Reversing_SpecialInstructions_asm.txt - A painter and a black cat

CTF Writeup SECCON 2018 » Reversing_SpecialInstructions_asm.txt

kanata, 2025/04/13 15:28

       $ /usr/local/cross2-gcc494/bin/moxie-elf-objdump -d -M intel ./runme
       ./runme:     file format elf32-bigmoxie
       Disassembly of section .text:
       00001400 <_start>:
 :       01 10 00 00     ldi.l   $sp, 0x1c60
 :       1c 60
 :       03 00 00 00     jsra    15a2 <main>
 a:       15 a2
       0000140c <__exit>:
 c:       02 42           mov     $r2, $r0
 e:       30 00 00 00     swi     0x1
 :       00 01
 :       02 24           mov     $r0, $r2
 :       04 00           ret
       00001418 <__read>:
 :       02 64           mov     $r4, $r2
 a:       02 53           mov     $r3, $r1
 c:       02 42           mov     $r2, $r0
 e:       30 00 00 00     swi     0x4
 :       00 04
 :       02 24           mov     $r0, $r2
 :       04 00           ret
       00001428 <__write>:
 :       02 64           mov     $r4, $r2
 a:       02 53           mov     $r3, $r1
 c:       02 42           mov     $r2, $r0
 e:       30 00 00 00     swi     0x5
 :       00 05
 :       02 24           mov     $r0, $r2
 :       04 00           ret
       00001438 <__open>:
 :       02 64           mov     $r4, $r2
 a:       02 53           mov     $r3, $r1
 c:       02 42           mov     $r2, $r0
 e:       30 00 00 00     swi     0x2
 :       00 02
 :       02 24           mov     $r0, $r2
 :       04 00           ret
       00001448 <__close>:
 :       04 00           ret
       0000144a <exit>:
 a:       91 18           dec     $sp, 0x18
 c:       03 00 00 00     jsra    140c <__exit>
 :       14 0c
       00001452 <write1>:
 :       91 18           dec     $sp, 0x18
 :       37 03 00 10     sto.b   0x10($fp), $r1
 :       02 30           mov     $r1, $fp
 a:       83 10           inc     $r1, 0x10
 c:       01 40 00 00     ldi.l   $r2, 0x1
 :       00 01
 :       03 00 00 00     jsra    1428 <__write>
 :       14 28
 :       04 00           ret
       0000146a <putchar>:
 a:       06 18           push    $sp, $r6
 c:       91 18           dec     $sp, 0x18
 e:       02 83           mov     $r6, $r1
 :       03 00 00 00     jsra    1452 <write1>
 :       14 52
 :       02 28           mov     $r0, $r6
 :       02 e0           mov     $r12, $fp
 a:       9e 04           dec     $r12, 0x4
 c:       07 e8           pop     $r12, $r6
 e:       04 00           ret
       00001480 <puts>:
 :       06 18           push    $sp, $r6
 :       06 19           push    $sp, $r7
 :       06 1a           push    $sp, $r8
 :       06 1b           push    $sp, $r9
 :       06 1c           push    $sp, $r10
 a:       91 18           dec     $sp, 0x18
 c:       02 92           mov     $r7, $r0
 e:       02 83           mov     $r6, $r1
 :       1c 33           ld.b    $r1, ($r1)
 :       02 43           mov     $r2, $r1
 :       2e 22           xor     $r0, $r0
 :       0e 42           cmp     $r2, $r0
 :       c0 0b           beq     14b0 <puts+0x30>
 a:       01 c0 00 00     ldi.l   $r10, 0x146a
 e:       14 6a
 a0:       02 a2           mov     $r8, $r0
 a2:       02 29           mov     $r0, $r7
 a4:       19 c0           jsr     $r10
 a6:       88 01           inc     $r6, 0x1
 a8:       1c 38           ld.b    $r1, ($r6)
 aa:       02 23           mov     $r0, $r1
 ac:       0e 2a           cmp     $r0, $r8
 ae:       c7 f9           bne     14a2 <puts+0x22>
 b0:       2e 22           xor     $r0, $r0
 b2:       02 e0           mov     $r12, $fp
 b4:       9e 14           dec     $r12, 0x14
 b6:       07 ec           pop     $r12, $r10
 b8:       07 eb           pop     $r12, $r9
 ba:       07 ea           pop     $r12, $r8
 bc:       07 e9           pop     $r12, $r7
 be:       07 e8           pop     $r12, $r6
 c0:       04 00           ret
 c2 <putxval>:
 c2:       06 18           push    $sp, $r6
 c4:       06 19           push    $sp, $r7
 c6:       06 1a           push    $sp, $r8
 c8:       06 1b           push    $sp, $r9
 ca:       06 1c           push    $sp, $r10
 cc:       91 2c           dec     $sp, 0x2c
 ce:       2e 55           xor     $r3, $r3
 d0:       37 05 ff eb     sto.b   0xffeb($fp), $r3
 d4:       2e 55           xor     $r3, $r3
 d6:       0e 35           cmp     $r1, $r3
 d8:       c4 05           bne     14e4 <putxval+0x22>
 da:       0e 45           cmp     $r2, $r3
 dc:       c4 03           bne     14e4 <putxval+0x22>
 de:       01 40 00 00     ldi.l   $r2, 0x1
 e2:       00 01
 e4:       02 50           mov     $r3, $fp
 e6:       95 16           dec     $r3, 0x16
 e8:       2e 66           xor     $r4, $r4
 ea:       1b c0 00 00     ldi.b   $r10, 0x30
 ee:       00 30
 f0:       01 a0 00 00     ldi.l   $r8, 0x1640
 f4:       16 40
 f6:       01 90 00 00     ldi.l   $r7, 0xf
 fa:       00 0f
 fc:       01 80 00 00     ldi.l   $r6, 0x4
 :       00 04
 :       1a 00 00 00     jmpa    151e <putxval+0x5c>
 :       15 1e
 :       02 73           mov     $r5, $r1
 a:       26 79           and     $r5, $r7
 c:       02 ba           mov     $r9, $r8
 e:       05 b7           add     $r9, $r5
 :       1c 7b           ld.b    $r5, ($r9)
 :       1e 57           st.b    ($r3), $r5
 :       27 38           lshr    $r1, $r6
 :       0e 46           cmp     $r2, $r4
 :       c0 01           beq     151c <putxval+0x5a>
 a:       94 01           dec     $r2, 0x1
 c:       95 01           dec     $r3, 0x1
 e:       0e 36           cmp     $r1, $r4
 :       c7 f3           bne     1508 <putxval+0x46>
 :       0e 46           cmp     $r2, $r4
 :       c0 04           beq     152e <putxval+0x6c>
 :       1e 5c           st.b    ($r3), $r10
 :       1a 00 00 00     jmpa    151a <putxval+0x58>
 c:       15 1a
 e:       02 35           mov     $r1, $r3
 :       83 01           inc     $r1, 0x1
 :       03 00 00 00     jsra    1480 <puts>
 :       14 80
 :       2e 22           xor     $r0, $r0
 a:       02 e0           mov     $r12, $fp
 c:       9e 14           dec     $r12, 0x14
 e:       07 ec           pop     $r12, $r10
 :       07 eb           pop     $r12, $r9
 :       07 ea           pop     $r12, $r8
 :       07 e9           pop     $r12, $r7
 :       07 e8           pop     $r12, $r6
 :       04 00           ret
       0000154a <set_random_seed>:
 a:       16 20           bad
 c:       04 00           ret
       0000154e <get_random_value>:
 e:       17 20           bad
 :       04 00           ret
       00001552 <decode>:
 :       06 18           push    $sp, $r6
 :       06 19           push    $sp, $r7
 :       06 1a           push    $sp, $r8
 :       06 1b           push    $sp, $r9
 a:       06 1c           push    $sp, $r10
 c:       06 1d           push    $sp, $r11
 e:       91 18           dec     $sp, 0x18
 :       02 d2           mov     $r11, $r0
 :       1c 42           ld.b    $r2, ($r0)
 :       2e 22           xor     $r0, $r0
 :       0e 42           cmp     $r2, $r0
 :       c0 12           beq     158e <decode+0x3c>
 a:       02 a3           mov     $r8, $r1
 c:       02 9d           mov     $r7, $r11
 e:       01 c0 00 00     ldi.l   $r10, 0x154e
 :       15 4e
 :       1c 8a           ld.b    $r6, ($r8)
 :       2e 22           xor     $r0, $r0
 :       19 c0           jsr     $r10
 a:       2e 82           xor     $r6, $r0
 c:       1c 29           ld.b    $r0, ($r7)
 e:       2e 82           xor     $r6, $r0
 :       1e 98           st.b    ($r7), $r6
 :       89 01           inc     $r7, 0x1
 :       8a 01           inc     $r8, 0x1
 :       1c 39           ld.b    $r1, ($r7)
 :       2e 22           xor     $r0, $r0
 a:       0e 32           cmp     $r1, $r0
 c:       c7 f3           bne     1574 <decode+0x22>
 e:       02 2d           mov     $r0, $r11
 :       02 e0           mov     $r12, $fp
 :       9e 18           dec     $r12, 0x18
 :       07 ed           pop     $r12, $r11
 :       07 ec           pop     $r12, $r10
 :       07 eb           pop     $r12, $r9
 a:       07 ea           pop     $r12, $r8
 c:       07 e9           pop     $r12, $r7
 e:       07 e8           pop     $r12, $r6
 a0:       04 00           ret
 a2 <main>:
 a2:       06 18           push    $sp, $r6
 a4:       91 18           dec     $sp, 0x18
 a6:       01 20 92 d6     ldi.l   $r0, 0x92d68ca2
 aa:       8c a2
 ac:       03 00 00 00     jsra    154a <set_random_seed>
 b0:       15 4a
 b2:       01 80 00 00     ldi.l   $r6, 0x1480
 b6:       14 80
 b8:       01 20 00 00     ldi.l   $r0, 0x1
 bc:       00 01
 be:       01 30 00 00     ldi.l   $r1, 0x1654
 c2:       16 54
 c4:       19 80           jsr     $r6
 c6:       01 20 00 00     ldi.l   $r0, 0x1
 ca:       00 01
 cc:       01 30 00 00     ldi.l   $r1, 0x1680
 d0:       16 80
 d2:       19 80           jsr     $r6
 d4:       01 20 00 00     ldi.l   $r0, 0x1
 d8:       00 01
 da:       01 30 00 00     ldi.l   $r1, 0x169c
 de:       16 9c
 e0:       19 80           jsr     $r6
 e2:       01 20 00 00     ldi.l   $r0, 0x1
 e6:       00 01
 e8:       01 30 00 00     ldi.l   $r1, 0x16ac
 ec:       16 ac
 ee:       19 80           jsr     $r6
 f0:       01 20 00 00     ldi.l   $r0, 0x1
 f4:       00 01
 f6:       01 30 00 00     ldi.l   $r1, 0x16c4
 fa:       16 c4
 fc:       19 80           jsr     $r6
 fe:       01 20 00 00     ldi.l   $r0, 0x1
 :       00 01
 :       01 30 00 00     ldi.l   $r1, 0x16e0
 :       16 e0
 a:       19 80           jsr     $r6
 c:       01 20 00 00     ldi.l   $r0, 0x1800
 :       18 00
 :       01 30 00 00     ldi.l   $r1, 0x1820
 :       18 20
 :       03 00 00 00     jsra    1552 <decode>
 c:       15 52
 e:       02 32           mov     $r1, $r0
 :       01 20 00 00     ldi.l   $r0, 0x1
 :       00 01
 :       19 80           jsr     $r6
 :       01 20 00 00     ldi.l   $r0, 0x1
 c:       00 01
 e:       01 30 00 00     ldi.l   $r1, 0x167c
 :       16 7c
 :       19 80           jsr     $r6
 :       2e 22           xor     $r0, $r0
 :       03 00 00 00     jsra    144a <exit>
 c:       14 4a

« 前
1
2
3
次 »

(1-1/3)

プロジェクト

全般

プロフィール

A painter and a black cat

CTF Writeup SECCON 2018 » Reversing_SpecialInstructions_asm.txt