Skip to content

Instantly share code, notes, and snippets.

@cookie-s

cookie-s/01_mega.rb

Last active December 6, 2019 10:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cookie-s/7b18c333327909b307d88c49f8ce41ad to your computer and use it in GitHub Desktop.
Save cookie-s/7b18c333327909b307d88c49f8ce41ad to your computer and use it in GitHub Desktop.
Download ZIP
CTFZone 2019 Quals writeup - M394Dr1V3 cr4cKM3 https://cookies.hatenablog.jp/entry/2019/12/03/041650
Raw
01_mega.rb
require 'awesome_print'
puts <<EOS
from z3 import *
s = Solver()
EOS
newv = ->{
ctr=0
->{
ctr+=1
'v%03d' % ctr
}
}[]
map = {}
# z3 prover input variable
16.times{|i|
map['(0x%02x!SP)'%(0x48+i)] = 'in%02d'%i
puts 'in%02d = BitVec("in%02d", 8)' % [i, i]
# char range constraint
puts 's.add(0x30 <= in%02d, in%02d <= 0x5A)' % [i, i]
}
# memory initialization
16.times{|i|
map['(0x%02x!SP)'%(0x58+i)] = '0'
}
def getkey(x)
x.include?('SP') ? x : x[0,2]
end
IO.binread('input.disasm').lines.each do |line|
next if line.empty?
break if line.include? '__END__'
next unless line.split[0].size == 8
line = line.gsub(',SP','!SP')
opc, oprs = line.split[-2..-1]
op1, op2 = oprs.split(?,)
case opc
when 'move.b', 'move.w', 'movea.w'
op1 = getkey(op1)
op2 = getkey(op2)
ov1 = map[op1]
nv = newv[]
raise 'not init:' + line.split*' ' unless ov1
map[op2] = nv
puts '%s = %s' % [nv, ov1]
when 'add.b', 'muls.w', 'sub.b', 'lsl.b'
opstr = {'add.b'=>?+, 'sub.b'=>?-, 'muls.w'=>?*, 'lsl.b'=>'<<'}[opc]
if op1.include? '#'
raise 'uo' unless op1[0,3] == '#0x'
imm = op1[3,100].hex.to_s
op2 = getkey(op2)
ov = map[op2]
nv = newv[]
raise 'not init:' + line.split*' ' unless ov
map[op2] = nv
puts '%s = %s %s %s' % [nv, ov, opstr, imm]
else
op1 = getkey(op1)
op2 = getkey(op2)
ov1 = map[op1]
ov = map[op2]
nv = newv[]
raise 'not init:' + line.split.join(' ') unless map[op1] && map[op2]
map[op2] = nv
puts '%s = %s %s %s' % [nv, ov, opstr, ov1]
end
else
raise '??'
end
end
puts '"""'
ap map
puts '"""'
# constraints
puts [
"s.add(%s == %d)" % [map['D0'], -0x9],
"s.add(%s == %d)" % [map['(0x43!SP)'], 0x2f],
"s.add(%s == %d)" % [map['(0x3d!SP)'], 0x02],
"s.add(%s == %d)" % [map['(0x3c!SP)'], -0x4a],
"s.add(%s == %d)" % [map['(0x3b!SP)'], -0x48],
"s.add(%s == %d)" % [map['(0x47!SP)'], -0x3],
"s.add(%s == %d)" % [map['(0x45!SP)'], 0x18],
"s.add(%s == %d)" % [map['(0x41!SP)'], -0x71],
"s.add(%s == %d)" % [map['(0x42!SP)'], 0x3e],
"s.add(%s == %d)" % [map['(0x3f!SP)'], -0x48],
"s.add(%s == %d)" % [map['(0x40!SP)'], -0x70],
"s.add(%s == %d)" % [map['(0x3e!SP)'], -0x20],
"s.add(%s == %d)" % [map['(0x44!SP)'], -0x31],
"s.add(%s == %d)" % [map['(0x46!SP)'], -0x7b],
"s.add(%s == %d)" % [map['D3'], -0x34],
"s.add(%s == %d)" % [map['D1'], 0x41],
]*"\n"
# result
puts [
"print(s.check())",
*16.times.map{|i| "print(s.model()[in%02i].as_long())" % i},
]*"\n"
Raw
02_constraints.py
from z3 import *
s = Solver()
in00 = BitVec("in00", 8)
s.add(0x30 <= in00, in00 <= 0x5A)
in01 = BitVec("in01", 8)
s.add(0x30 <= in01, in01 <= 0x5A)
in02 = BitVec("in02", 8)
s.add(0x30 <= in02, in02 <= 0x5A)
in03 = BitVec("in03", 8)
s.add(0x30 <= in03, in03 <= 0x5A)
in04 = BitVec("in04", 8)
s.add(0x30 <= in04, in04 <= 0x5A)
in05 = BitVec("in05", 8)
s.add(0x30 <= in05, in05 <= 0x5A)
in06 = BitVec("in06", 8)
s.add(0x30 <= in06, in06 <= 0x5A)
in07 = BitVec("in07", 8)
s.add(0x30 <= in07, in07 <= 0x5A)
in08 = BitVec("in08", 8)
s.add(0x30 <= in08, in08 <= 0x5A)
in09 = BitVec("in09", 8)
s.add(0x30 <= in09, in09 <= 0x5A)
in10 = BitVec("in10", 8)
s.add(0x30 <= in10, in10 <= 0x5A)
in11 = BitVec("in11", 8)
s.add(0x30 <= in11, in11 <= 0x5A)
in12 = BitVec("in12", 8)
s.add(0x30 <= in12, in12 <= 0x5A)
in13 = BitVec("in13", 8)
s.add(0x30 <= in13, in13 <= 0x5A)
in14 = BitVec("in14", 8)
s.add(0x30 <= in14, in14 <= 0x5A)
in15 = BitVec("in15", 8)
s.add(0x30 <= in15, in15 <= 0x5A)
v001 = in00
v002 = in01
v003 = in02
v004 = in03
v005 = v002
v006 = v005 << 6
v007 = v006
v008 = v007 - v002
v009 = v001
v010 = v009 * 37
v011 = v008 + v010
v012 = v011 + 0
v013 = v003
v014 = v013 + v003
v015 = v014 + v014
v016 = v015
v017 = v015 + v003
v018 = v012 + v017
v019 = v004
v020 = v019 * 60
v021 = v018 + v020
v022 = v021
v023 = v001
v024 = v023 + v001
v025 = v024 + v001
v026 = v025 << 5
v027 = v006 + v026
v028 = v027 + 0
v029 = v003
v030 = v029 * 94
v031 = v028 + v030
v032 = v004
v033 = v032 << 3
v034 = v031 + v033
v035 = v034
v036 = v002
v037 = v036 + 0
v038 = v001
v039 = v038 * 59
v040 = v037 + v039
v041 = v003 * 78
v042 = v041 + v040
v043 = v004
v044 = v043 << 4
v045 = v042 + v044
v046 = v045
v047 = in04
v048 = in05
v049 = in06
v050 = in07
v051 = v048
v052 = v051 * 40
v053 = v047
v054 = v053 * 79
v055 = v052 + v054
v056 = v055 + 0
v057 = v049
v058 = v057 + v049
v059 = v058 + v058
v060 = v059
v061 = v056 + v059
v062 = v061
v063 = v050
v064 = v063 * 28
v065 = v062
v066 = v065 + v064
v067 = v066
v068 = v048
v069 = v068 << 6
v070 = v069
v071 = v069 - v048
v072 = v047
v073 = v072 * 37
v074 = v071 + v073
v075 = v074 + 0
v076 = v060
v077 = v076 + v049
v078 = v077 + v075
v079 = v050
v080 = v079 * 60
v081 = v080 + v078
v082 = v081
v083 = v047
v084 = v083 + v047
v085 = v084 + v047
v086 = v085 << 5
v087 = v070
v088 = v086 + v087
v089 = v088 + 0
v090 = v049
v091 = v090 * 94
v092 = v089 + v091
v093 = v050
v094 = v093 << 3
v095 = v094 + v092
v096 = v095
v097 = v048 + 0
v098 = v047 * 59
v099 = v098 + v097
v100 = v049 * 78
v101 = v099 + v100
v102 = v050 << 4
v103 = v101 + v102
v104 = v103
v105 = in08
v106 = in09
v107 = in10
v108 = in11
v109 = v106
v110 = v109 * 40
v111 = v105
v112 = v111 * 79
v113 = v110 + v112
v114 = v113 + 0
v115 = v114
v116 = v107
v117 = v116 + v107
v118 = v117 + v117
v119 = v118
v120 = v115
v121 = v120 + v118
v122 = v108
v123 = v122 * 28
v124 = v121 + v123
v125 = v124
v126 = v105
v127 = v126 * 37
v128 = v106
v129 = v128 << 6
v130 = v129
v131 = v129 - v106
v132 = v131 + v127
v133 = v132 + 0
v134 = v133
v135 = v119
v136 = v135 + v107
v137 = v134
v138 = v136 + v137
v139 = v108
v140 = v139 * 60
v141 = v140 + v138
v142 = v141
v143 = v105
v144 = v143 + v105
v145 = v144 + v105
v146 = v145 << 5
v147 = v130
v148 = v146 + v147
v149 = v148 + 0
v150 = v107
v151 = v150 * 94
v152 = v149 + v151
v153 = v108
v154 = v153 << 3
v155 = v154 + v152
v156 = v155
v157 = v106 + 0
v158 = v105 * 59
v159 = v158 + v157
v160 = v107 * 78
v161 = v159 + v160
v162 = v108 << 4
v163 = v161 + v162
v164 = v163
v165 = in12
v166 = in13
v167 = in14
v168 = in15
v169 = v165
v170 = v169 * 79
v171 = v166
v172 = v171 * 40
v173 = v170 + v172
v174 = v173 + 0
v175 = v174
v176 = v167
v177 = v176 + v167
v178 = v177 + v177
v179 = v178
v180 = v175
v181 = v180 + v178
v182 = v168
v183 = v182 * 28
v184 = v181 + v183
v185 = v184
v186 = v165
v187 = v186 * 37
v188 = v166
v189 = v188 << 6
v190 = v189
v191 = v189 - v166
v192 = v191 + v187
v193 = v192 + 0
v194 = v193
v195 = v179
v196 = v195 + v167
v197 = v194
v198 = v196 + v197
v199 = v168
v200 = v199 * 60
v201 = v200 + v198
v202 = v201
v203 = v165
v204 = v203 + v165
v205 = v204 + v165
v206 = v205 << 5
v207 = v190
v208 = v206 + v207
v209 = v208 + 0
v210 = v167
v211 = v210 * 94
v212 = v209 + v211
v213 = v168
v214 = v213 << 3
v215 = v212 + v214
v216 = v166 + 0
v217 = v165 * 59
v218 = v217 + v216
v219 = v167 * 78
v220 = v218 + v219
v221 = v168 << 4
v222 = v220 + v221
v223 = v001 * 79
v224 = v002
v225 = v224 * 40
v226 = v223 + v225
v227 = v226 + 0
v228 = v227 + v016
v229 = v004 * 28
v230 = v228 + v229
"""
{
"(0x48!SP)" => "in00",
"(0x49!SP)" => "in01",
"(0x4a!SP)" => "in02",
"(0x4b!SP)" => "in03",
"(0x4c!SP)" => "in04",
"(0x4d!SP)" => "in05",
"(0x4e!SP)" => "in06",
"(0x4f!SP)" => "in07",
"(0x50!SP)" => "in08",
"(0x51!SP)" => "in09",
"(0x52!SP)" => "in10",
"(0x53!SP)" => "in11",
"(0x54!SP)" => "in12",
"(0x55!SP)" => "in13",
"(0x56!SP)" => "in14",
"(0x57!SP)" => "in15",
"(0x58!SP)" => "0",
"(0x59!SP)" => "0",
"(0x5a!SP)" => "0",
"(0x5b!SP)" => "0",
"(0x5c!SP)" => "0",
"(0x5d!SP)" => "0",
"(0x5e!SP)" => "0",
"(0x5f!SP)" => "0",
"(0x60!SP)" => "0",
"(0x61!SP)" => "0",
"(0x62!SP)" => "0",
"(0x63!SP)" => "0",
"(0x64!SP)" => "0",
"(0x65!SP)" => "0",
"(0x66!SP)" => "0",
"(0x67!SP)" => "0",
"D0" => "v230",
"(0x39!SP)" => "v002",
"D2" => "v219",
"D4" => "v229",
"D1" => "v222",
"D3" => "v215",
"D6" => "v221",
"(0x3a!SP)" => "v016",
"(0x43!SP)" => "v022",
"(0x3d!SP)" => "v035",
"(0x3c!SP)" => "v046",
"D7" => "v216",
"D5" => "v225",
"(0x3e!SP)" => "v164",
"A0" => "v194",
"(0x3b!SP)" => "v067",
"A1" => "v190",
"(0x47!SP)" => "v082",
"(0x45!SP)" => "v096",
"(0x41!SP)" => "v104",
"(0x42!SP)" => "v125",
"(0x3f!SP)" => "v142",
"(0x40!SP)" => "v156",
"(0x46!SP)" => "v202",
"(0x44!SP)" => "v185"
}
"""
s.add(v230 == -9)
s.add(v022 == 47)
s.add(v035 == 2)
s.add(v046 == -74)
s.add(v067 == -72)
s.add(v082 == -3)
s.add(v096 == 24)
s.add(v104 == -113)
s.add(v125 == 62)
s.add(v142 == -72)
s.add(v156 == -112)
s.add(v164 == -32)
s.add(v185 == -49)
s.add(v202 == -123)
s.add(v215 == -52)
s.add(v222 == 65)
print(s.check())
print(s.model()[in00].as_long())
print(s.model()[in01].as_long())
print(s.model()[in02].as_long())
print(s.model()[in03].as_long())
print(s.model()[in04].as_long())
print(s.model()[in05].as_long())
print(s.model()[in06].as_long())
print(s.model()[in07].as_long())
print(s.model()[in08].as_long())
print(s.model()[in09].as_long())
print(s.model()[in10].as_long())
print(s.model()[in11].as_long())
print(s.model()[in12].as_long())
print(s.model()[in13].as_long())
print(s.model()[in14].as_long())
print(s.model()[in15].as_long())
Raw
03_input.disasm
00000966 10 2f 00 48 move.b (0x48,SP),D0b
0000096a 1f 6f 00 move.b (0x49,SP),(0x39,SP)
49 00 39
00000970 14 2f 00 4a move.b (0x4a,SP),D2b
00000974 18 2f 00 4b move.b (0x4b,SP),D4b
00000978 12 2f 00 39 move.b (0x39,SP),D1b
0000097c ed 09 lsl.b #0x6,D1b
0000097e 16 01 move.b D1b,D3b
00000980 96 2f 00 39 sub.b (0x39,SP),D3b
00000984 3c 00 move.w D0w,D6w
00000986 cd fc 00 25 muls.w #0x25,D6
0000098a d6 06 add.b D6b,D3b
0000098c d6 2f 00 59 add.b (0x59,SP),D3b
00000990 1c 02 move.b D2b,D6b
00000992 dc 02 add.b D2b,D6b
00000994 dc 06 add.b D6b,D6b
00000996 1f 46 00 3a move.b D6b,(0x3a,SP)
0000099a dc 02 add.b D2b,D6b
0000099c d6 06 add.b D6b,D3b
0000099e 3c 04 move.w D4w,D6w
000009a0 cd fc 00 3c muls.w #0x3c,D6
000009a4 d6 06 add.b D6b,D3b
000009a6 1f 43 00 43 move.b D3b,(0x43,SP)
000009aa 16 00 move.b D0b,D3b
000009ac d6 00 add.b D0b,D3b
000009ae d6 00 add.b D0b,D3b
000009b0 eb 0b lsl.b #0x5,D3b
000009b2 d2 03 add.b D3b,D1b
000009b4 d2 2f 00 5a add.b (0x5a,SP),D1b
000009b8 36 02 move.w D2w,D3w
000009ba c7 fc 00 5e muls.w #0x5e,D3
000009be d2 03 add.b D3b,D1b
000009c0 16 04 move.b D4b,D3b
000009c2 e7 0b lsl.b #0x3,D3b
000009c4 d2 03 add.b D3b,D1b
000009c6 1f 41 00 3d move.b D1b,(0x3d,SP)
000009ca 12 2f 00 39 move.b (0x39,SP),D1b
000009ce d2 2f 00 5b add.b (0x5b,SP),D1b
000009d2 36 00 move.w D0w,D3w
000009d4 c7 fc 00 3b muls.w #0x3b,D3
000009d8 d2 03 add.b D3b,D1b
000009da c5 fc 00 4e muls.w #0x4e,D2
000009de d4 01 add.b D1b,D2b
000009e0 12 04 move.b D4b,D1b
000009e2 e9 09 lsl.b #0x4,D1b
000009e4 d4 01 add.b D1b,D2b
000009e6 1f 42 00 3c move.b D2b,(0x3c,SP)
000009ea 12 2f 00 4c move.b (0x4c,SP),D1b
000009ee 1e 2f 00 4d move.b (0x4d,SP),D7b
000009f2 14 2f 00 4e move.b (0x4e,SP),D2b
000009f6 1c 2f 00 4f move.b (0x4f,SP),D6b
000009fa 3a 07 move.w D7w,D5w
000009fc cb fc 00 28 muls.w #0x28,D5
00000a00 36 01 move.w D1w,D3w
00000a02 c7 fc 00 4f muls.w #0x4f,D3
00000a06 da 03 add.b D3b,D5b
LAB_00000a08+2 XREF[0,8]: 000153c0(*), 000153c4(*),
000153c8(*), 00015480(*),
00015484(*), 00015488(*),
000155cc(*), 000155d0(*)
00000a08 da 2f 00 5c add.b (0x5c,SP),D5b
00000a0c 16 02 move.b D2b,D3b
00000a0e d6 02 add.b D2b,D3b
00000a10 d6 03 add.b D3b,D3b
00000a12 1f 43 00 3e move.b D3b,(0x3e,SP)
00000a16 da 03 add.b D3b,D5b
00000a18 30 45 movea.w D5w,A0
00000a1a 3a 06 move.w D6w,D5w
00000a1c cb fc 00 1c muls.w #0x1c,D5
00000a20 36 08 move.w A0w,D3w
00000a22 d6 05 add.b D5b,D3b
00000a24 1f 43 00 3b move.b D3b,(0x3b,SP)
00000a28 1a 07 move.b D7b,D5b
00000a2a ed 0d lsl.b #0x6,D5b
00000a2c 32 45 movea.w D5w,A1
00000a2e 9a 07 sub.b D7b,D5b
00000a30 36 01 move.w D1w,D3w
00000a32 c7 fc 00 25 muls.w #0x25,D3
00000a36 da 03 add.b D3b,D5b
00000a38 da 2f 00 5d add.b (0x5d,SP),D5b
00000a3c 16 2f 00 3e move.b (0x3e,SP),D3b
00000a40 d6 02 add.b D2b,D3b
00000a42 d6 05 add.b D5b,D3b
00000a44 3a 06 move.w D6w,D5w
00000a46 cb fc 00 3c muls.w #0x3c,D5
00000a4a da 03 add.b D3b,D5b
00000a4c 1f 45 00 47 move.b D5b,(0x47,SP)
00000a50 16 01 move.b D1b,D3b
00000a52 d6 01 add.b D1b,D3b
00000a54 d6 01 add.b D1b,D3b
00000a56 eb 0b lsl.b #0x5,D3b
00000a58 3a 09 move.w A1w,D5w
00000a5a d6 05 add.b D5b,D3b
00000a5c d6 2f 00 5e add.b (0x5e,SP),D3b
00000a60 3a 02 move.w D2w,D5w
00000a62 cb fc 00 5e muls.w #0x5e,D5
00000a66 d6 05 add.b D5b,D3b
LAB_00000a68+1 XREF[0,1]: FUN_0000a0d4:0000a2e2(*)
00000a68 1a 06 move.b D6b,D5b
00000a6a e7 0d lsl.b #0x3,D5b
00000a6c da 03 add.b D3b,D5b
00000a6e 1f 45 00 45 move.b D5b,(0x45,SP)
00000a72 de 2f 00 5f add.b (0x5f,SP),D7b
00000a76 c3 fc 00 3b muls.w #0x3b,D1
00000a7a d2 07 add.b D7b,D1b
00000a7c c5 fc 00 4e muls.w #0x4e,D2
00000a80 d2 02 add.b D2b,D1b
00000a82 e9 0e lsl.b #0x4,D6b
00000a84 d2 06 add.b D6b,D1b
00000a86 1f 41 00 41 move.b D1b,(0x41,SP)
00000a8a 12 2f 00 50 move.b (0x50,SP),D1b
00000a8e 1e 2f 00 51 move.b (0x51,SP),D7b
00000a92 14 2f 00 52 move.b (0x52,SP),D2b
00000a96 1c 2f 00 53 move.b (0x53,SP),D6b
00000a9a 36 07 move.w D7w,D3w
00000a9c c7 fc 00 28 muls.w #0x28,D3
00000aa0 3a 01 move.w D1w,D5w
00000aa2 cb fc 00 4f muls.w #0x4f,D5
00000aa6 d6 05 add.b D5b,D3b
LAB_00000aa8+2 XREF[0,37]: 000145dc(*), 000145e0(*),
000145e4(*), 0001467c(*),
00014680(*), 00014684(*),
00014688(*), 0001490c(*),
00014910(*), 00014914(*),
00014918(*), 0001491c(*),
00014920(*), 00014924(*),
00014928(*), 00014ac0(*),
00014ac4(*), 00014ac8(*),
00014b2c(*), 00014b30(*)
00000aa8 d6 2f 00 60 add.b (0x60,SP),D3b
00000aac 30 43 movea.w D3w,A0
00000aae 16 02 move.b D2b,D3b
00000ab0 d6 02 add.b D2b,D3b
00000ab2 d6 03 add.b D3b,D3b
00000ab4 1f 43 00 3e move.b D3b,(0x3e,SP)
00000ab8 3a 08 move.w A0w,D5w
00000aba da 03 add.b D3b,D5b
00000abc 36 06 move.w D6w,D3w
00000abe c7 fc 00 1c muls.w #0x1c,D3
00000ac2 da 03 add.b D3b,D5b
00000ac4 1f 45 00 42 move.b D5b,(0x42,SP)
00000ac8 3a 01 move.w D1w,D5w
00000aca cb fc 00 25 muls.w #0x25,D5
00000ace 16 07 move.b D7b,D3b
00000ad0 ed 0b lsl.b #0x6,D3b
00000ad2 32 43 movea.w D3w,A1
00000ad4 96 07 sub.b D7b,D3b
00000ad6 d6 05 add.b D5b,D3b
00000ad8 d6 2f 00 61 add.b (0x61,SP),D3b
00000adc 30 43 movea.w D3w,A0
00000ade 16 2f 00 3e move.b (0x3e,SP),D3b
00000ae2 d6 02 add.b D2b,D3b
00000ae4 3a 08 move.w A0w,D5w
00000ae6 d6 05 add.b D5b,D3b
00000ae8 3a 06 move.w D6w,D5w
00000aea cb fc 00 3c muls.w #0x3c,D5
00000aee da 03 add.b D3b,D5b
00000af0 1f 45 00 3f move.b D5b,(0x3f,SP)
00000af4 16 01 move.b D1b,D3b
00000af6 d6 01 add.b D1b,D3b
00000af8 d6 01 add.b D1b,D3b
00000afa eb 0b lsl.b #0x5,D3b
00000afc 3a 09 move.w A1w,D5w
00000afe d6 05 add.b D5b,D3b
00000b00 d6 2f 00 62 add.b (0x62,SP),D3b
00000b04 3a 02 move.w D2w,D5w
00000b06 cb fc 00 5e muls.w #0x5e,D5
00000b0a d6 05 add.b D5b,D3b
00000b0c 1a 06 move.b D6b,D5b
00000b0e e7 0d lsl.b #0x3,D5b
00000b10 da 03 add.b D3b,D5b
00000b12 1f 45 00 40 move.b D5b,(0x40,SP)
00000b16 de 2f 00 63 add.b (0x63,SP),D7b
00000b1a c3 fc 00 3b muls.w #0x3b,D1
00000b1e d2 07 add.b D7b,D1b
00000b20 c5 fc 00 4e muls.w #0x4e,D2
00000b24 d2 02 add.b D2b,D1b
00000b26 e9 0e lsl.b #0x4,D6b
00000b28 d2 06 add.b D6b,D1b
LAB_00000b2a+1 XREF[0,1]: FUN_0000a0d4:0000a1a2(*)
00000b2a 1f 41 00 3e move.b D1b,(0x3e,SP)
00000b2e 12 2f 00 54 move.b (0x54,SP),D1b
00000b32 1e 2f 00 55 move.b (0x55,SP),D7b
00000b36 14 2f 00 56 move.b (0x56,SP),D2b
00000b3a 1c 2f 00 57 move.b (0x57,SP),D6b
00000b3e 36 01 move.w D1w,D3w
00000b40 c7 fc 00 4f muls.w #0x4f,D3
00000b44 3a 07 move.w D7w,D5w
00000b46 cb fc 00 28 muls.w #0x28,D5
00000b4a d6 05 add.b D5b,D3b
00000b4c d6 2f 00 64 add.b (0x64,SP),D3b
00000b50 30 43 movea.w D3w,A0
00000b52 16 02 move.b D2b,D3b
00000b54 d6 02 add.b D2b,D3b
00000b56 d6 03 add.b D3b,D3b
00000b58 1f 43 00 46 move.b D3b,(0x46,SP)
00000b5c 3a 08 move.w A0w,D5w
00000b5e da 03 add.b D3b,D5b
00000b60 36 06 move.w D6w,D3w
00000b62 c7 fc 00 1c muls.w #0x1c,D3
00000b66 da 03 add.b D3b,D5b
00000b68 1f 45 00 44 move.b D5b,(0x44,SP)
00000b6c 3a 01 move.w D1w,D5w
00000b6e cb fc 00 25 muls.w #0x25,D5
00000b72 16 07 move.b D7b,D3b
00000b74 ed 0b lsl.b #0x6,D3b
00000b76 32 43 movea.w D3w,A1
00000b78 96 07 sub.b D7b,D3b
00000b7a d6 05 add.b D5b,D3b
00000b7c d6 2f 00 65 add.b (0x65,SP),D3b
00000b80 30 43 movea.w D3w,A0
00000b82 16 2f 00 46 move.b (0x46,SP),D3b
00000b86 d6 02 add.b D2b,D3b
00000b88 3a 08 move.w A0w,D5w
00000b8a d6 05 add.b D5b,D3b
00000b8c 3a 06 move.w D6w,D5w
00000b8e cb fc 00 3c muls.w #0x3c,D5
00000b92 da 03 add.b D3b,D5b
00000b94 1f 45 00 46 move.b D5b,(0x46,SP)
00000b98 16 01 move.b D1b,D3b
00000b9a d6 01 add.b D1b,D3b
00000b9c d6 01 add.b D1b,D3b
00000b9e eb 0b lsl.b #0x5,D3b
00000ba0 3a 09 move.w A1w,D5w
00000ba2 d6 05 add.b D5b,D3b
00000ba4 d6 2f 00 66 add.b (0x66,SP),D3b
00000ba8 3a 02 move.w D2w,D5w
00000baa cb fc 00 5e muls.w #0x5e,D5
00000bae d6 05 add.b D5b,D3b
00000bb0 1a 06 move.b D6b,D5b
00000bb2 e7 0d lsl.b #0x3,D5b
00000bb4 d6 05 add.b D5b,D3b
00000bb6 de 2f 00 67 add.b (0x67,SP),D7b
00000bba c3 fc 00 3b muls.w #0x3b,D1
00000bbe d2 07 add.b D7b,D1b
00000bc0 c5 fc 00 4e muls.w #0x4e,D2
00000bc4 d2 02 add.b D2b,D1b
00000bc6 e9 0e lsl.b #0x4,D6b
00000bc8 d2 06 add.b D6b,D1b
00000bca c1 fc 00 4f muls.w #0x4f,D0
00000bce 1a 2f 00 39 move.b (0x39,SP),D5b
00000bd2 cb fc 00 28 muls.w #0x28,D5
00000bd6 d0 05 add.b D5b,D0b
00000bd8 d0 2f 00 58 add.b (0x58,SP),D0b
00000bdc d0 2f 00 3a add.b (0x3a,SP),D0b
00000be0 c9 fc 00 1c muls.w #0x1c,D4
00000be4 d0 04 add.b D4b,D0b
__END__
00000be6 4f ef 00 0c lea (0xc,SP),SP
00000bea 0c 00 ff f7 cmpi.b #-0x9,D0b
00000bee 66 00 01 1e bne.w LAB_00000d0e
00000bf2 0c 2f 00 cmpi.b #0x2f,(0x37,SP) # 0x43
00000bf8 66 00 01 14 bne.w LAB_00000d0e
00000bfc 0c 2f 00 cmpi.b #0x2,(0x31,SP) # 0x3d
00000c02 66 00 01 0a bne.w LAB_00000d0e
00000c06 0c 2f ff cmpi.b #-0x4a,(0x30,SP) # 0x3c
00000c0c 56 c0 sne D0b
00000c0e 48 80 ext.w D0w
00000c10 38 40 movea.w D0w,A4
00000c12 49 ec 00 69 lea (0x69,A4),A4
00000c16 0c 2f ff cmpi.b #-0x48,(0x2f,SP) # 0x3b
00000c1c 66 00 02 68 bne.w LAB_00000e86
00000c20 0c 2f ff cmpi.b #-0x3,(0x3b,SP) # 0x47
00000c26 66 00 02 5e bne.w LAB_00000e86
00000c2a 0c 2f 00 cmpi.b #0x18,(0x39,SP) # 0x45
00000c30 66 00 02 54 bne.w LAB_00000e86
00000c34 0c 2f ff cmpi.b #-0x71,(0x35,SP) # 0x41
00000c3a 66 00 02 4a bne.w LAB_00000e86
00000c3e 0c 2f 00 cmpi.b #0x3e,(0x36,SP) # 42
3e 00 36
00000c44 66 00 02 38 bne.w LAB_00000e7e
00000c48 0c 2f ff cmpi.b #-0x48,(0x33,SP) # 3f
b8 00 33
00000c4e 66 00 02 2e bne.w LAB_00000e7e
00000c52 0c 2f ff cmpi.b #-0x70,(0x34,SP) # 40
90 00 34
00000c58 66 00 02 24 bne.w LAB_00000e7e
00000c5c 0c 2f ff cmpi.b #-0x20,(0x32,SP) # 3e
e0 00 32
00000c62 66 00 02 1a bne.w LAB_00000e7e
00000c66 0c 2f ff cmpi.b #-0x31,(0x38,SP) # 44
cf 00 38
00000c6c 66 00 01 dc bne.w LAB_00000e4a
00000c70 0c 2f ff cmpi.b #-0x7b,(0x3a,SP) # 46
85 00 3a
00000c76 66 00 01 d2 bne.w LAB_00000e4a
00000c7a 0c 03 ff cc cmpi.b #-0x34,D3b
00000c7e 66 00 01 ca bne.w LAB_00000e4a
00000c82 0c 01 00 41 cmpi.b #0x41,D1b
00000c86 66 00 01 c2 bne.w LAB_00000e4a
Raw
04_solution.txt
sat
89
89
51
53
88
63
76
78
58
66
80
62
61
78
86
59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment