picoCTF Solutions
picoCTF 2023Reverse EngineeringMedium

Ready Gladiator 1

Published: April 26, 2023

Description

Now you must occasionally beat the Imp. Modify the warrior to something more aggressive, such as the documented "Imp Ex" example.

Setup

Download imp.red

Replace the original Imp with a more capable warrior (e.g., add #4, mov 2,@2, jmp -2).

Submit the modified file via nc saturn.picoctf.net 63042 and win at least one round.

cat <<'RED' > imp.red
;redcode
;name Imp Ex
add #4, 3
mov 2, @2
jmp -2
dat #0, #0
end
RED
nc saturn.picoctf.net 63042 < imp.red

Solution

  1. Step 1Adopt a published warrior
    The "Imp Ex" sample from the CoreWar docs overwhelms the stock Imp within a few rounds, guaranteeing at least one victory.
    Learn more

    Imp Ex (Imp Exterminator) is a classic Core War warrior designed specifically to counter the Imp. It works as a bomber: it writes DAT(invalid/death) instructions to memory addresses ahead of where the Imp is likely to be, killing the Imp's process when it executes those cells.

    The three-instruction loop works as follows: add #4, 3 increments the target address stored in the dat bomb by 4 each iteration (stepping over memory in strides); mov 2, @2 copies the dat bomb to the indirect address pointed to by the third instruction; jmp -2 loops back. This creates a sweeping pattern that writes death traps across memory faster than the Imp can run away from them.

    The Core War community has catalogued thousands of warriors with measurable win/loss statistics against common opponents. The Hill (the public leaderboard) hosts battles continuously. Understanding how warriors interact requires reading Redcode's addressing modes - immediate (#), direct, indirect (@), and pre/post-decrement - which map loosely to assembly-language concepts taught in computer architecture courses.

  2. Step 2Collect the reward
    Once the 100 matches finish, the service reveals the flag in the summary output.
    Learn more

    Winning "at least one round" out of 100 is a lenient requirement - a moderately capable warrior will win far more. The server's requirement of 100 rounds is a statistical test: a lucky single-round win could be random, but demonstrating consistent capability across many rounds shows the warrior is genuinely effective.

    This graduated series of Core War challenges (lose all, win some, win all) mirrors how real security challenges often build complexity incrementally. Each step requires understanding not just the mechanics but also strategy: sometimes the goal is to achieve something specific (win), sometimes it is to avoid something (losing), and sometimes it is to achieve it with perfect consistency. These different objectives demand different approaches even when the underlying system is the same.

Flag

picoCTF{1mp_1n...5_ec57a42e}

Any warrior capable of beating the Imp at least once will work; Imp Ex is a handy template.

Want more picoCTF 2023 writeups?

Browse picoCTF 2023Full library

Useful tools for Reverse Engineering

Related reading

What to try next