z3 – PETIR CYBER SECURITY

May 14, 2020May 14, 2020

[Joints2020] – crackme

Posted in Reverse Engineering by ArkAngels Leave a Comment

Diberikan sebuah binary 64 bit not stripped. Pseudocode dari fungsi main adalah sebagai berikut:

int __cdecl main(int argc, const char **argv, const char **envp)
{
  char v4; // [rsp+0h] [rbp-30h]
  _BYTE v5[3]; // [rsp+5h] [rbp-2Bh]
  _BYTE v6[6]; // [rsp+Ah] [rbp-26h]
  int v7; // [rsp+14h] [rbp-1Ch]
  char v8; // [rsp+19h] [rbp-17h]
  unsigned __int64 v9; // [rsp+28h] [rbp-8h]

  v9 = __readfsqword(0x28u);
  __isoc99_scanf("%5c-%5c-%5c-%5c-%5c", &v4, v5, v6, &v6[5], &v7);
  v8 = 0;
  if ( checker(&v4) )
    unlock();
  else
    printf("Invalid serial key");
  return 0;
}

int __cdecl main(int argc, const char **argv, const char **envp)

{

char v4; // [rsp+0h] [rbp-30h]

_BYTE v5[3]; // [rsp+5h] [rbp-2Bh]

_BYTE v6[6]; // [rsp+Ah] [rbp-26h]

int v7; // [rsp+14h] [rbp-1Ch]

char v8; // [rsp+19h] [rbp-17h]

unsigned __int64 v9; // [rsp+28h] [rbp-8h]

v9 = __readfsqword(0x28u);

__isoc99_scanf("%5c-%5c-%5c-%5c-%5c", &v4, v5, v6, &v6[5], &v7);

v8 = 0;

if ( checker(&v4) )

unlock();

else

printf("Invalid serial key");

return 0;

}

Dilihat program meminta input sepanjang 25 karakter dan kemudian input akan diproses oleh fungsi checker() dan bila hasil dari checker() adalah true maka fungsi unlock() akan dipanggil. Berikut pseudocode dari fungsi unlock():

int unlock()
{
  char i; // al
  FILE *stream; // [rsp+8h] [rbp-8h]

  stream = fopen("flag.txt", "r");
  for ( i = fgetc(stream); i != -1; i = fgetc(stream) )
    putchar(i);
  return fclose(stream);
}

int unlock()

{

char i; // al

FILE *stream; // [rsp+8h] [rbp-8h]

stream = fopen("flag.txt", "r");

for ( i = fgetc(stream); i != -1; i = fgetc(stream) )

putchar(i);

return fclose(stream);

}

Fungsi tersebut akan membuka file flag.txt pada server nc. Berikut pseudocode dari fungsi checker():

September 22, 2019

[SlashRoot CTF 2019] – Android

Posted in Reverse Engineering by redspiracy Leave a Comment

Diberikan sebuah file ‘CrackMe102.apk‘. Namun untuk mengetahui Algoritma dari apk tersebut, ada 2 cara, yaitu extract dengan menggunakan Apktool atau dengan JADX (http://www.javadecompilers.com/apk). Pada kasus ini, saya memilih untuk mengextract apk tersebut menggunakan JADX, agar source code yang dipakai untuk membuat apk tersebut berkemungkinan dapat dibaca. Berbeda ketika kita menggunakan Apktool, maka extract yang yang […]

September 8, 2019September 12, 2019

[Cyber Jawara 2019 Qualification] – Haseul

Posted in Reverse Engineering by Jason Theopilus Leave a Comment

Kita di berikan sebuah file ELF 64bit yang dapat kalian download disini Kita coba buka file tersebut dengan IDA Pro 64bit

signed __int64 __fastcall main(int a1, char **a2, char **a3)
{
  int v4; // eax
  int v5; // [rsp+1Ch] [rbp-14h]
  signed int i; // [rsp+20h] [rbp-10h]
  signed int j; // [rsp+24h] [rbp-Ch]
  char *s; // [rsp+28h] [rbp-8h]

  if ( a1 != 2 )
    return 1LL;
  s = a2[1];
  if ( strlen(a2[1]) != 34 )
    return 1LL;
  v5 = 0;
  for ( i = 0; i < 33; ++i )
  {
    for ( j = 1; j < 34; ++j )
    {
      v4 = v5++;
      if ( s[i] + s[j] != byte_8A0[v4] )
      {
        puts("nope!");
        return 1LL;
      }
    }
  }
  printf("CJ2019{%s}\n", s, a2);
  return 0LL;
}

signed __int64 __fastcall main(int a1, char **a2, char **a3)

{

int v4; // eax

int v5; // [rsp+1Ch] [rbp-14h]

signed int i; // [rsp+20h] [rbp-10h]

signed int j; // [rsp+24h] [rbp-Ch]

char *s; // [rsp+28h] [rbp-8h]

if ( a1 != 2 )

return 1LL;

s = a2[1];

if ( strlen(a2[1]) != 34 )

return 1LL;

v5 = 0;

for ( i = 0; i < 33; ++i )

{

for ( j = 1; j < 34; ++j )

{

v4 = v5++;

if ( s[i] + s[j] != byte_8A0[v4] )

{

puts("nope!");

return 1LL;

}

printf("CJ2019{%s}\n", s, a2);

return 0LL;

}

Dari algoritma diatas, string tersebut dibandingkan dengan sesuatu yang ada di dalam byte_8A0

.rodata:00000000000008A0 byte_8A0        db 0A9h, 0EEh, 0D8h, 0DCh, 0DAh, 0E7h, 0D8h, 0ECh, 0A9h
.rodata:00000000000008A0                                         ; DATA XREF: main+9E↑o
.rodata:00000000000008A0                 db 0E5h, 0EFh, 0DEh, 0D8h, 0EDh, 0E1h, 0E2h, 0AEh, 0D8h
.rodata:00000000000008A0                 db 0DEh, 0DAh, 0AEh, 0E2h, 0E5h, 0F2h, 0D8h, 0EEh, 0ECh
.rodata:00000000000008A0                 db 0E2h, 0E7h, 0B2h, 0D8h, 0D3h, 0ACh, 60h, 0A5h, 8Fh
.rodata:00000000000008A0                 db 93h, 91h, 9Eh, 8Fh, 0A3h, 60h, 9Ch, 0A6h, 95h, 8Fh
.rodata:00000000000008A0                 db 0A4h, 98h, 99h, 65h, 8Fh, 95h, 91h, 65h, 99h, 9Ch, 0A9h
.rodata:00000000000008A0                 db 8Fh, 0A5h, 0A3h, 99h, 9Eh, 69h, 8Fh, 8Ah, 63h, 0A5h
.rodata:00000000000008A0                 db 0EAh, 0D4h, 0D8h, 0D6h, 0E3h, 0D4h, 0E8h, 0A5h, 0E1h
.rodata:00000000000008A0                 db 0EBh, 0DAh, 0D4h, 0E9h, 0DDh, 0DEh, 0AAh, 0D4h, 0DAh
.rodata:00000000000008A0                 db 0D6h, 0AAh, 0DEh, 0E1h, 0EEh, 0D4h, 0EAh, 0E8h, 0DEh
.rodata:00000000000008A0                 db 0E3h, 0AEh, 0D4h, 0CFh, 0A8h, 8Fh, 0D4h, 0BEh, 0C2h
.rodata:00000000000008A0                 db 0C0h, 0CDh, 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh
.rodata:00000000000008A0                 db 0D3h, 0C7h, 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h
.rodata:00000000000008A0                 db 0CBh, 0D8h, 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh
.rodata:00000000000008A0                 db 0B9h, 92h, 93h, 0D8h, 0C2h, 0C6h, 0C4h, 0D1h, 0C2h
.rodata:00000000000008A0                 db 0D6h, 93h, 0CFh, 0D9h, 0C8h, 0C2h, 0D7h, 0CBh, 0CCh
.rodata:00000000000008A0                 db 98h, 0C2h, 0C8h, 0C4h, 98h, 0CCh, 0CFh, 0DCh, 0C2h
.rodata:00000000000008A0                 db 0D8h, 0D6h, 0CCh, 0D1h, 9Ch, 0C2h, 0BDh, 96h, 91h, 0D6h
.rodata:00000000000008A0                 db 0C0h, 0C4h, 0C2h, 0CFh, 0C0h, 0D4h, 91h, 0CDh, 0D7h
.rodata:00000000000008A0                 db 0C6h, 0C0h, 0D5h, 0C9h, 0CAh, 96h, 0C0h, 0C6h, 0C2h
.rodata:00000000000008A0                 db 96h, 0CAh, 0CDh, 0DAh, 0C0h, 0D6h, 0D4h, 0CAh, 0CFh
.rodata:00000000000008A0                 db 9Ah, 0C0h, 0BBh, 94h, 9Eh, 0E3h, 0CDh, 0D1h, 0CFh, 0DCh
.rodata:00000000000008A0                 db 0CDh, 0E1h, 9Eh, 0DAh, 0E4h, 0D3h, 0CDh, 0E2h, 0D6h
.rodata:00000000000008A0                 db 0D7h, 0A3h, 0CDh, 0D3h, 0CFh, 0A3h, 0D7h, 0DAh, 0E7h
.rodata:00000000000008A0                 db 0CDh, 0E3h, 0E1h, 0D7h, 0DCh, 0A7h, 0CDh, 0C8h, 0A1h
.rodata:00000000000008A0                 db 8Fh, 0D4h, 0BEh, 0C2h, 0C0h, 0CDh, 0BEh, 0D2h, 8Fh
.rodata:00000000000008A0                 db 0CBh, 0D5h, 0C4h, 0BEh, 0D3h, 0C7h, 0C8h, 94h, 0BEh
.rodata:00000000000008A0                 db 0C4h, 0C0h, 94h, 0C8h, 0CBh, 0D8h, 0BEh, 0D4h, 0D2h
.rodata:00000000000008A0                 db 0C8h, 0CDh, 98h, 0BEh, 0B9h, 92h, 0A3h, 0E8h, 0D2h
.rodata:00000000000008A0                 db 0D6h, 0D4h, 0E1h, 0D2h, 0E6h, 0A3h, 0DFh, 0E9h, 0D8h
.rodata:00000000000008A0                 db 0D2h, 0E7h, 0DBh, 0DCh, 0A8h, 0D2h, 0D8h, 0D4h, 0A8h
.rodata:00000000000008A0                 db 0DCh, 0DFh, 0ECh, 0D2h, 0E8h, 0E6h, 0DCh, 0E1h, 0ACh
.rodata:00000000000008A0                 db 0D2h, 0CDh, 0A6h, 60h, 0A5h, 8Fh, 93h, 91h, 9Eh, 8Fh
.rodata:00000000000008A0                 db 0A3h, 60h, 9Ch, 0A6h, 95h, 8Fh, 0A4h, 98h, 99h, 65h
.rodata:00000000000008A0                 db 8Fh, 95h, 91h, 65h, 99h, 9Ch, 0A9h, 8Fh, 0A5h, 0A3h
.rodata:00000000000008A0                 db 99h, 9Eh, 69h, 8Fh, 8Ah, 63h, 9Ch, 0E1h, 0CBh, 0CFh
.rodata:00000000000008A0                 db 0CDh, 0DAh, 0CBh, 0DFh, 9Ch, 0D8h, 0E2h, 0D1h, 0CBh
.rodata:00000000000008A0                 db 0E0h, 0D4h, 0D5h, 0A1h, 0CBh, 0D1h, 0CDh, 0A1h, 0D5h
.rodata:00000000000008A0                 db 0D8h, 0E5h, 0CBh, 0E1h, 0DFh, 0D5h, 0DAh, 0A5h, 0CBh
.rodata:00000000000008A0                 db 0C6h, 9Fh, 0A6h, 0EBh, 0D5h, 0D9h, 0D7h, 0E4h, 0D5h
.rodata:00000000000008A0                 db 0E9h, 0A6h, 0E2h, 0ECh, 0DBh, 0D5h, 0EAh, 0DEh, 0DFh
.rodata:00000000000008A0                 db 0ABh, 0D5h, 0DBh, 0D7h, 0ABh, 0DFh, 0E2h, 0EFh, 0D5h
.rodata:00000000000008A0                 db 0EBh, 0E9h, 0DFh, 0E4h, 0AFh, 0D5h, 0D0h, 0A9h, 95h
.rodata:00000000000008A0                 db 0DAh, 0C4h, 0C8h, 0C6h, 0D3h, 0C4h, 0D8h, 95h, 0D1h
.rodata:00000000000008A0                 db 0DBh, 0CAh, 0C4h, 0D9h, 0CDh, 0CEh, 9Ah, 0C4h, 0CAh
.rodata:00000000000008A0                 db 0C6h, 9Ah, 0CEh, 0D1h, 0DEh, 0C4h, 0DAh, 0D8h, 0CEh
.rodata:00000000000008A0                 db 0D3h, 9Eh, 0C4h, 0BFh, 98h, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h
.rodata:00000000000008A0                 db 0CDh, 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h
.rodata:00000000000008A0                 db 0C7h, 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh
.rodata:00000000000008A0                 db 0D8h, 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h
.rodata:00000000000008A0                 db 92h, 0A4h, 0E9h, 0D3h, 0D7h, 0D5h, 0E2h, 0D3h, 0E7h
.rodata:00000000000008A0                 db 0A4h, 0E0h, 0EAh, 0D9h, 0D3h, 0E8h, 0DCh, 0DDh, 0A9h
.rodata:00000000000008A0                 db 0D3h, 0D9h, 0D5h, 0A9h, 0DDh, 0E0h, 0EDh, 0D3h, 0E9h
.rodata:00000000000008A0                 db 0E7h, 0DDh, 0E2h, 0ADh, 0D3h, 0CEh, 0A7h, 98h, 0DDh
.rodata:00000000000008A0                 db 0C7h, 0CBh, 0C9h, 0D6h, 0C7h, 0DBh, 98h, 0D4h, 0DEh
.rodata:00000000000008A0                 db 0CDh, 0C7h, 0DCh, 0D0h, 0D1h, 9Dh, 0C7h, 0CDh, 0C9h
.rodata:00000000000008A0                 db 9Dh, 0D1h, 0D4h, 0E1h, 0C7h, 0DDh, 0DBh, 0D1h, 0D6h
.rodata:00000000000008A0                 db 0A1h, 0C7h, 0C2h, 9Bh, 99h, 0DEh, 0C8h, 0CCh, 0CAh
.rodata:00000000000008A0                 db 0D7h, 0C8h, 0DCh, 99h, 0D5h, 0DFh, 0CEh, 0C8h, 0DDh
.rodata:00000000000008A0                 db 0D1h, 0D2h, 9Eh, 0C8h, 0CEh, 0CAh, 9Eh, 0D2h, 0D5h
.rodata:00000000000008A0                 db 0E2h, 0C8h, 0DEh, 0DCh, 0D2h, 0D7h, 0A2h, 0C8h, 0C3h
.rodata:00000000000008A0                 db 9Ch, 65h, 0AAh, 94h, 98h, 96h, 0A3h, 94h, 0A8h, 65h
.rodata:00000000000008A0                 db 0A1h, 0ABh, 9Ah, 94h, 0A9h, 9Dh, 9Eh, 6Ah, 94h, 9Ah
.rodata:00000000000008A0                 db 96h, 6Ah, 9Eh, 0A1h, 0AEh, 94h, 0AAh, 0A8h, 9Eh, 0A3h
.rodata:00000000000008A0                 db 6Eh, 94h, 8Fh, 68h, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h, 0CDh
.rodata:00000000000008A0                 db 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h, 0C7h
.rodata:00000000000008A0                 db 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh, 0D8h
.rodata:00000000000008A0                 db 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h, 92h
.rodata:00000000000008A0                 db 95h, 0DAh, 0C4h, 0C8h, 0C6h, 0D3h, 0C4h, 0D8h, 95h
.rodata:00000000000008A0                 db 0D1h, 0DBh, 0CAh, 0C4h, 0D9h, 0CDh, 0CEh, 9Ah, 0C4h
.rodata:00000000000008A0                 db 0CAh, 0C6h, 9Ah, 0CEh, 0D1h, 0DEh, 0C4h, 0DAh, 0D8h
.rodata:00000000000008A0                 db 0CEh, 0D3h, 9Eh, 0C4h, 0BFh, 98h, 91h, 0D6h, 0C0h, 0C4h
.rodata:00000000000008A0                 db 0C2h, 0CFh, 0C0h, 0D4h, 91h, 0CDh, 0D7h, 0C6h, 0C0h
.rodata:00000000000008A0                 db 0D5h, 0C9h, 0CAh, 96h, 0C0h, 0C6h, 0C2h, 96h, 0CAh
.rodata:00000000000008A0                 db 0CDh, 0DAh, 0C0h, 0D6h, 0D4h, 0CAh, 0CFh, 9Ah, 0C0h
.rodata:00000000000008A0                 db 0BBh, 94h, 65h, 0AAh, 94h, 98h, 96h, 0A3h, 94h, 0A8h
.rodata:00000000000008A0                 db 65h, 0A1h, 0ABh, 9Ah, 94h, 0A9h, 9Dh, 9Eh, 6Ah, 94h
.rodata:00000000000008A0                 db 9Ah, 96h, 6Ah, 9Eh, 0A1h, 0AEh, 94h, 0AAh, 0A8h, 9Eh
.rodata:00000000000008A0                 db 0A3h, 6Eh, 94h, 8Fh, 68h, 99h, 0DEh, 0C8h, 0CCh, 0CAh
.rodata:00000000000008A0                 db 0D7h, 0C8h, 0DCh, 99h, 0D5h, 0DFh, 0CEh, 0C8h, 0DDh
.rodata:00000000000008A0                 db 0D1h, 0D2h, 9Eh, 0C8h, 0CEh, 0CAh, 9Eh, 0D2h, 0D5h
.rodata:00000000000008A0                 db 0E2h, 0C8h, 0DEh, 0DCh, 0D2h, 0D7h, 0A2h, 0C8h, 0C3h
.rodata:00000000000008A0                 db 2 dup(9Ch), 0E1h, 0CBh, 0CFh, 0CDh, 0DAh, 0CBh, 0DFh
.rodata:00000000000008A0                 db 9Ch, 0D8h, 0E2h, 0D1h, 0CBh, 0E0h, 0D4h, 0D5h, 0A1h
.rodata:00000000000008A0                 db 0CBh, 0D1h, 0CDh, 0A1h, 0D5h, 0D8h, 0E5h, 0CBh, 0E1h
.rodata:00000000000008A0                 db 0DFh, 0D5h, 0DAh, 0A5h, 0CBh, 0C6h, 9Fh, 0A9h, 0EEh
.rodata:00000000000008A0                 db 0D8h, 0DCh, 0DAh, 0E7h, 0D8h, 0ECh, 0A9h, 0E5h, 0EFh
.rodata:00000000000008A0                 db 0DEh, 0D8h, 0EDh, 0E1h, 0E2h, 0AEh, 0D8h, 0DEh, 0DAh
.rodata:00000000000008A0                 db 0AEh, 0E2h, 0E5h, 0F2h, 0D8h, 0EEh, 0ECh, 0E2h, 0E7h
.rodata:00000000000008A0                 db 0B2h, 0D8h, 0D3h, 0ACh, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h
.rodata:00000000000008A0                 db 0CDh, 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h
.rodata:00000000000008A0                 db 0C7h, 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh
.rodata:00000000000008A0                 db 0D8h, 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h
.rodata:00000000000008A0                 db 92h, 0A5h, 0EAh, 0D4h, 0D8h, 0D6h, 0E3h, 0D4h, 0E8h
.rodata:00000000000008A0                 db 0A5h, 0E1h, 0EBh, 0DAh, 0D4h, 0E9h, 0DDh, 0DEh, 0AAh
.rodata:00000000000008A0                 db 0D4h, 0DAh, 0D6h, 0AAh, 0DEh, 0E1h, 0EEh, 0D4h, 0EAh
.rodata:00000000000008A0                 db 0E8h, 0DEh, 0E3h, 0AEh, 0D4h, 0CFh, 0A8h, 0A3h, 0E8h
.rodata:00000000000008A0                 db 0D2h, 0D6h, 0D4h, 0E1h, 0D2h, 0E6h, 0A3h, 0DFh, 0E9h
.rodata:00000000000008A0                 db 0D8h, 0D2h, 0E7h, 0DBh, 0DCh, 0A8h, 0D2h, 0D8h, 0D4h
.rodata:00000000000008A0                 db 0A8h, 0DCh, 0DFh, 0ECh, 0D2h, 0E8h, 0E6h, 0DCh, 0E1h
.rodata:00000000000008A0                 db 0ACh, 0D2h, 0CDh, 0A6h, 99h, 0DEh, 0C8h, 0CCh, 0CAh
.rodata:00000000000008A0                 db 0D7h, 0C8h, 0DCh, 99h, 0D5h, 0DFh, 0CEh, 0C8h, 0DDh
.rodata:00000000000008A0                 db 0D1h, 0D2h, 9Eh, 0C8h, 0CEh, 0CAh, 9Eh, 0D2h, 0D5h
.rodata:00000000000008A0                 db 0E2h, 0C8h, 0DEh, 0DCh, 0D2h, 0D7h, 0A2h, 0C8h, 0C3h
.rodata:00000000000008A0                 db 9Ch, 9Eh, 0E3h, 0CDh, 0D1h, 0CFh, 0DCh, 0CDh, 0E1h
.rodata:00000000000008A0                 db 9Eh, 0DAh, 0E4h, 0D3h, 0CDh, 0E2h, 0D6h, 0D7h, 0A3h
.rodata:00000000000008A0                 db 0CDh, 0D3h, 0CFh, 0A3h, 0D7h, 0DAh, 0E7h, 0CDh, 0E3h
.rodata:00000000000008A0                 db 0E1h, 0D7h, 0DCh, 0A7h, 0CDh, 0C8h, 0A1h, 69h, 0AEh
.rodata:00000000000008A0                 db 98h, 9Ch, 9Ah, 0A7h, 98h, 0ACh, 69h, 0A5h, 0AFh, 9Eh
.rodata:00000000000008A0                 db 98h, 0ADh, 0A1h, 0A2h, 6Eh, 98h, 9Eh, 9Ah, 6Eh, 0A2h
.rodata:00000000000008A0                 db 0A5h, 0B2h, 98h, 0AEh, 0ACh, 0A2h, 0A7h, 72h, 98h, 93h
.rodata:00000000000008A0                 db 6Ch, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h, 0CDh, 0BEh, 0D2h
.rodata:00000000000008A0                 db 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h, 0C7h, 0C8h, 94h
.rodata:00000000000008A0                 db 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh, 0D8h, 0BEh, 0D4h
.rodata:00000000000008A0                 db 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h, 92h, 8Ah, 0CFh, 0B9h
.rodata:00000000000008A0                 db 0BDh, 0BBh, 0C8h, 0B9h, 0CDh, 8Ah, 0C6h, 0D0h, 0BFh
.rodata:00000000000008A0                 db 0B9h, 0CEh, 0C2h, 0C3h, 8Fh, 0B9h, 0BFh, 0BBh, 8Fh
.rodata:00000000000008A0                 db 0C3h, 0C6h, 0D3h, 0B9h, 0CFh, 0CDh, 0C3h, 0C8h, 93h
.rodata:00000000000008A0                 db 0B9h, 0B4h, 8Dh

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

.rodata:00000000000008A0 byte_8A0 db 0A9h, 0EEh, 0D8h, 0DCh, 0DAh, 0E7h, 0D8h, 0ECh, 0A9h

.rodata:00000000000008A0 ; DATA XREF: main+9E↑o

.rodata:00000000000008A0 db 0E5h, 0EFh, 0DEh, 0D8h, 0EDh, 0E1h, 0E2h, 0AEh, 0D8h

.rodata:00000000000008A0 db 0DEh, 0DAh, 0AEh, 0E2h, 0E5h, 0F2h, 0D8h, 0EEh, 0ECh

.rodata:00000000000008A0 db 0E2h, 0E7h, 0B2h, 0D8h, 0D3h, 0ACh, 60h, 0A5h, 8Fh

.rodata:00000000000008A0 db 93h, 91h, 9Eh, 8Fh, 0A3h, 60h, 9Ch, 0A6h, 95h, 8Fh

.rodata:00000000000008A0 db 0A4h, 98h, 99h, 65h, 8Fh, 95h, 91h, 65h, 99h, 9Ch, 0A9h

.rodata:00000000000008A0 db 8Fh, 0A5h, 0A3h, 99h, 9Eh, 69h, 8Fh, 8Ah, 63h, 0A5h

.rodata:00000000000008A0 db 0EAh, 0D4h, 0D8h, 0D6h, 0E3h, 0D4h, 0E8h, 0A5h, 0E1h

.rodata:00000000000008A0 db 0EBh, 0DAh, 0D4h, 0E9h, 0DDh, 0DEh, 0AAh, 0D4h, 0DAh

.rodata:00000000000008A0 db 0D6h, 0AAh, 0DEh, 0E1h, 0EEh, 0D4h, 0EAh, 0E8h, 0DEh

.rodata:00000000000008A0 db 0E3h, 0AEh, 0D4h, 0CFh, 0A8h, 8Fh, 0D4h, 0BEh, 0C2h

.rodata:00000000000008A0 db 0C0h, 0CDh, 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh

.rodata:00000000000008A0 db 0D3h, 0C7h, 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h

.rodata:00000000000008A0 db 0CBh, 0D8h, 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh

.rodata:00000000000008A0 db 0B9h, 92h, 93h, 0D8h, 0C2h, 0C6h, 0C4h, 0D1h, 0C2h

.rodata:00000000000008A0 db 0D6h, 93h, 0CFh, 0D9h, 0C8h, 0C2h, 0D7h, 0CBh, 0CCh

.rodata:00000000000008A0 db 98h, 0C2h, 0C8h, 0C4h, 98h, 0CCh, 0CFh, 0DCh, 0C2h

.rodata:00000000000008A0 db 0D8h, 0D6h, 0CCh, 0D1h, 9Ch, 0C2h, 0BDh, 96h, 91h, 0D6h

.rodata:00000000000008A0 db 0C0h, 0C4h, 0C2h, 0CFh, 0C0h, 0D4h, 91h, 0CDh, 0D7h

.rodata:00000000000008A0 db 0C6h, 0C0h, 0D5h, 0C9h, 0CAh, 96h, 0C0h, 0C6h, 0C2h

.rodata:00000000000008A0 db 96h, 0CAh, 0CDh, 0DAh, 0C0h, 0D6h, 0D4h, 0CAh, 0CFh

.rodata:00000000000008A0 db 9Ah, 0C0h, 0BBh, 94h, 9Eh, 0E3h, 0CDh, 0D1h, 0CFh, 0DCh

.rodata:00000000000008A0 db 0CDh, 0E1h, 9Eh, 0DAh, 0E4h, 0D3h, 0CDh, 0E2h, 0D6h

.rodata:00000000000008A0 db 0D7h, 0A3h, 0CDh, 0D3h, 0CFh, 0A3h, 0D7h, 0DAh, 0E7h

.rodata:00000000000008A0 db 0CDh, 0E3h, 0E1h, 0D7h, 0DCh, 0A7h, 0CDh, 0C8h, 0A1h

.rodata:00000000000008A0 db 8Fh, 0D4h, 0BEh, 0C2h, 0C0h, 0CDh, 0BEh, 0D2h, 8Fh

.rodata:00000000000008A0 db 0CBh, 0D5h, 0C4h, 0BEh, 0D3h, 0C7h, 0C8h, 94h, 0BEh

.rodata:00000000000008A0 db 0C4h, 0C0h, 94h, 0C8h, 0CBh, 0D8h, 0BEh, 0D4h, 0D2h

.rodata:00000000000008A0 db 0C8h, 0CDh, 98h, 0BEh, 0B9h, 92h, 0A3h, 0E8h, 0D2h

.rodata:00000000000008A0 db 0D6h, 0D4h, 0E1h, 0D2h, 0E6h, 0A3h, 0DFh, 0E9h, 0D8h

.rodata:00000000000008A0 db 0D2h, 0E7h, 0DBh, 0DCh, 0A8h, 0D2h, 0D8h, 0D4h, 0A8h

.rodata:00000000000008A0 db 0DCh, 0DFh, 0ECh, 0D2h, 0E8h, 0E6h, 0DCh, 0E1h, 0ACh

.rodata:00000000000008A0 db 0D2h, 0CDh, 0A6h, 60h, 0A5h, 8Fh, 93h, 91h, 9Eh, 8Fh

.rodata:00000000000008A0 db 0A3h, 60h, 9Ch, 0A6h, 95h, 8Fh, 0A4h, 98h, 99h, 65h

.rodata:00000000000008A0 db 8Fh, 95h, 91h, 65h, 99h, 9Ch, 0A9h, 8Fh, 0A5h, 0A3h

.rodata:00000000000008A0 db 99h, 9Eh, 69h, 8Fh, 8Ah, 63h, 9Ch, 0E1h, 0CBh, 0CFh

.rodata:00000000000008A0 db 0CDh, 0DAh, 0CBh, 0DFh, 9Ch, 0D8h, 0E2h, 0D1h, 0CBh

.rodata:00000000000008A0 db 0E0h, 0D4h, 0D5h, 0A1h, 0CBh, 0D1h, 0CDh, 0A1h, 0D5h

.rodata:00000000000008A0 db 0D8h, 0E5h, 0CBh, 0E1h, 0DFh, 0D5h, 0DAh, 0A5h, 0CBh

.rodata:00000000000008A0 db 0C6h, 9Fh, 0A6h, 0EBh, 0D5h, 0D9h, 0D7h, 0E4h, 0D5h

.rodata:00000000000008A0 db 0E9h, 0A6h, 0E2h, 0ECh, 0DBh, 0D5h, 0EAh, 0DEh, 0DFh

.rodata:00000000000008A0 db 0ABh, 0D5h, 0DBh, 0D7h, 0ABh, 0DFh, 0E2h, 0EFh, 0D5h

.rodata:00000000000008A0 db 0EBh, 0E9h, 0DFh, 0E4h, 0AFh, 0D5h, 0D0h, 0A9h, 95h

.rodata:00000000000008A0 db 0DAh, 0C4h, 0C8h, 0C6h, 0D3h, 0C4h, 0D8h, 95h, 0D1h

.rodata:00000000000008A0 db 0DBh, 0CAh, 0C4h, 0D9h, 0CDh, 0CEh, 9Ah, 0C4h, 0CAh

.rodata:00000000000008A0 db 0C6h, 9Ah, 0CEh, 0D1h, 0DEh, 0C4h, 0DAh, 0D8h, 0CEh

.rodata:00000000000008A0 db 0D3h, 9Eh, 0C4h, 0BFh, 98h, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h

.rodata:00000000000008A0 db 0CDh, 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h

.rodata:00000000000008A0 db 0C7h, 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh

.rodata:00000000000008A0 db 0D8h, 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h

.rodata:00000000000008A0 db 92h, 0A4h, 0E9h, 0D3h, 0D7h, 0D5h, 0E2h, 0D3h, 0E7h

.rodata:00000000000008A0 db 0A4h, 0E0h, 0EAh, 0D9h, 0D3h, 0E8h, 0DCh, 0DDh, 0A9h

.rodata:00000000000008A0 db 0D3h, 0D9h, 0D5h, 0A9h, 0DDh, 0E0h, 0EDh, 0D3h, 0E9h

.rodata:00000000000008A0 db 0E7h, 0DDh, 0E2h, 0ADh, 0D3h, 0CEh, 0A7h, 98h, 0DDh

.rodata:00000000000008A0 db 0C7h, 0CBh, 0C9h, 0D6h, 0C7h, 0DBh, 98h, 0D4h, 0DEh

.rodata:00000000000008A0 db 0CDh, 0C7h, 0DCh, 0D0h, 0D1h, 9Dh, 0C7h, 0CDh, 0C9h

.rodata:00000000000008A0 db 9Dh, 0D1h, 0D4h, 0E1h, 0C7h, 0DDh, 0DBh, 0D1h, 0D6h

.rodata:00000000000008A0 db 0A1h, 0C7h, 0C2h, 9Bh, 99h, 0DEh, 0C8h, 0CCh, 0CAh

.rodata:00000000000008A0 db 0D7h, 0C8h, 0DCh, 99h, 0D5h, 0DFh, 0CEh, 0C8h, 0DDh

.rodata:00000000000008A0 db 0D1h, 0D2h, 9Eh, 0C8h, 0CEh, 0CAh, 9Eh, 0D2h, 0D5h

.rodata:00000000000008A0 db 0E2h, 0C8h, 0DEh, 0DCh, 0D2h, 0D7h, 0A2h, 0C8h, 0C3h

.rodata:00000000000008A0 db 9Ch, 65h, 0AAh, 94h, 98h, 96h, 0A3h, 94h, 0A8h, 65h

.rodata:00000000000008A0 db 0A1h, 0ABh, 9Ah, 94h, 0A9h, 9Dh, 9Eh, 6Ah, 94h, 9Ah

.rodata:00000000000008A0 db 96h, 6Ah, 9Eh, 0A1h, 0AEh, 94h, 0AAh, 0A8h, 9Eh, 0A3h

.rodata:00000000000008A0 db 6Eh, 94h, 8Fh, 68h, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h, 0CDh

.rodata:00000000000008A0 db 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h, 0C7h

.rodata:00000000000008A0 db 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh, 0D8h

.rodata:00000000000008A0 db 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h, 92h

.rodata:00000000000008A0 db 95h, 0DAh, 0C4h, 0C8h, 0C6h, 0D3h, 0C4h, 0D8h, 95h

.rodata:00000000000008A0 db 0D1h, 0DBh, 0CAh, 0C4h, 0D9h, 0CDh, 0CEh, 9Ah, 0C4h

.rodata:00000000000008A0 db 0CAh, 0C6h, 9Ah, 0CEh, 0D1h, 0DEh, 0C4h, 0DAh, 0D8h

.rodata:00000000000008A0 db 0CEh, 0D3h, 9Eh, 0C4h, 0BFh, 98h, 91h, 0D6h, 0C0h, 0C4h

.rodata:00000000000008A0 db 0C2h, 0CFh, 0C0h, 0D4h, 91h, 0CDh, 0D7h, 0C6h, 0C0h

.rodata:00000000000008A0 db 0D5h, 0C9h, 0CAh, 96h, 0C0h, 0C6h, 0C2h, 96h, 0CAh

.rodata:00000000000008A0 db 0CDh, 0DAh, 0C0h, 0D6h, 0D4h, 0CAh, 0CFh, 9Ah, 0C0h

.rodata:00000000000008A0 db 0BBh, 94h, 65h, 0AAh, 94h, 98h, 96h, 0A3h, 94h, 0A8h

.rodata:00000000000008A0 db 65h, 0A1h, 0ABh, 9Ah, 94h, 0A9h, 9Dh, 9Eh, 6Ah, 94h

.rodata:00000000000008A0 db 9Ah, 96h, 6Ah, 9Eh, 0A1h, 0AEh, 94h, 0AAh, 0A8h, 9Eh

.rodata:00000000000008A0 db 0A3h, 6Eh, 94h, 8Fh, 68h, 99h, 0DEh, 0C8h, 0CCh, 0CAh

.rodata:00000000000008A0 db 0D7h, 0C8h, 0DCh, 99h, 0D5h, 0DFh, 0CEh, 0C8h, 0DDh

.rodata:00000000000008A0 db 0D1h, 0D2h, 9Eh, 0C8h, 0CEh, 0CAh, 9Eh, 0D2h, 0D5h

.rodata:00000000000008A0 db 0E2h, 0C8h, 0DEh, 0DCh, 0D2h, 0D7h, 0A2h, 0C8h, 0C3h

.rodata:00000000000008A0 db 2 dup(9Ch), 0E1h, 0CBh, 0CFh, 0CDh, 0DAh, 0CBh, 0DFh

.rodata:00000000000008A0 db 9Ch, 0D8h, 0E2h, 0D1h, 0CBh, 0E0h, 0D4h, 0D5h, 0A1h

.rodata:00000000000008A0 db 0CBh, 0D1h, 0CDh, 0A1h, 0D5h, 0D8h, 0E5h, 0CBh, 0E1h

.rodata:00000000000008A0 db 0DFh, 0D5h, 0DAh, 0A5h, 0CBh, 0C6h, 9Fh, 0A9h, 0EEh

.rodata:00000000000008A0 db 0D8h, 0DCh, 0DAh, 0E7h, 0D8h, 0ECh, 0A9h, 0E5h, 0EFh

.rodata:00000000000008A0 db 0DEh, 0D8h, 0EDh, 0E1h, 0E2h, 0AEh, 0D8h, 0DEh, 0DAh

.rodata:00000000000008A0 db 0AEh, 0E2h, 0E5h, 0F2h, 0D8h, 0EEh, 0ECh, 0E2h, 0E7h

.rodata:00000000000008A0 db 0B2h, 0D8h, 0D3h, 0ACh, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h

.rodata:00000000000008A0 db 0CDh, 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h

.rodata:00000000000008A0 db 0C7h, 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh

.rodata:00000000000008A0 db 0D8h, 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h

.rodata:00000000000008A0 db 92h, 0A5h, 0EAh, 0D4h, 0D8h, 0D6h, 0E3h, 0D4h, 0E8h

.rodata:00000000000008A0 db 0A5h, 0E1h, 0EBh, 0DAh, 0D4h, 0E9h, 0DDh, 0DEh, 0AAh

.rodata:00000000000008A0 db 0D4h, 0DAh, 0D6h, 0AAh, 0DEh, 0E1h, 0EEh, 0D4h, 0EAh

.rodata:00000000000008A0 db 0E8h, 0DEh, 0E3h, 0AEh, 0D4h, 0CFh, 0A8h, 0A3h, 0E8h

.rodata:00000000000008A0 db 0D2h, 0D6h, 0D4h, 0E1h, 0D2h, 0E6h, 0A3h, 0DFh, 0E9h

.rodata:00000000000008A0 db 0D8h, 0D2h, 0E7h, 0DBh, 0DCh, 0A8h, 0D2h, 0D8h, 0D4h

.rodata:00000000000008A0 db 0A8h, 0DCh, 0DFh, 0ECh, 0D2h, 0E8h, 0E6h, 0DCh, 0E1h

.rodata:00000000000008A0 db 0ACh, 0D2h, 0CDh, 0A6h, 99h, 0DEh, 0C8h, 0CCh, 0CAh

.rodata:00000000000008A0 db 0D7h, 0C8h, 0DCh, 99h, 0D5h, 0DFh, 0CEh, 0C8h, 0DDh

.rodata:00000000000008A0 db 0D1h, 0D2h, 9Eh, 0C8h, 0CEh, 0CAh, 9Eh, 0D2h, 0D5h

.rodata:00000000000008A0 db 0E2h, 0C8h, 0DEh, 0DCh, 0D2h, 0D7h, 0A2h, 0C8h, 0C3h

.rodata:00000000000008A0 db 9Ch, 9Eh, 0E3h, 0CDh, 0D1h, 0CFh, 0DCh, 0CDh, 0E1h

.rodata:00000000000008A0 db 9Eh, 0DAh, 0E4h, 0D3h, 0CDh, 0E2h, 0D6h, 0D7h, 0A3h

.rodata:00000000000008A0 db 0CDh, 0D3h, 0CFh, 0A3h, 0D7h, 0DAh, 0E7h, 0CDh, 0E3h

.rodata:00000000000008A0 db 0E1h, 0D7h, 0DCh, 0A7h, 0CDh, 0C8h, 0A1h, 69h, 0AEh

.rodata:00000000000008A0 db 98h, 9Ch, 9Ah, 0A7h, 98h, 0ACh, 69h, 0A5h, 0AFh, 9Eh

.rodata:00000000000008A0 db 98h, 0ADh, 0A1h, 0A2h, 6Eh, 98h, 9Eh, 9Ah, 6Eh, 0A2h

.rodata:00000000000008A0 db 0A5h, 0B2h, 98h, 0AEh, 0ACh, 0A2h, 0A7h, 72h, 98h, 93h

.rodata:00000000000008A0 db 6Ch, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h, 0CDh, 0BEh, 0D2h

.rodata:00000000000008A0 db 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h, 0C7h, 0C8h, 94h

.rodata:00000000000008A0 db 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh, 0D8h, 0BEh, 0D4h

.rodata:00000000000008A0 db 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h, 92h, 8Ah, 0CFh, 0B9h

.rodata:00000000000008A0 db 0BDh, 0BBh, 0C8h, 0B9h, 0CDh, 8Ah, 0C6h, 0D0h, 0BFh

.rodata:00000000000008A0 db 0B9h, 0CEh, 0C2h, 0C3h, 8Fh, 0B9h, 0BFh, 0BBh, 8Fh

.rodata:00000000000008A0 db 0C3h, 0C6h, 0D3h, 0B9h, 0CFh, 0CDh, 0C3h, 0C8h, 93h

.rodata:00000000000008A0 db 0B9h, 0B4h, 8Dh

Kemudian kita buat menjadi desimal yang menjadi

169,238,216,220,218,231,216,236,169,229,239,222,216,237,225,226,174,216,222,218,174,226,229,242,216,238,236,226,231,178,216,211,172,96,165,143,147,145,158,143,163,96,156,166,149,143,164,152,153,101,143,149,145,101,153,156,169,143,165,163,153,158,105,143,138,99,165,234,212,216,214,227,212,232,165,225,235,218,212,233,221,222,170,212,218,214,170,222,225,238,212,234,232,222,227,174,212,207,168,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,147,216,194,198,196,209,194,214,147,207,217,200,194,215,203,204,152,194,200,196,152,204,207,220,194,216,214,204,209,156,194,189,150,145,214,192,196,194,207,192,212,145,205,215,198,192,213,201,202,150,192,198,194,150,202,205,218,192,214,212,202,207,154,192,187,148,158,227,205,209,207,220,205,225,158,218,228,211,205,226,214,215,163,205,211,207,163,215,218,231,205,227,225,215,220,167,205,200,161,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,163,232,210,214,212,225,210,230,163,223,233,216,210,231,219,220,168,210,216,212,168,220,223,236,210,232,230,220,225,172,210,205,166,96,165,143,147,145,158,143,163,96,156,166,149,143,164,152,153,101,143,149,145,101,153,156,169,143,165,163,153,158,105,143,138,99,156,225,203,207,205,218,203,223,156,216,226,209,203,224,212,213,161,203,209,205,161,213,216,229,203,225,223,213,218,165,203,198,159,166,235,213,217,215,228,213,233,166,226,236,219,213,234,222,223,171,213,219,215,171,223,226,239,213,235,233,223,228,175,213,208,169,149,218,196,200,198,211,196,216,149,209,219,202,196,217,205,206,154,196,202,198,154,206,209,222,196,218,216,206,211,158,196,191,152,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,164,233,211,215,213,226,211,231,164,224,234,217,211,232,220,221,169,211,217,213,169,221,224,237,211,233,231,221,226,173,211,206,167,152,221,199,203,201,214,199,219,152,212,222,205,199,220,208,209,157,199,205,201,157,209,212,225,199,221,219,209,214,161,199,194,155,153,222,200,204,202,215,200,220,153,213,223,206,200,221,209,210,158,200,206,202,158,210,213,226,200,222,220,210,215,162,200,195,156,101,170,148,152,150,163,148,168,101,161,171,154,148,169,157,158,106,148,154,150,106,158,161,174,148,170,168,158,163,110,148,143,104,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,149,218,196,200,198,211,196,216,149,209,219,202,196,217,205,206,154,196,202,198,154,206,209,222,196,218,216,206,211,158,196,191,152,145,214,192,196,194,207,192,212,145,205,215,198,192,213,201,202,150,192,198,194,150,202,205,218,192,214,212,202,207,154,192,187,148,101,170,148,152,150,163,148,168,101,161,171,154,148,169,157,158,106,148,154,150,106,158,161,174,148,170,168,158,163,110,148,143,104,153,222,200,204,202,215,200,220,153,213,223,206,200,221,209,210,158,200,206,202,158,210,213,226,200,222,220,210,215,162,200,195,156,156,225,203,207,205,218,203,223,156,216,226,209,203,224,212,213,161,203,209,205,161,213,216,229,203,225,223,213,218,165,203,198,159,169,238,216,220,218,231,216,236,169,229,239,222,216,237,225,226,174,216,222,218,174,226,229,242,216,238,236,226,231,178,216,211,172,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,165,234,212,216,214,227,212,232,165,225,235,218,212,233,221,222,170,212,218,214,170,222,225,238,212,234,232,222,227,174,212,207,168,163,232,210,214,212,225,210,230,163,223,233,216,210,231,219,220,168,210,216,212,168,220,223,236,210,232,230,220,225,172,210,205,166,153,222,200,204,202,215,200,220,153,213,223,206,200,221,209,210,158,200,206,202,158,210,213,226,200,222,220,210,215,162,200,195,156,158,227,205,209,207,220,205,225,158,218,228,211,205,226,214,215,163,205,211,207,163,215,218,231,205,227,225,215,220,167,205,200,161,105,174,152,156,154,167,152,172,105,165,175,158,152,173,161,162,110,152,158,154,110,162,165,178,152,174,172,162,167,114,152,147,108,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,138,207,185,189,187,200,185,205,138,198,208,191,185,206,194,195,143,185,191,187,143,195,198,211,185,207,205,195,200,147,185,180,141

169,238,216,220,218,231,216,236,169,229,239,222,216,237,225,226,174,216,222,218,174,226,229,242,216,238,236,226,231,178,216,211,172,96,165,143,147,145,158,143,163,96,156,166,149,143,164,152,153,101,143,149,145,101,153,156,169,143,165,163,153,158,105,143,138,99,165,234,212,216,214,227,212,232,165,225,235,218,212,233,221,222,170,212,218,214,170,222,225,238,212,234,232,222,227,174,212,207,168,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,147,216,194,198,196,209,194,214,147,207,217,200,194,215,203,204,152,194,200,196,152,204,207,220,194,216,214,204,209,156,194,189,150,145,214,192,196,194,207,192,212,145,205,215,198,192,213,201,202,150,192,198,194,150,202,205,218,192,214,212,202,207,154,192,187,148,158,227,205,209,207,220,205,225,158,218,228,211,205,226,214,215,163,205,211,207,163,215,218,231,205,227,225,215,220,167,205,200,161,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,163,232,210,214,212,225,210,230,163,223,233,216,210,231,219,220,168,210,216,212,168,220,223,236,210,232,230,220,225,172,210,205,166,96,165,143,147,145,158,143,163,96,156,166,149,143,164,152,153,101,143,149,145,101,153,156,169,143,165,163,153,158,105,143,138,99,156,225,203,207,205,218,203,223,156,216,226,209,203,224,212,213,161,203,209,205,161,213,216,229,203,225,223,213,218,165,203,198,159,166,235,213,217,215,228,213,233,166,226,236,219,213,234,222,223,171,213,219,215,171,223,226,239,213,235,233,223,228,175,213,208,169,149,218,196,200,198,211,196,216,149,209,219,202,196,217,205,206,154,196,202,198,154,206,209,222,196,218,216,206,211,158,196,191,152,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,164,233,211,215,213,226,211,231,164,224,234,217,211,232,220,221,169,211,217,213,169,221,224,237,211,233,231,221,226,173,211,206,167,152,221,199,203,201,214,199,219,152,212,222,205,199,220,208,209,157,199,205,201,157,209,212,225,199,221,219,209,214,161,199,194,155,153,222,200,204,202,215,200,220,153,213,223,206,200,221,209,210,158,200,206,202,158,210,213,226,200,222,220,210,215,162,200,195,156,101,170,148,152,150,163,148,168,101,161,171,154,148,169,157,158,106,148,154,150,106,158,161,174,148,170,168,158,163,110,148,143,104,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,149,218,196,200,198,211,196,216,149,209,219,202,196,217,205,206,154,196,202,198,154,206,209,222,196,218,216,206,211,158,196,191,152,145,214,192,196,194,207,192,212,145,205,215,198,192,213,201,202,150,192,198,194,150,202,205,218,192,214,212,202,207,154,192,187,148,101,170,148,152,150,163,148,168,101,161,171,154,148,169,157,158,106,148,154,150,106,158,161,174,148,170,168,158,163,110,148,143,104,153,222,200,204,202,215,200,220,153,213,223,206,200,221,209,210,158,200,206,202,158,210,213,226,200,222,220,210,215,162,200,195,156,156,225,203,207,205,218,203,223,156,216,226,209,203,224,212,213,161,203,209,205,161,213,216,229,203,225,223,213,218,165,203,198,159,169,238,216,220,218,231,216,236,169,229,239,222,216,237,225,226,174,216,222,218,174,226,229,242,216,238,236,226,231,178,216,211,172,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,165,234,212,216,214,227,212,232,165,225,235,218,212,233,221,222,170,212,218,214,170,222,225,238,212,234,232,222,227,174,212,207,168,163,232,210,214,212,225,210,230,163,223,233,216,210,231,219,220,168,210,216,212,168,220,223,236,210,232,230,220,225,172,210,205,166,153,222,200,204,202,215,200,220,153,213,223,206,200,221,209,210,158,200,206,202,158,210,213,226,200,222,220,210,215,162,200,195,156,158,227,205,209,207,220,205,225,158,218,228,211,205,226,214,215,163,205,211,207,163,215,218,231,205,227,225,215,220,167,205,200,161,105,174,152,156,154,167,152,172,105,165,175,158,152,173,161,162,110,152,158,154,110,162,165,178,152,174,172,162,167,114,152,147,108,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,138,207,185,189,187,200,185,205,138,198,208,191,185,206,194,195,143,185,191,187,143,195,198,211,185,207,205,195,200,147,185,180,141

Dari main diatas dan isi dari byte_8A0, kita buat solvernya dengan menggunakan […]

July 29, 2019

[BackdoorCTF 2017] – No Calm

Posted in Reverse Engineering by Jason Theopilus Leave a Comment

Soal ini diberikan sebuah ELF 64bit file yang bisa kalian download disini Kemudian coba kita buka file tersebut dalam IDA Pro 64 bit, dan kita lihat psudeocodenya.

int __cdecl main(int argc, const char **argv, const char **envp)
{
  int i; // [rsp+1Ch] [rbp-34h]
  char v5; // [rsp+20h] [rbp-30h]
  char v6; // [rsp+21h] [rbp-2Fh]
  char v7; // [rsp+22h] [rbp-2Eh]
  char v8; // [rsp+23h] [rbp-2Dh]
  char v9; // [rsp+24h] [rbp-2Ch]
  char v10; // [rsp+25h] [rbp-2Bh]
  char v11; // [rsp+26h] [rbp-2Ah]
  char v12; // [rsp+27h] [rbp-29h]
  char v13; // [rsp+28h] [rbp-28h]
  char v14; // [rsp+29h] [rbp-27h]
  char v15; // [rsp+2Ah] [rbp-26h]
  char v16; // [rsp+2Bh] [rbp-25h]
  char v17; // [rsp+2Ch] [rbp-24h]
  char v18; // [rsp+2Dh] [rbp-23h]
  char v19; // [rsp+2Eh] [rbp-22h]
  char v20; // [rsp+2Fh] [rbp-21h]
  char v21; // [rsp+30h] [rbp-20h]
  char v22; // [rsp+31h] [rbp-1Fh]
  char v23; // [rsp+32h] [rbp-1Eh]
  char v24; // [rsp+33h] [rbp-1Dh]
  char v25; // [rsp+34h] [rbp-1Ch]
  char v26; // [rsp+35h] [rbp-1Bh]
  char v27; // [rsp+36h] [rbp-1Ah]
  char v28; // [rsp+37h] [rbp-19h]
  char v29; // [rsp+38h] [rbp-18h]
  char v30; // [rsp+39h] [rbp-17h]
  char v31; // [rsp+3Ah] [rbp-16h]
  char v32; // [rsp+3Bh] [rbp-15h]
  char v33; // [rsp+3Ch] [rbp-14h]
  char v34; // [rsp+3Dh] [rbp-13h]
  unsigned __int64 v35; // [rsp+48h] [rbp-8h]

  v35 = __readfsqword(0x28u);
  if ( argc != 31 )
  {
    printf("Usage ./challenge <each byte of flag seperated by spaces>", argv, envp, argv);
    exit(1);
  }
  for ( i = 0; argc - 1 > i; ++i )
    *(&v5 + i) = *argv[i + 1LL];
  if ( v6 + v5 - v7 == 81 )
  {
    if ( v5 - v6 + v7 == 53 )
    {
      if ( v6 - v5 + v7 == 87 )
      {
        if ( v9 + v8 - v10 == 90 )
        {
          if ( v8 - v9 + v10 == 156 )
          {
            if ( v9 - v8 + v10 == 66 )
            {
              if ( v12 + v11 - v13 == 98 )
              {
                if ( v11 - v12 + v13 == 140 )
                {
                  if ( v12 - v11 + v13 == 92 )
                  {
                    if ( v15 + v14 - v16 == 38 )
                    {
                      if ( v14 - v15 + v16 == 170 )
                      {
                        if ( v15 - v14 + v16 == 60 )
                        {
                          if ( v18 + v17 - v19 == 29 )
                          {
                            if ( v17 - v18 + v19 == 161 )
                            {
                              if ( v18 - v17 + v19 == 69 )
                              {
                                if ( v21 + v20 - v22 == 163 )
                                {
                                  if ( v20 - v21 + v22 == 27 )
                                  {
                                    if ( v21 - v20 + v22 == 69 )
                                    {
                                      if ( v24 + v23 - v25 == 147 )
                                      {
                                        if ( v23 - v24 + v25 == 43 )
                                        {
                                          if ( v24 - v23 + v25 == 59 )
                                          {
                                            if ( v27 + v26 - v28 == 146 )
                                            {
                                              if ( v26 - v27 + v28 == 86 )
                                              {
                                                if ( v27 - v26 + v28 == 44 )
                                                {
                                                  if ( v30 + v29 - v31 == 67 )
                                                  {
                                                    if ( v29 - v30 + v31 == 89 )
                                                    {
                                                      if ( v30 - v29 + v31 == 75 )
                                                      {
                                                        if ( v33 + v32 - v34 == 117 )
                                                        {
                                                          if ( v32 - v33 + v34 == 125 )
                                                          {
                                                            if ( v33 - v32 + v34 == 125 )
                                                              success();
                                                            else
                                                              fail();
                                                          }
                                                          else
                                                          {
                                                            fail();
                                                          }
                                                        }
                                                        else
                                                        {
                                                          fail();
                                                        }
                                                      }
                                                      else
                                                      {
                                                        fail();
                                                      }
                                                    }
                                                    else
                                                    {
                                                      fail();
                                                    }
                                                  }
                                                  else
                                                  {
                                                    fail();
                                                  }
                                                }
                                                else
                                                {
                                                  fail();
                                                }
                                              }
                                              else
                                              {
                                                fail();
                                              }
                                            }
                                            else
                                            {
                                              fail();
                                            }
                                          }
                                          else
                                          {
                                            fail();
                                          }
                                        }
                                        else
                                        {
                                          fail();
                                        }
                                      }
                                      else
                                      {
                                        fail();
                                      }
                                    }
                                    else
                                    {
                                      fail();
                                    }
                                  }
                                  else
                                  {
                                    fail();
                                  }
                                }
                                else
                                {
                                  fail();
                                }
                              }
                              else
                              {
                                fail();
                              }
                            }
                            else
                            {
                              fail();
                            }
                          }
                          else
                          {
                            fail();
                          }
                        }
                        else
                        {
                          fail();
                        }
                      }
                      else
                      {
                        fail();
                      }
                    }
                    else
                    {
                      fail();
                    }
                  }
                  else
                  {
                    fail();
                  }
                }
                else
                {
                  fail();
                }
              }
              else
              {
                fail();
              }
            }
            else
            {
              fail();
            }
          }
          else
          {
            fail();
          }
        }
        else
        {
          fail();
        }
      }
      else
      {
        fail();
      }
    }
    else
    {
      fail();
    }
  }
  else
  {
    fail();
  }
  return 0;
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

int __cdecl main(int argc, const char **argv, const char **envp)

{

int i; // [rsp+1Ch] [rbp-34h]

char v5; // [rsp+20h] [rbp-30h]

char v6; // [rsp+21h] [rbp-2Fh]

char v7; // [rsp+22h] [rbp-2Eh]

char v8; // [rsp+23h] [rbp-2Dh]

char v9; // [rsp+24h] [rbp-2Ch]

char v10; // [rsp+25h] [rbp-2Bh]

char v11; // [rsp+26h] [rbp-2Ah]

char v12; // [rsp+27h] [rbp-29h]

char v13; // [rsp+28h] [rbp-28h]

char v14; // [rsp+29h] [rbp-27h]

char v15; // [rsp+2Ah] [rbp-26h]

char v16; // [rsp+2Bh] [rbp-25h]

char v17; // [rsp+2Ch] [rbp-24h]

char v18; // [rsp+2Dh] [rbp-23h]

char v19; // [rsp+2Eh] [rbp-22h]

char v20; // [rsp+2Fh] [rbp-21h]

char v21; // [rsp+30h] [rbp-20h]

char v22; // [rsp+31h] [rbp-1Fh]

char v23; // [rsp+32h] [rbp-1Eh]

char v24; // [rsp+33h] [rbp-1Dh]

char v25; // [rsp+34h] [rbp-1Ch]

char v26; // [rsp+35h] [rbp-1Bh]

char v27; // [rsp+36h] [rbp-1Ah]

char v28; // [rsp+37h] [rbp-19h]

char v29; // [rsp+38h] [rbp-18h]

char v30; // [rsp+39h] [rbp-17h]

char v31; // [rsp+3Ah] [rbp-16h]

char v32; // [rsp+3Bh] [rbp-15h]

char v33; // [rsp+3Ch] [rbp-14h]

char v34; // [rsp+3Dh] [rbp-13h]

unsigned __int64 v35; // [rsp+48h] [rbp-8h]

v35 = __readfsqword(0x28u);

if ( argc != 31 )

{

printf("Usage ./challenge <each byte of flag seperated by spaces>", argv, envp, argv);

exit(1);

}

for ( i = 0; argc - 1 > i; ++i )

*(&v5 + i) = *argv[i + 1LL];

if ( v6 + v5 - v7 == 81 )

{

if ( v5 - v6 + v7 == 53 )

{

if ( v6 - v5 + v7 == 87 )

{

if ( v9 + v8 - v10 == 90 )

{

if ( v8 - v9 + v10 == 156 )

{

if ( v9 - v8 + v10 == 66 )

{

if ( v12 + v11 - v13 == 98 )

{

if ( v11 - v12 + v13 == 140 )

{

if ( v12 - v11 + v13 == 92 )

{

if ( v15 + v14 - v16 == 38 )

{

if ( v14 - v15 + v16 == 170 )

{

if ( v15 - v14 + v16 == 60 )

{

if ( v18 + v17 - v19 == 29 )

{

if ( v17 - v18 + v19 == 161 )

{

if ( v18 - v17 + v19 == 69 )

{

if ( v21 + v20 - v22 == 163 )

{

if ( v20 - v21 + v22 == 27 )

{

if ( v21 - v20 + v22 == 69 )

{

if ( v24 + v23 - v25 == 147 )

{

if ( v23 - v24 + v25 == 43 )

{

if ( v24 - v23 + v25 == 59 )

{

if ( v27 + v26 - v28 == 146 )

{

if ( v26 - v27 + v28 == 86 )

{

if ( v27 - v26 + v28 == 44 )

{

if ( v30 + v29 - v31 == 67 )

{

if ( v29 - v30 + v31 == 89 )

{

if ( v30 - v29 + v31 == 75 )

{

if ( v33 + v32 - v34 == 117 )

{

if ( v32 - v33 + v34 == 125 )

{

if ( v33 - v32 + v34 == 125 )

success();

else

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

else

{

fail();

}

return 0;

}

Kemudian dari hasil Psudeocode ini kita mendapati banyak sekali constraint yang diterapkan pada soal, sehingga ada 2 cara untuk mengerjakannya yakni dengan Angr atau dengan Z3 solver. […]

May 20, 2018

[EasyCTF IV]- ez_rev – 140

Posted in Reverse Engineering by Putu Krisna Leave a Comment

Original Writeup : https://github.com/KosBeg/ctf-writeups/blob/master/EasyCTF_IV/ez_rev/README.md Download : https://drive.google.com/file/d/1U4dJfiVBo01tXRCPV8lqYBdudIPjD1rc/view?usp=sharing File yang diberikan merupakan file ELF 64bit, dynamically linked, not stripped.

$ file ez_rev

ez_rev: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=eb7a47c52c657a17b5ae730826c4640de86b0dcf, not stripped

$ file ez_rev

ez_rev: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=eb7a47c52c657a17b5ae730826c4640de86b0dcf, not stripped

Ketika dijalankan program akan meminta password sebagai argumen. Jika kita memasukan password yang salah, program akan menghapus dirinya sendiri.

$ ./ez_rev_1 test

successfully deleted!

$ ./ez_rev_1 test

successfully deleted!

Kemudian kita membuka programnya di IDA, mari kita lihat pseudo nya.

int __cdecl main(int argc, const char **argv, const char **envp)
{
  int result; // eax
  int v4; // [rsp+10h] [rbp-20h]
  int v5; // [rsp+14h] [rbp-1Ch]
  int v6; // [rsp+18h] [rbp-18h]
  int v7; // [rsp+1Ch] [rbp-14h]
  int v8; // [rsp+20h] [rbp-10h]
  const char *v9; // [rsp+28h] [rbp-8h]

  signal(2, sigintHandler);
  target = (char *)*argv;
  if ( argc != 2 )
    return 2;
  v9 = argv[1];
  v4 = 1;
  v5 = 2;
  v6 = 3;
  v7 = 4;
  v8 = 5;
  v4 = *v9 + 1;
  v5 = v9[1] + 2;
  v6 = v9[2] + 3;
  v7 = v9[3] + 4;
  v8 = v9[4] + 5;
  if ( v7 != 111 || v6 != 125 || v4 != v8 - 10 || v5 != 53 || v8 != v7 + 3 )
  {
    sleep(2u);
    remove(*argv);
    puts("successfully deleted!");
    result = 2;
  }
  else
  {
    printf("Now here is your flag: ", sigintHandler, argv);
    print_5(&v4);
    result = 1;
  }
  return result;
}

int __cdecl main(int argc, const char **argv, const char **envp)

{

int result; // eax

int v4; // [rsp+10h] [rbp-20h]

int v5; // [rsp+14h] [rbp-1Ch]

int v6; // [rsp+18h] [rbp-18h]

int v7; // [rsp+1Ch] [rbp-14h]

int v8; // [rsp+20h] [rbp-10h]

const char *v9; // [rsp+28h] [rbp-8h]

signal(2, sigintHandler);

target = (char *)*argv;

if ( argc != 2 )

return 2;

v9 = argv[1];

v4 = 1;

v5 = 2;

v6 = 3;

v7 = 4;

v8 = 5;

v4 = *v9 + 1;

v5 = v9[1] + 2;

v6 = v9[2] + 3;

v7 = v9[3] + 4;

v8 = v9[4] + 5;

if ( v7 != 111 || v6 != 125 || v4 != v8 - 10 || v5 != 53 || v8 != v7 + 3 )

{

sleep(2u);

remove(*argv);

puts("successfully deleted!");

result = 2;

}

else

{

printf("Now here is your flag: ", sigintHandler, argv);

print_5(&v4);

result = 1;

}

return result;

}

Setelah itu kita dapat […]

April 5, 2018

[DEFCONCTF Quals 2016]: baby-re – Static Analysis + z3

Posted in Reverse Engineering by Khallisa Mediana Leave a Comment

Challenge: Get to reversing. File. Pertama, kita mulai dengan menjalankan file.

nacl@ubuntu:~/Downloads$ ./baby-re

Var[0]: 1
Var[1]: 1
Var[2]: 1
Var[3]: 1
Var[4]: 1
Var[5]: 1
Var[6]: 1
Var[7]: 1
Var[8]: 1
Var[9]: 1
Var[10]: 1
Var[11]: 1
Var[12]: 1
Wrong

nacl@ubuntu:~/Downloads$ ./baby-re

Var[0]: 1

Var[1]: 1

Var[2]: 1

Var[3]: 1

Var[4]: 1

Var[5]: 1

Var[6]: 1

Var[7]: 1

Var[8]: 1

Var[9]: 1

Var[10]: 1

Var[11]: 1

Var[12]: 1

Wrong

Terlihat bahwa program meminta 13 variabel. Selanjutnya saya mendekompilasi program tersebut dengan menggunakan IDA:

int __cdecl main(int argc, const char **argv, const char **envp)

{
unsigned int v4; // [rsp+0h] [rbp-60h]
unsigned int v5; // [rsp+4h] [rbp-5Ch]
unsigned int v6; // [rsp+8h] [rbp-58h]
unsigned int v7; // [rsp+Ch] [rbp-54h]
unsigned int v8; // [rsp+10h] [rbp-50h]
unsigned int v9; // [rsp+14h] [rbp-4Ch]
unsigned int v10; // [rsp+18h] [rbp-48h]
unsigned int v11; // [rsp+1Ch] [rbp-44h]
unsigned int v12; // [rsp+20h] [rbp-40h]
unsigned int v13; // [rsp+24h] [rbp-3Ch]
unsigned int v14; // [rsp+28h] [rbp-38h]
unsigned int v15; // [rsp+2Ch] [rbp-34h]
unsigned int v16; // [rsp+30h] [rbp-30h]
unsigned __int64 v17; // [rsp+38h] [rbp-28h]

v17 = __readfsqword(0x28u);
printf("Var[0]: ", argv, envp);
fflush(_bss_start);
__isoc99_scanf("%d", &v4);
printf("Var[1]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v5);
printf("Var[2]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v6);
printf("Var[3]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v7);
printf("Var[4]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v8);
printf("Var[5]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v9);
printf("Var[6]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v10);
printf("Var[7]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v11);
printf("Var[8]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v12);
printf("Var[9]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v13);
printf("Var[10]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v14);
printf("Var[11]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v15);
printf("Var[12]: ");
fflush(_bss_start);
__isoc99_scanf("%d", &v16);
if ( (unsigned __int8)CheckSolution(&v4) )
printf("The flag is: %c%c%c%c%c%c%c%c%c%c%c%c%c\n", v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16);
else
puts("Wrong");
return 0;
}

int __cdecl main(int argc, const char **argv, const char **envp)

{

unsigned int v4; // [rsp+0h] [rbp-60h]

unsigned int v5; // [rsp+4h] [rbp-5Ch]

unsigned int v6; // [rsp+8h] [rbp-58h]

unsigned int v7; // [rsp+Ch] [rbp-54h]

unsigned int v8; // [rsp+10h] [rbp-50h]

unsigned int v9; // [rsp+14h] [rbp-4Ch]

unsigned int v10; // [rsp+18h] [rbp-48h]

unsigned int v11; // [rsp+1Ch] [rbp-44h]

unsigned int v12; // [rsp+20h] [rbp-40h]

unsigned int v13; // [rsp+24h] [rbp-3Ch]

unsigned int v14; // [rsp+28h] [rbp-38h]

unsigned int v15; // [rsp+2Ch] [rbp-34h]

unsigned int v16; // [rsp+30h] [rbp-30h]

unsigned __int64 v17; // [rsp+38h] [rbp-28h]

v17 = __readfsqword(0x28u);

printf("Var[0]: ", argv, envp);

fflush(_bss_start);

__isoc99_scanf("%d", &v4);

printf("Var[1]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v5);

printf("Var[2]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v6);

printf("Var[3]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v7);

printf("Var[4]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v8);

printf("Var[5]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v9);

printf("Var[6]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v10);

printf("Var[7]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v11);

printf("Var[8]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v12);

printf("Var[9]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v13);

printf("Var[10]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v14);

printf("Var[11]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v15);

printf("Var[12]: ");

fflush(_bss_start);

__isoc99_scanf("%d", &v16);

if ( (unsigned __int8)CheckSolution(&v4) )

printf("The flag is: %c%c%c%c%c%c%c%c%c%c%c%c%c\n", v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16);

else

puts("Wrong");

return 0;

}

Disitu terlihat ada function CheckSolution yang tidak dapat didekompilasi secara lengkap. Hal ini disebabkan karena return address yang hilang/ tidak ada dalam frame. Kita dapat memperbaiki ini dengan meng-undefine function tersebut (klik kanan > undefine): Lalu […]