Created
November 29, 2020 14:12
-
-
Save hgarrereyn/e3b9a31c65cc525654e3b9c7d3893bb2 to your computer and use it in GitHub Desktop.
SOP disasm for Hitcon CTF 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0000 :: &r0 = 0x217000 | |
| 0010 :: mmap r0, 0x1, 0x7, 0x22, 0x0, 0x0 | |
| 0018 :: read 0x0, 0x217000, 0x20 | |
| 0020 :: WRITE 0x217050 - 0x217070, b' p!\x00\x00\x00\x00\x00\x04\x00\x00\x04\x00\x00\x00\x00Dp!\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
| 0120 :: WRITE 0x217020 - 0x21704c, b'H\xb9,4:y\xf5\x95\x84?\x8bV\x04f\x89\x11H\x8d\r\xeb\xff\xff\xffH\xff\x01H\xff\x01\xc3\xcc\xcc\xcc\xcc\xcc\xcc1\xc0\xb0\x0f\x0f\x05\xcc\xcc' | |
| 0280 :: &r0 = 0x217050 | |
| 0290 :: rt_sigaction 0x1f, r0, 0x0, 0x8 | |
| 0298 :: prctl 0x26, 0x1, 0x0, 0x0 | |
| 02A0 :: WRITE 0x217050 - 0x217054, b'G\x00\x00\x00' | |
| 02C0 :: WRITE 0x217058 - 0x21705c, b'`p!\x00' | |
| 02E0 :: WRITE 0x217060 - 0x217298, b" \x00\x00\x00\x00\x00\x00\x005\x00\r\x00\x00\x00\x00@\x15\x00\n\x00\x01\x00\x00\x00\x15\x00 \x00h\x00\x00\x00\x15\x00\x15\x00f\x00\x00\x00\x15\x00(\x00\xba\x00\x00\x00\x15\x00\x0e\x00'\x00\x00\x00\x15\x00\x17\x00l\x00\x00\x00\x15\x00\x07\x00o\x00\x00\x00\x15\x00)\x00n\x00\x00\x00\x15\x00\x1e\x00k\x00\x00\x00\x15\x00,\x009\x00\x00\x00\x06\x00\x00\x00\x00\x00\xff\x7f \x00\x00\x00\x10\x00\x00\x00\x15\x00\x007\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x18\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x10\x00\x00\x00,\x00\x00\x00\x00\x00\x00\x00\x15\x00((\x00\x00\x00\x00 \x00\x00\x00\x18\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x10\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x15\x00##\x00\x00\x00\x00 \x00\x00\x00\x18\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x10\x00\x00\x00|\x00\x00\x00\x00\x00\x00\x00\x15\x00\x1e\x1e\x00\x00\x00\x00 \x00\x00\x00\x18\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x10\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x15\x00\x19\x19\x00\x00\x00\x00 \x00\x00\x00\x18\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x10\x00\x00\x00\\\x00\x00\x00\x00\x00\x00\x00\x15\x00\x14\x14\x00\x00\x00\x00 \x00\x00\x00\x18\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x10\x00\x00\x00\xac\x00\x00\x00\x00\x00\x00\x00\x15\x00\x0f\x0f\x00\x00\x00\x00 \x00\x00\x00\x18\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x10\x00\x00\x00L\x00\x00\x00\x00\x00\x00\x00\x15\x00\n\n\x00\x00\x00\x00 \x00\x00\x00\x18\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x10\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x00\x15\x00\x05\x05\x00\x00\x00\x00 \x00\x00\x00\x18\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x10\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00 \x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x00|\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x03\x00T\x00\x00\x00\xff\xff\x00\x00L\x00\x00\x00\x00\x00\x00\x00\x16\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xff\x7f" | |
| 14A0 :: prctl 0x16, 0x2, 0x217050 | |
| 14A8 :: &r2 = 0x69a33fff | |
| 14B8 :: &r3 = 0x468932dc | |
| 14C8 :: &r4 = 0x2b0b575b | |
| 14D8 :: &r5 = 0x1e8b51cc | |
| 14E8 :: LOAD &r6, 0x217000 | |
| 14F8 :: &r0 = 0xffffffff | |
| 1508 :: &r6 = r0 & r6 | |
| 1548 :: getgid 0x0, 0x0, 0x0 | |
| 1550 :: getgid 0x0, 0x0, 0x0 | |
| 1558 :: LOAD &r7, 0x217004 | |
| 1568 :: &r0 = 0xffffffff | |
| 1578 :: &r7 = r0 & r7 | |
| 15B8 :: getgid 0x0, 0x0, 0x0 | |
| 15C0 :: getgid 0x0, 0x0, 0x0 | |
| 15C8 :: &r8 = 0x0 | |
| 15D8 :: &r9 = 0x51fdd41a | |
| 15E8 :: &r10 = 0x0 | |
| 15F8 :: &r8 = r8 + r9 | |
| 1638 :: &r11 = r7 << 0x4 | |
| 1678 :: &r11 = r11 + r2 | |
| 16B8 :: &r12 = r7 >> 0x5 | |
| 16F8 :: &r12 = r12 + r3 | |
| 1738 :: &r11 = r11 ^ r12 | |
| 1778 :: &r12 = r7 + r8 | |
| 17B8 :: &r11 = r11 ^ r12 | |
| 17F8 :: &r6 = r6 + r11 | |
| 1838 :: &r11 = r6 << 0x4 | |
| 1878 :: &r11 = r11 + r4 | |
| 18B8 :: &r12 = r6 >> 0x5 | |
| 18F8 :: &r12 = r12 + r5 | |
| 1938 :: &r11 = r11 ^ r12 | |
| 1978 :: &r12 = r6 + r8 | |
| 19B8 :: &r11 = r11 ^ r12 | |
| 19F8 :: &r7 = r7 + r11 | |
| 1A38 :: &r10 = r10 + 0x1 | |
| 1A78 :: &r11 = r10 >> 0x5 | |
| 1AB8 :: &r11 = 0x1 - r11 | |
| 1AF8 :: &r11 = r11 * 0xab | |
| 1B38 :: SET 0x217022, &r15 | |
| 1B48 :: getegid r15, r11, 0x0 | |
| 1B50 :: MEMSET 0x217050, r6 | |
| 1B70 :: MEMSET 0x217054, r7 | |
| 1B90 :: &r2 = 0x32e57ab6 | |
| 1BA0 :: &r3 = 0x7785df55 | |
| 1BB0 :: &r4 = 0x688620f9 | |
| 1BC0 :: &r5 = 0x8df954f3 | |
| 1BD0 :: LOAD &r6, 0x217008 | |
| 1BE0 :: &r0 = 0xffffffff | |
| 1BF0 :: &r6 = r0 & r6 | |
| 1C30 :: getgid 0x0, 0x0, 0x0 | |
| 1C38 :: getgid 0x0, 0x0, 0x0 | |
| 1C40 :: LOAD &r7, 0x21700c | |
| 1C50 :: &r0 = 0xffffffff | |
| 1C60 :: &r7 = r0 & r7 | |
| 1CA0 :: getgid 0x0, 0x0, 0x0 | |
| 1CA8 :: getgid 0x0, 0x0, 0x0 | |
| 1CB0 :: &r8 = 0x0 | |
| 1CC0 :: &r9 = 0x5c37a6db | |
| 1CD0 :: &r10 = 0x0 | |
| 1CE0 :: &r8 = r8 + r9 | |
| 1D20 :: &r11 = r7 << 0x4 | |
| 1D60 :: &r11 = r11 + r2 | |
| 1DA0 :: &r12 = r7 >> 0x5 | |
| 1DE0 :: &r12 = r12 + r3 | |
| 1E20 :: &r11 = r11 ^ r12 | |
| 1E60 :: &r12 = r7 + r8 | |
| 1EA0 :: &r11 = r11 ^ r12 | |
| 1EE0 :: &r6 = r6 + r11 | |
| 1F20 :: &r11 = r6 << 0x4 | |
| 1F60 :: &r11 = r11 + r4 | |
| 1FA0 :: &r12 = r6 >> 0x5 | |
| 1FE0 :: &r12 = r12 + r5 | |
| 2020 :: &r11 = r11 ^ r12 | |
| 2060 :: &r12 = r6 + r8 | |
| 20A0 :: &r11 = r11 ^ r12 | |
| 20E0 :: &r7 = r7 + r11 | |
| 2120 :: &r10 = r10 + 0x1 | |
| 2160 :: &r11 = r10 >> 0x5 | |
| 21A0 :: &r11 = 0x1 - r11 | |
| 21E0 :: &r11 = r11 * 0xab | |
| 2220 :: SET 0x217022, &r15 | |
| 2230 :: getegid r15, r11, 0x0 | |
| 2238 :: MEMSET 0x217058, r6 | |
| 2258 :: MEMSET 0x21705c, r7 | |
| 2278 :: &r2 = 0xaca81571 | |
| 2288 :: &r3 = 0x2c19574f | |
| 2298 :: &r4 = 0x1bd1fc38 | |
| 22A8 :: &r5 = 0x14220605 | |
| 22B8 :: LOAD &r6, 0x217010 | |
| 22C8 :: &r0 = 0xffffffff | |
| 22D8 :: &r6 = r0 & r6 | |
| 2318 :: getgid 0x0, 0x0, 0x0 | |
| 2320 :: getgid 0x0, 0x0, 0x0 | |
| 2328 :: LOAD &r7, 0x217014 | |
| 2338 :: &r0 = 0xffffffff | |
| 2348 :: &r7 = r0 & r7 | |
| 2388 :: getgid 0x0, 0x0, 0x0 | |
| 2390 :: getgid 0x0, 0x0, 0x0 | |
| 2398 :: &r8 = 0x0 | |
| 23A8 :: &r9 = 0xb4f0b4fb | |
| 23B8 :: &r10 = 0x0 | |
| 23C8 :: &r8 = r8 + r9 | |
| 2408 :: &r11 = r7 << 0x4 | |
| 2448 :: &r11 = r11 + r2 | |
| 2488 :: &r12 = r7 >> 0x5 | |
| 24C8 :: &r12 = r12 + r3 | |
| 2508 :: &r11 = r11 ^ r12 | |
| 2548 :: &r12 = r7 + r8 | |
| 2588 :: &r11 = r11 ^ r12 | |
| 25C8 :: &r6 = r6 + r11 | |
| 2608 :: &r11 = r6 << 0x4 | |
| 2648 :: &r11 = r11 + r4 | |
| 2688 :: &r12 = r6 >> 0x5 | |
| 26C8 :: &r12 = r12 + r5 | |
| 2708 :: &r11 = r11 ^ r12 | |
| 2748 :: &r12 = r6 + r8 | |
| 2788 :: &r11 = r11 ^ r12 | |
| 27C8 :: &r7 = r7 + r11 | |
| 2808 :: &r10 = r10 + 0x1 | |
| 2848 :: &r11 = r10 >> 0x5 | |
| 2888 :: &r11 = 0x1 - r11 | |
| 28C8 :: &r11 = r11 * 0xab | |
| 2908 :: SET 0x217022, &r15 | |
| 2918 :: getegid r15, r11, 0x0 | |
| 2920 :: MEMSET 0x217060, r6 | |
| 2940 :: MEMSET 0x217064, r7 | |
| 2960 :: &r2 = 0x33f33fe0 | |
| 2970 :: &r3 = 0xf9de7e36 | |
| 2980 :: &r4 = 0xe9ab109d | |
| 2990 :: &r5 = 0x8d4f04b2 | |
| 29A0 :: LOAD &r6, 0x217018 | |
| 29B0 :: &r0 = 0xffffffff | |
| 29C0 :: &r6 = r0 & r6 | |
| 2A00 :: getgid 0x0, 0x0, 0x0 | |
| 2A08 :: getgid 0x0, 0x0, 0x0 | |
| 2A10 :: LOAD &r7, 0x21701c | |
| 2A20 :: &r0 = 0xffffffff | |
| 2A30 :: &r7 = r0 & r7 | |
| 2A70 :: getgid 0x0, 0x0, 0x0 | |
| 2A78 :: getgid 0x0, 0x0, 0x0 | |
| 2A80 :: &r8 = 0x0 | |
| 2A90 :: &r9 = 0xd3c45f8c | |
| 2AA0 :: &r10 = 0x0 | |
| 2AB0 :: &r8 = r8 + r9 | |
| 2AF0 :: &r11 = r7 << 0x4 | |
| 2B30 :: &r11 = r11 + r2 | |
| 2B70 :: &r12 = r7 >> 0x5 | |
| 2BB0 :: &r12 = r12 + r3 | |
| 2BF0 :: &r11 = r11 ^ r12 | |
| 2C30 :: &r12 = r7 + r8 | |
| 2C70 :: &r11 = r11 ^ r12 | |
| 2CB0 :: &r6 = r6 + r11 | |
| 2CF0 :: &r11 = r6 << 0x4 | |
| 2D30 :: &r11 = r11 + r4 | |
| 2D70 :: &r12 = r6 >> 0x5 | |
| 2DB0 :: &r12 = r12 + r5 | |
| 2DF0 :: &r11 = r11 ^ r12 | |
| 2E30 :: &r12 = r6 + r8 | |
| 2E70 :: &r11 = r11 ^ r12 | |
| 2EB0 :: &r7 = r7 + r11 | |
| 2EF0 :: &r10 = r10 + 0x1 | |
| 2F30 :: &r11 = r10 >> 0x5 | |
| 2F70 :: &r11 = 0x1 - r11 | |
| 2FB0 :: &r11 = r11 * 0xab | |
| 2FF0 :: SET 0x217022, &r15 | |
| 3000 :: getegid r15, r11, 0x0 | |
| 3008 :: MEMSET 0x217068, r6 | |
| 3028 :: MEMSET 0x21706c, r7 | |
| 3048 :: LOAD &r9, 0x217050 | |
| 3058 :: &r2 = 0x0 | |
| 3068 :: &r3 = r9 ^ 0x152ceed2 | |
| 30A8 :: &r2 = r2 | r3 | |
| 30E8 :: LOAD &r9, 0x217054 | |
| 30F8 :: &r2 = 0x0 | |
| 3108 :: &r3 = r9 ^ 0xd6046dc3 | |
| 3148 :: &r2 = r2 | r3 | |
| 3188 :: LOAD &r9, 0x217058 | |
| 3198 :: &r2 = 0x0 | |
| 31A8 :: &r3 = r9 ^ 0x4a9d3ffd | |
| 31E8 :: &r2 = r2 | r3 | |
| 3228 :: LOAD &r9, 0x21705c | |
| 3238 :: &r2 = 0x0 | |
| 3248 :: &r3 = r9 ^ 0xbb541082 | |
| 3288 :: &r2 = r2 | r3 | |
| 32C8 :: LOAD &r9, 0x217060 | |
| 32D8 :: &r2 = 0x0 | |
| 32E8 :: &r3 = r9 ^ 0x632a4f78 | |
| 3328 :: &r2 = r2 | r3 | |
| 3368 :: LOAD &r9, 0x217064 | |
| 3378 :: &r2 = 0x0 | |
| 3388 :: &r3 = r9 ^ 0xa9cb93d | |
| 33C8 :: &r2 = r2 | r3 | |
| 3408 :: LOAD &r9, 0x217068 | |
| 3418 :: &r2 = 0x0 | |
| 3428 :: &r3 = r9 ^ 0x58aae351 | |
| 3468 :: &r2 = r2 | r3 | |
| 34A8 :: LOAD &r9, 0x21706c | |
| 34B8 :: &r2 = 0x0 | |
| 34C8 :: &r3 = r9 ^ 0x92012a14 | |
| 3508 :: &r2 = r2 | r3 | |
| 3548 :: &r3 = 0x0 - r2 | |
| 3588 :: &r2 = r2 & r3 | |
| 35C8 :: &r3 = r2 / 0x3 | |
| 3608 :: &r3 = r3 * 0x3 | |
| 3648 :: &r2 = r2 - r3 | |
| 3688 :: &r2 = 0x2 ^ r2 | |
| 36C8 :: &r2 = r2 >> 0x1 | |
| 3708 :: WRITE 0x217050 - 0x217074, b'Congratulations! Here is your flag: ' | |
| 3828 :: WRITE 0x217020 - 0x217024, b'\n\x00\x00\x00' | |
| 3848 :: write r2, 0x217050, 0x24 | |
| 3850 :: write r2, 0x217000, 0x21 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment