Hackvent_2023/Day 04/decode.py

from hackingscripts import util
from pwn import context, disasm
import re

if __name__ == "__main__":
    with open("bowser.elf", "rb") as f:
        elf = f.read()

    context.arch = "amd64"
    offset = 0x1332
    flag = b""

    for instr in disasm(elf[offset:], byte=False, offset=False).split("\n"):
        match = re.match(r"movabs\s+(rax|rdx),\s+0x([0-9a-f]+)", instr)
        if match:
            flag += util.xor(bytearray.fromhex(match[2])[::-1], 0xFF)
        else:
            match = re.match(r"mov\s+WORD PTR \[.*\],\s+0x([0-9a-f]+)", instr)
            if match:
                flag += util.xor(bytearray.fromhex(match[1])[::-1], 0xFF)
            elif re.match(r"call\s+.*", instr):
                break

    flag = flag.split(b"\x00")[1].decode()
    print("[+] Flag:", flag)
Initial Commit Day 1-9 2023-12-18 16:02:49 +01:00			`from hackingscripts import util`
			`from pwn import context, disasm`
			`import re`

			`if __name__ == "__main__":`
			`with open("bowser.elf", "rb") as f:`
			`elf = f.read()`

			`context.arch = "amd64"`
			`offset = 0x1332`
			`flag = b""`

			`for instr in disasm(elf[offset:], byte=False, offset=False).split("\n"):`
			`match = re.match(r"movabs\s+(rax\|rdx),\s+0x([0-9a-f]+)", instr)`
			`if match:`
			`flag += util.xor(bytearray.fromhex(match[2])[::-1], 0xFF)`
			`else:`
			`match = re.match(r"mov\s+WORD PTR \[.*\],\s+0x([0-9a-f]+)", instr)`
			`if match:`
			`flag += util.xor(bytearray.fromhex(match[1])[::-1], 0xFF)`
			`elif re.match(r"call\s+.*", instr):`
			`break`

			`flag = flag.split(b"\x00")[1].decode()`
			`print("[+] Flag:", flag)`