Internetwache CTF 2016 : SPIM

Internetwache CTF 2016 : SPIM

• Points : 50
• Solves : 208
• Description :

Description: My friend keeps telling me, that real hackers speak assembly fluently. Are you a real hacker? 

Decode this string: "IVyN5U3X)ZUMYC

아아 어렵다....;;; 아직도 이해가 안됨

관련개념에 대한 검색과 주어진 주석을 최대한 활용했어야 했다. 

주석이 알고리즘을 만드는 힌트였음..

http://www.mrc.uidaho.edu/mrc/people/jff/digital/MIPSir.html

In layman terms, in our main function, we're taking the flag which in our case is the string we're trying to decrypt:

IVyN5U3X)ZUMYCs

and doing an adorable for loop to 15, as stated here: (which is the same strlen as our inputted string!~)

// var t0 = "IVyN5U3X)ZUMYCs"
[00400024] 3c081001  lui $8, 4097 [flag]      ; 7: la $t0, flag 
// $t1 (i) = count of loop
[00400028] 00004821  addu $9, $0, $0          ; 8: move $t1, $0 
// var t2 = (i > 15) ? 1 : 0
[0040002c] 3401000f  ori $1, $0, 15           ; 11: sgt $t2, $t1, 15 
[00400030] 0029502a  slt $10, $1, $9         
// if(t2 == 1) exit we're done with the loop 
[00400034] 34010001  ori $1, $0, 1            ; 12: beq $t2, 1, exit 
[00400038] 102a0007  beq $1, $10, 28 
// t2 = t0 + i
[0040003c] 01095020  add $10, $8, $9          ; 14: add $t2, $t0, $t1 

and in this for loop we're literally taking each element in the string and xoring with the current loop count.

// var $a0 = flag[i];
[00400040] 81440000  lb $4, 0($10)            ; 15: lb $a0, ($t2) 
// $a0 ^= $t1 (i)
[00400044] 00892026  xor $4, $4, $9           ; 16: xor $a0, $a0, $t1
[00400048] a1440000  sb $4, 0($10)            ; 17: sb $a0, 0($t2) 
// i++
[0040004c] 21290001  addi $9, $9, 1           ; 19: add $t1, $t1, 1