Description
CoreWars is back, and this time you must intentionally lose every battle against the Imp. Submit a warrior that self-terminates immediately.
Setup
Edit the provided Redcode warrior so it contains nothing but a header and ends immediately.
Pipe the modified warrior into nc saturn.picoctf.net 62089 to fight the Imp.
printf ';redcode\nDAT 0, 1\nend\n' > imp.rednc saturn.picoctf.net 62089 < imp.redSolution
Want to try it yourself first?
The guided walkthrough reveals hints one step at a time.
Step 1
Strip the warriorObservationI noticed the challenge description explicitly required losing every battle against the Imp, which suggested I needed a warrior that self-terminates immediately rather than one that competes, pointing to a DAT-only Redcode program.A warrior that only contains a DAT instruction dies the moment it executes it. DAT is the data instruction and any process that attempts to execute it is immediately terminated. One DAT line is enough to lose every round.Learn more
Core War is a programming game from 1984 (A.K. Dewdney) where two programs called warriors compete inside a virtual machine called the MARS (Memory Array Redcode Simulator). Warriors are written in Redcode, an assembly-like language: a few opcodes, addressing modes, and a circular memory of typically 8000 cells. The MARS interleaves instructions from each warrior. A warrior dies when it executes a
DATinstruction; the last live warrior wins.The Imp is the simplest possible warrior:
MOV 0, 1copies the current instruction one cell forward, and execution follows it. The result is a self-replicating wave that sweeps memory forever.A warrior whose source is just
;redcodeplusendloads with zero executable instructions, so the very first scheduled tick lands onDATand dies. Across all 100 rounds the result is deterministic: 0 wins, 100 losses. With a normal scoring tiebreaker (more wins beats more ties beats more losses), this hits the requirement of losing every round.Want to test locally first?
sudo apt install pmarsinstalls pMARS, the standard MARS simulator. Runpmars -r 100 -b imp.red imp.redand confirm the empty warrior loses 100/100 before connecting. The pMARS reference covers the CLI in detail.Step 2
Run the matches over netcatObservationI noticed the setup steps referenced piping to nc saturn.picoctf.net 62089 and the solutionIntro confirmed the match runs over a netcat pipe, which suggested redirecting the modified warrior file as stdin to receive the flag after 100 rounds complete.Send the file through nc and read the summary. The flag prints once 100 rounds finish.bashtimeout 30 nc saturn.picoctf.net 62089 < imp.redExpected output
picoCTF{h3r0_...6d4cf}What didn't work first
Tried: Typing the nc command interactively without redirecting imp.red as stdin
Without the < imp.red redirect, nc sends nothing to the server and the session just hangs waiting for keyboard input. The server expects the warrior source over stdin immediately; piping or redirecting the file is what delivers it. Add < imp.red to the command to feed the file automatically.
Tried: Sending the original downloaded imp.red (the Imp warrior) unchanged to the server
The original imp.red contains the Imp's MOV 0, 1 instruction, which is a winning warrior, not a losing one. The server will report wins or ties rather than 100 losses, and the flag will not appear. The file must be replaced with a DAT-only warrior before being sent.
Learn more
The challenge server runs the matches synchronously, so the response is just stdin in, summary out. Wrap nc in
timeout 30if the connection seems to hang; that catches the case where the warrior is malformed and the server waits for more bytes. If the response complains about syntax, double-check the file has Unix line endings (runfile imp.red; CRLF endings break some pMARS variants).For deeper Core War strategy the corewar.co.uk archive has decades of documented warriors and tournament results.
Flag
Reveal flag
picoCTF{h3r0_...6d4cf}
Any warrior that terminates immediately will forfeit every round and yield the flag.