# self Self was a rev challenge written for angstromctf 2022. This challenge contains a VM with one large memory region from `0x000` to `0xfff` for both data and the program. Each memory cell contains 4 bytes, with the first byte being read in as an instruction, the first three nibbles used as the first immediate, and the second three nibbles used as the second immediate as seen below. `0xIIaaabbb`. This VM contained 11 instructions: - NOP: `0xff` - HALT: `0x00` and any invalid instruction - MOV: `0xd6` - LOAD: `0xd8` - JUMP: `0xa6` - JZ: `0x69` - ADD: `0x16` - SUB: `0x17` - XOR: `0x18` - OUT: `0xf6` - IN: `0xf7` The program consisted of a nested loop which ran `XOR` on two blocks of data at `0x869` multiple times. Due to the nature of the VM, the loop directly modified the data in the `XOR` instruction, as there was no way to change references. At the end of the loop, the program counter would continue into the data section and run the code within. The code within is a small loop that loads data and prints out the flag. However, the nested loop takes too long to run for ordinary computers. By patching the program, the `XOR` would only run once, which made the program print the flag. The patch was at `0x00005080`: ``` 00005080: 00f0 01d8 ffaf 01d8 54a0 0169 01a0 0117 ........T..i....¬ 00005090: ff9f 01d8 5090 0169 0190 0117 ff8f 01d8 ....P..i........¬ 000050a0: 4c80 0169 0180 0117 ff7f 01d8 4870 0169 L..i........Hp.i¬ ``` The loaded values can be changed to `0x001` to be run only once. ``` 00005080: 00f0 01d8 01a0 01d8 54a0 0169 01a0 0117 ........T..i....¬ 00005090: 0190 01d8 5090 0169 0190 0117 0180 01d8 ....P..i........¬ 000050a0: 4c80 0169 0180 0117 0170 01d8 4870 0169 L..i.....p..Hp.i¬ ``` By running this program, we get the flag. ``` actf{the_flag_was_you_all_along} ```