-
Notifications
You must be signed in to change notification settings - Fork 0
/
cricket32.S
77 lines (72 loc) · 1.1 KB
/
cricket32.S
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// gcc -m32 cricket32.S -o cricket32
.text
str_usage: .string "Usage: ./cricket32 flag\nFlag is ascii with form uiuctf{...}\n"
str_yes: .string "Flag is correct! Good job!\n"
str_nope: .string "Flag is not correct.\n"
.global main
main:
mov $str_usage, %ebx
xor %esi, %esi
xor %edi, %edi
mov $2, %ecx
sub $0x10, (%esp, %ecx, 2)
push %ebp
mov %esp, %ebp
not %ebp
mov 12(%esp), %ecx
cmp $'W, (%ebx, %esi, 8)
xor %ebp, %ebp
rclb %cl, %dh
add $14, 8(%esp)
jnz 1f
aaa
aaa
aaa
decl %ebp
and $-1, %al
mov 4(%ecx), %esi
incl %ebp
mov (%esi, %ebp, 1), %al
xchgl %eax, %eax
mov $0x6cb4001b, %ebx
add %al, %al
jne .-12
jmp .+10
mov (%ecx, %ebx, 8), %esi
mov (%ebx, %ecx, 4), %esi
div %ah
sub $26, %ebp
mov %esp, %ebx
xlat
xlat
sahf
dec %ebp
mov %ah, %dh
jge .+15
orw $-1, %ax
lea (%edx, %ebp, 4), %ebp
jns .-7
lea (%eax), %eax
jl .+14
mov $8, %ecx
mov $.-'Z, %ebx
loop .+9
mov $str_nope, %ebx
jmp 1f
mov (%ebx), %dx
bswap %edx
mov 4(%ebx), %dx
xchg %dh, %dl
add $13, %ebx
crc32l (%esi), %edx
xor (%esi), %edx
or %edx, %edi
lahf
add $4, %esi
loop .-27
btc $14, %eax
mov $str_yes, %ebx
jnc .-'A;1:
pop %ebp
mov %ebx, 4(%esp)
jmp printf