from hackingscripts import util from pwn import context, disasm import re if __name__ == "__main__": with open("bowser.elf", "rb") as f: elf = f.read() context.arch = "amd64" offset = 0x1332 flag = b"" for instr in disasm(elf[offset:], byte=False, offset=False).split("\n"): match = re.match(r"movabs\s+(rax|rdx),\s+0x([0-9a-f]+)", instr) if match: flag += util.xor(bytearray.fromhex(match[2])[::-1], 0xFF) else: match = re.match(r"mov\s+WORD PTR \[.*\],\s+0x([0-9a-f]+)", instr) if match: flag += util.xor(bytearray.fromhex(match[1])[::-1], 0xFF) elif re.match(r"call\s+.*", instr): break flag = flag.split(b"\x00")[1].decode() print("[+] Flag:", flag)