Hackvent_2023/Day 04/decode.py

27 lines
799 B
Python
Raw Permalink Normal View History

2023-12-18 16:02:49 +01:00
from hackingscripts import util
from pwn import context, disasm
import re
if __name__ == "__main__":
with open("bowser.elf", "rb") as f:
elf = f.read()
context.arch = "amd64"
offset = 0x1332
flag = b""
for instr in disasm(elf[offset:], byte=False, offset=False).split("\n"):
match = re.match(r"movabs\s+(rax|rdx),\s+0x([0-9a-f]+)", instr)
if match:
flag += util.xor(bytearray.fromhex(match[2])[::-1], 0xFF)
else:
match = re.match(r"mov\s+WORD PTR \[.*\],\s+0x([0-9a-f]+)", instr)
if match:
flag += util.xor(bytearray.fromhex(match[1])[::-1], 0xFF)
elif re.match(r"call\s+.*", instr):
break
flag = flag.split(b"\x00")[1].decode()
print("[+] Flag:", flag)