Problem: What does asm1(0x610) return? Submit the flag as a hexadecimal value (starting with ‘0x’). NOTE: Your submission for this question will NOT be in the normal flag format. Source located in the directory at /problems/asm1_1_95494d904d73b330976420bc1cd763ec.
File: THE_FILE
Solution:
asm1:
<+0>: push ebp; ebp = 0x610
<+1>: mov ebp,esp; ebp=esp=0x610
<+3>: cmp DWORD PTR [ebp+0x8],0x3b9; 0x610 with 0x3b9 = 0x610 (1552) with 0x3b9 (953)
<+10>: jg 0x50f <asm1+34>; jp if the previous is greater it is so move to line 34
<+12>: cmp DWORD PTR [ebp+0x8],0x1
<+16>: jne 0x507 <asm1+26>
<+18>: mov eax,DWORD PTR [ebp+0x8]
<+21>: add eax,0x11
<+24>: jmp 0x526 <asm1+57>
<+26>: mov eax,DWORD PTR [ebp+0x8]
<+29>: sub eax,0x11
<+32>: jmp 0x526 <asm1+57>
<+34>: cmp DWORD PTR [ebp+0x8],0x477; 0x610 with 0x477.
<+41>: jne 0x520 <asm1+51>; 0x610 != 0x477 is true so jump to 51
<+43>: mov eax,DWORD PTR [ebp+0x8]
<+46>: sub eax,0x11
<+49>: jmp 0x526 <asm1+57>
<+51>: mov eax,DWORD PTR [ebp+0x8]; eax = 0x610
<+54>: add eax,0x11; eax = 0x610+0x11 = 1552+17 = 1569 or 0x621
<+57>: pop ebp; Jump here
<+58>: ret
asm1(0x610)
When the function is called it pushes 0x610 to ebp.
Line 2: copy ebp to esp. So ebp=esp.
Line 3: Compare ebp with 0x3b9. So 0x610 with 0x3b9. 0x610 is larger.
Line 4: jump if prev is greater. It is jump line 34.
Line 34: Compare 0x610 with 0x477.
Line 41: 0x610 != 0x477 is true so jump to 51.
Line 51: eax = 0x610
Line 54: eax = 0x610+0x11 = 1552+17 = 1569 or 0x621
Line 57: Pop 0x621
Line 58: Return 0x621
Flag: picoCTF{0x621}