Ready Gladiator 1 picoCTF 2023 Solution

Description

1. Step 1Adopt a published warrior
   Imp Ex from the Core War docs beats a stock Imp close to 100 percent of the time. One copy is enough for at least one round win.
   Learn more

   Imp Ex (Imp Exterminator) is the textbook anti-Imp warrior. It is a tiny bomber that writes DAT instructions across memory faster than the Imp can run, killing the Imp's process when execution lands on a bombed cell. Empirically, Imp Ex (or any tuned 4-stride bomber against a 1-stride Imp) wins close to 100 percent of stock-Imp matches when offsets are randomised.

   The server runs ICWS-94 Redcode (the modern standard). The header line ;redcode-94 tells the parser which dialect to use; without it some servers fall back to the 1988 standard, which lacks the instruction modifiers (.ab, .i, etc.) that newer warriors rely on. Sticking with the trio of unmodified opcodes add, mov, jmp in the snippet above keeps it portable across both dialects.

   Quick addressing-mode reference for reading other warriors:

   #  immediate     -> the literal value (e.g. add #4, 3 adds 4)
      direct        -> offset from current instruction (no prefix)
   @  indirect      -> follow the B-field of the target cell, then dereference
   <  pre-decrement -> decrement target's B-field, then use it indirectly
   >  post-increment-> use indirectly, then increment target's B-field
   *  A-indirect    -> like @ but follow A-field (ICWS-94 only)
   {  A-pre-decr    -> ICWS-94
   }  A-post-incr   -> ICWS-94
   $  direct (94)   -> explicit form of no-prefix direct

   Walking through Imp Ex line by line. add #4, 3 adds the literal 4 to the B-field of instruction at offset +3 (the dat #0, #0 bomb pointer), so the bomb's target advances by 4 each iteration. mov 2, @2 copies the instruction at offset +2 (the dat bomb itself) to the address pointed to indirectly by instruction +2's B-field, dropping a death trap. jmp -2 loops back to the add. The add mutates the bomb pointer in place, so each cycle bombs a fresh cell on a stride of 4 covering the entire Imp's sweep path.

   Other warriors worth keeping in your back pocket: Dwarf is the original 4-stride bomber and is even shorter than Imp Ex; Tiger is a faster bomber with a 5-cell stride that historically scored well on the Hill. Cross-checking your result against multiple warriors helps confirm the server is not silently rejecting one of them on parse error.

2. Step 2Collect the reward
   Once 100 matches finish, the service prints the flag in the summary. Anything north of 1 win clears the threshold.
   Learn more

   "At least one round" is the lenient bar. A bomber that wins close to 100 of 100 makes the test pass on the first connect. The 100-round format is statistical: random starting offsets vary how the warriors meet, so partial-win warriors prove they are genuinely capable rather than getting one lucky pairing.

   The progression across the three Ready Gladiator challenges (lose all, win some, win all) mirrors strategy work in CTFs more broadly: understand the game, achieve partial success, then turn the corner to consistent wins.

Flag

Any warrior capable of beating the Imp at least once will work; Imp Ex is a handy template.