PicoCTF-2021 Writeup
  • README
  • Binary Exploitation
    • Binary Gauntlet 0
    • Binary Gauntlet 1
    • Stonks
    • What's your input?
  • Cryptography
    • Compress and Attack
    • Dachshund Attacks
    • Double DES
    • Easy Peasy
    • It is my Birthday 2
    • It's Not My Fault 1
    • Mini RSA
    • New Caesar
    • New Vignere
    • No Padding, No Problem
    • Pixelated
    • Play Nice
    • Scrambled: RSA
  • Forensics
    • Disk, disk, sleuth!
    • Disk, disk, sleuth! II
    • information
    • MacroHard WeakEdge
    • Matryoshka doll
    • Milkslap
    • Surfing the Waves
    • Trivial Flag Transfer Protocol
    • tunn3l v1s10n
    • Very very very Hidden
    • Weird File
    • Wireshark doo dooo do doo...
    • Wireshark twoo twooo two twoo...
  • Reverse Engineering
    • ARMssembly 0
    • ARMssembly 2
    • ARMssembly 3
    • ARMssembly 4
    • gogo
    • Hurry up! Wait!
    • keygenme-py
    • Let's get dynamic
    • Rolling My Own
    • Shop
    • speeds and feeds
    • Transformation
  • Web Exploitation
    • Ancient History
    • Bithug
    • GET aHEAD
    • It is my Birthday
    • More Cookies
    • Most Cookies
    • Scavenger Hunt
    • Some Assembly Required 1
    • Some Assembly Required 2
    • Some Assembly Required 3
    • Some Assembly Required 4
    • Super Serial
    • Web Gauntlet 2
    • Web Gauntlet 3
    • Who are you?
    • X marks the spot
Powered by GitBook
On this page
  • Problem
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Reverse Engineering

ARMssembly 0

PreviousWireshark twoo twooo two twoo...NextARMssembly 2

Last updated 2 years ago

Was this helpful?

Problem

What integer does this program print with arguments 182476535 and 3742084308? File: chall.S Flag format: picoCTF{XXXXXXXX} -> (hex, lowercase, no 0x, and 32 bits. ex. 5614267 would be picoCTF{0055aabb})

Solution

  1. We could either solve this challenge by manually reading the assembly and figuring out what it does or we could compile the assembly and run it. If you understand ARM assembly, reading it is probably easier than compiling and running it, but I don't have a good understanding of assembly so I'm going to compile it.

  2. The following resources are useful to learn about how ARM assembly works:

  3. To learn how to cross compile ARM assembly on x86, which is what we will be doing, the following resources are helpful:

  4. To compile ARMv8 as ARMv8 on a non-ARMv8 machine, we need a cross compiler. Thankfully, the GNU project has a suite of cross compiler tools that we can use for ARMv8. To install on Ubuntu (or other Debian based systems), run: sudo apt install binutils-aarch64-linux-gnu

  5. Using the above two guides, we can run the following commands to cross compile the challenge ARM assembly code.

    aarch64-linux-gnu-as -o chall.o chall.S
    aarch64-linux-gnu-gcc -static -o chall chall.o
  6. Now that we have the binary, we can use file to see that it is compiled for ARM aarch64. However, x86_64 systems cannot run this code so we need to emulate it. We can install a version of QEMU that runs statically in the background with sudo apt install qemu-user-static so we can run ARM binaries like normal programs.

  7. Finally, we can run the challenge binary with the two provided arguments: ./chall 182476535 3742084308 to get the answer: Result: 3742084308.

  8. The flag format expects the answer to be in hexadecimal, so we can use to convert our decimal result to the hexadecimal flag.

Flag

picoCTF{df0bacd4}

Source
ARM Instruction Set Tutorial
Arm Architecture Reference Manual
Running Arm Binaries on x86 with QEMU-User
Running ARMv8 via Linux Command Line
RapidTables