Description
Inspect the provided assembly dump and report the value placed into EAX. Convert the hexadecimal literal into decimal before wrapping it in picoCTF{...}.
Setup
Grab the assembly dump and open it in your editor.
Locate the MOV that writes a constant into EAX.
wget https://artifacts.picoctf.net/c/509/disassembler-dump0_a.txtcat disassembler-dump0_a.txtSolution
Want to try it yourself first?
The guided walkthrough reveals hints one step at a time.
Step 1
Find the immediate valueObservationI noticed the challenge asks for the value placed into EAX, which suggested scanning the disassembly dump for a MOV instruction writing a constant into that register near the function epilogue.The dump shows mov eax, 0x30, so the register ends with hexadecimal 0x30 at function exit.Learn more
x86 assembly is the human-readable representation of the machine code that runs on Intel and AMD processors. Instructions take the form
mnemonic destination, source. The MOV instruction simply copies a value from the source into the destination - it is arguably the most common instruction in any program.EAX is a 32-bit general-purpose register. In the x86 calling convention, EAX holds a function's return value when it exits. So when a function ends with
mov eax, 0x30and thenret, the caller receives the value0x30. Reading register assignments near a function's epilogue is the fastest way to determine what a function returns without running it.Being able to read disassembly without running a binary is called static analysis. It is safer than dynamic analysis (actually executing the binary) because it eliminates any risk of triggering malicious behavior, and it works on any architecture even without the original hardware. Tools like objdump, Ghidra, IDA Pro, and Binary Ninja all present disassembly in this form.
Step 2
Convert to decimalObservationI noticed the dump contained the hex literal 0x30 and the flag format requires a decimal integer, which suggested converting 0x30 to its decimal equivalent (48) using printf or Python before wrapping it in picoCTF{}.Translate 0x30 to decimal (48) via printf, python, or any converter, then format picoCTF{...}.bashprintf "picoCTF{%d}\n" 0x30Expected output
picoCTF{48}What didn't work first
Tried: Wrapping the raw hex value directly as picoCTF{0x30} without converting to decimal.
The challenge explicitly asks for the decimal representation of the register value. Submitting picoCTF{0x30} fails because the flag checker expects picoCTF{48}. The printf command with %d handles the conversion in one step, printing the decimal integer that corresponds to 0x30.
Tried: Using python -c "print(0x30)" and accidentally reading the output as the full flag without the picoCTF{} wrapper.
Python correctly prints 48, but the flag format requires it wrapped as picoCTF{48}. Submitting just 48 or the raw output without the wrapper is rejected. The printf one-liner builds the wrapper into the format string automatically, reducing the chance of this mistake.
Learn more
Hexadecimal (base 16) and decimal (base 10) are two different ways of expressing the same number. Processors and disassemblers use hex because each hex digit represents exactly four binary bits, making the relationship between hex and raw binary very clean. Humans often prefer decimal for the final answer because it is more intuitive.
The
printfutility in bash supports the%dformat specifier, which interprets its argument as an integer and prints it in decimal - it even understands the0xprefix to indicate hexadecimal input. Python'sint(0x30)orint("0x30", 16)accomplish the same thing. The key insight is that0x30 == 48; both refer to the same value stored in the register.Fluent base conversion is one of the most basic skills in reverse engineering and exploitation. You will encounter hex constantly: memory addresses, byte values, bitmasks, offsets. Practicing conversion until it feels natural - and knowing which tools (printf, python, bc, CyberChef) are quickest in a given situation - pays off across every area of security.
Interactive tools
- Hex ViewerView text or raw hex bytes as a xxd-style hex dump with byte offset, hex columns, and ASCII sidebar. Highlights printable characters and null bytes.
- Number Base ConverterConvert numbers between binary, octal, decimal, and hexadecimal instantly. Enter any value and see all four bases update in real time.
Flag
Reveal flag
picoCTF{...}
Every challenge in the Bit-O-Asm series hides the answer in a MOV/arith instruction-reading the dump carefully is all you need.