Skip to content

Instantly share code, notes, and snippets.

@mrT4ntr4

mrT4ntr4/ASM2.asm

Created May 7, 2020 01:43
Show Gist options
  • Save mrT4ntr4/4e02a52c0bc89ecac7f03e38e0934628 to your computer and use it in GitHub Desktop.
Save mrT4ntr4/4e02a52c0bc89ecac7f03e38e0934628 to your computer and use it in GitHub Desktop.
Download ZIP
ASM2 challenge source from zh3r0 CTF 2020
Raw
ASM2.asm
start(int, int):
push rbp
mov rbp, rsp
sub rsp, 48
mov DWORD PTR [rbp-36], edi
mov DWORD PTR [rbp-40], esi
mov eax, DWORD PTR [rbp-36]
mov edi, eax
call f(int)
mov DWORD PTR [rbp-4], eax
mov eax, DWORD PTR [rbp-40]
mov edi, eax
call f(int)
mov DWORD PTR [rbp-8], eax
mov DWORD PTR [rbp-12], 0
mov DWORD PTR [rbp-16], 0
.L3:
cmp DWORD PTR [rbp-4], 0
jle .L2
mov edx, DWORD PTR [rbp-4]
movsx rax, edx
imul rax, rax, 1717986919
shr rax, 32
mov ecx, eax
sar ecx, 2
mov eax, edx
sar eax, 31
sub ecx, eax
mov eax, ecx
sal eax, 2
add eax, ecx
add eax, eax
mov ecx, edx
sub ecx, eax
mov esi, DWORD PTR [rbp-4]
movsx rax, esi
imul rax, rax, 1717986919
shr rax, 32
mov edx, eax
sar edx, 2
mov eax, esi
sar eax, 31
sub edx, eax
mov eax, edx
sal eax, 2
add eax, edx
add eax, eax
sub esi, eax
mov edx, esi
mov eax, ecx
imul eax, edx
add DWORD PTR [rbp-12], eax
mov eax, DWORD PTR [rbp-4]
movsx rdx, eax
imul rdx, rdx, 1717986919
shr rdx, 32
sar edx, 2
sar eax, 31
sub edx, eax
mov eax, edx
mov DWORD PTR [rbp-4], eax
jmp .L3
.L2:
cmp DWORD PTR [rbp-8], 0
jle .L4
mov edx, DWORD PTR [rbp-8]
movsx rax, edx
imul rax, rax, 1717986919
shr rax, 32
mov ecx, eax
sar ecx, 2
mov eax, edx
sar eax, 31
sub ecx, eax
mov eax, ecx
sal eax, 2
add eax, ecx
add eax, eax
mov ecx, edx
sub ecx, eax
mov esi, DWORD PTR [rbp-8]
movsx rax, esi
imul rax, rax, 1717986919
shr rax, 32
mov edx, eax
sar edx, 2
mov eax, esi
sar eax, 31
sub edx, eax
mov eax, edx
sal eax, 2
add eax, edx
add eax, eax
sub esi, eax
mov edx, esi
mov eax, ecx
imul eax, edx
add DWORD PTR [rbp-16], eax
mov eax, DWORD PTR [rbp-8]
movsx rdx, eax
imul rdx, rdx, 1717986919
shr rdx, 32
sar edx, 2
sar eax, 31
sub edx, eax
mov eax, edx
mov DWORD PTR [rbp-8], eax
jmp .L2
.L4:
mov DWORD PTR [rbp-20], 0
mov DWORD PTR [rbp-24], 1
.L8:
cmp DWORD PTR [rbp-24], 99
jg .L5
mov DWORD PTR [rbp-28], 1
.L7:
cmp DWORD PTR [rbp-28], 99
jg .L6
mov eax, DWORD PTR [rbp-12]
imul eax, DWORD PTR [rbp-24]
mov edx, eax
mov eax, DWORD PTR [rbp-16]
imul eax, DWORD PTR [rbp-28]
add eax, edx
add DWORD PTR [rbp-20], eax
add DWORD PTR [rbp-28], 1
jmp .L7
.L6:
add DWORD PTR [rbp-24], 1
jmp .L8
.L5:
mov eax, DWORD PTR [rbp-20]
leave
ret
f(int):
push rbp
mov rbp, rsp
push rbx
sub rsp, 24
mov DWORD PTR [rbp-20], edi
cmp DWORD PTR [rbp-20], 0
jne .L11
mov eax, 0
jmp .L12
.L11:
cmp DWORD PTR [rbp-20], 1
jne .L13
mov eax, 1
jmp .L12
.L13:
mov eax, DWORD PTR [rbp-20]
sub eax, 1
mov edi, eax
call f(int)
mov ebx, eax
mov eax, DWORD PTR [rbp-20]
sub eax, 2
mov edi, eax
call f(int)
add eax, ebx
.L12:
add rsp, 24
pop rbx
pop rbp
ret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment