *s); int main() { printf("0x%x\n", asm4("picoCTF_d023b4")); }. Compile with gcc -m32 wrapper.c test.S -o test -no-pie and run.

  3. Step 3Compile and run with a C wrapper
    Rather than tracing manually, assemble the file with NASM, write a small C driver that calls asm4 with the argument string, and compile with gcc -m32. The CPU computes the result in milliseconds.
    bash
    # Convert the .S file to NASM syntax and assemble
    bash
    nasm -f elf32 -o asm4.o asm4.s
    bash
    # Write a C driver: extern int asm4(char*); then printf("0x%x\n", asm4("picoCTF_d023b4"));
    bash
    gcc -m32 asm4.c asm4.o -o asm4_run && ./asm4_run
    Learn more

    For complex assembly functions, letting the CPU run the code is faster and more reliable than manual tracing. Assembling with NASM and linking a C wrapper with gcc -m32 works for 32-bit x86 assembly. The -m32 flag is needed on 64-bit Linux to produce 32-bit output matching the challenge's calling convention.

Flag

picoCTF{0x23e}

asm4('picoCTF_d023b4') returns 0x23e. Rather than tracing manually, assemble the code with NASM and call it from a C wrapper compiled with gcc -m32 to compute the answer directly.

Want more picoCTF 2019 writeups?

Browse picoCTF 2019Full library

Useful tools for Reverse Engineering

Related reading

What to try next