Description
The fourth assembly dump again loads 0x9fe1a but subtracts 0x65 before returning. Convert the result into decimal for the flag.
Setup
Assembly readingDownload disassembler-dump0_d.txt
Fetch the dump and focus on the subtraction at <+31>.
wget https://artifacts.picoctf.net/c/511/disassembler-dump0_d.txt
cat disassembler-dump0_d.txt
Solution
- Step 1Track the operationsEAX is assigned 0x9fe1a and then SUB 0x65 executes. No other arithmetic touches the register before return.
- Step 2Compute the resultEvaluate 0x9fe1a - 0x65 = 654,773 and wrap it with picoCTF{...}.python3 - <<'PY' print(0x9fe1a - 0x65) PY
Flag
picoCTF{654773}
Double-check the direction of the subtraction: EAX minus 0x65, not the other way around.