# EmojiVM > ⏬😊⏬😍❌⏬😊➕🆕⏬😆⏬😍❌⏬😂➕⏬😀⏬😀📥⏬😁⏬😍❌⏬😀➕⏬😍❌⏬😄➕⏬😁⏬😀📥⏬🤣⏬😍❌⏬🤣➕⏬😂⏬😀📥⏬😀📝 We have an binary that takes an file of (compiled?) _Emojilang_ (I just came up with the name), interprets it and executes (TODO: what is its correct term? interpreter?). There are three challenges for the binary - we will only describe the _reverse_ and the _misc_ part as we could only deal with these two. The objectives of the challenges are to: 1. solve an crack-me challenge developed by _EmojiLang_ (the reverse part), and 2. implement a multiplication table with _EmojiLang_ (the misc part). ## Solution ### Part I: Reverse engineer the interpreter (TODO: the term) To have a taste on what _EmojiLang_ looks like, let's look at a segment of the crack-me challenge: ``` 🈳🈳🈳⏬😅⏬😍❌⏬😀➕🆕⏬😀⏬😍⏬😜⏬😍❌⏬😂➕⏬😜⏬😍❌⏬😂➕⏬😜⏬😍❌⏬😂➕⏬😜⏬😍❌⏬😂➕⏬😜... ``` We are amazed. But we cannot solve a challenge by simply being amazed - we need to understand how the internal works. For example, what does 😂 mean? With the help of IDA, we have the following map of operations: > 🈳 nop ➕ + ➖ - ❌ * ❓ % ❎ ^ 👫 & 💀 < 💯 == 🚀 jmp 🈶 jmpi 🈚 jmpn ⏬ push 🔝 pop 📤 getm 📥 putm 🆕 new 🆓 free 📄 scanm 📝 printm 🔡 prints 🔢 printv 🛑 return 😀 0 😁 1 😂 2 🤣 3 😜 4 😄 5 😅 6 😆 7 😉 8 😊 9 😍 10 These emoji can be consider as opcodes. Examples: ### Part II: Reverse engineer the _EmojiLang_ bytecode (@harrier) ### Part III: Let's learn to program in _EmojiLang_! At the very beginning, we tried to use the naive approach: print `1 * 1 = 1`, `1 * 2 = 2`, ..., up until `9 * 9 = 81`. But then the size of the bytecode would exceed the limit. To reduce the size, we do need to make use of the control logic: `jump if`. We have also developed a hacky script with Python to build an EmojiLang bytecode. With some manual patches, we do have a working bytecode. (why isn't the naive approach working - too long) (the py to emoji script) `hitcon{M0mmy_I_n0w_kN0w_h0w_t0_d0_9x9_em0j1_Pr0gr4mM!ng}` ###### tags: `HITCON CTF 2019 Quals`