| ZWARE |
(Thanks ia)
Zware.exe — Solution
The binary implements a custom virtual machine. The instruction set (xor, shl, shr, comp, ret) is registered in a global `std::unordered_map` by `sub_140001000`. The VM program is stored as bytecode in the `.zplus` section (`byte_14000D000`, 35 bytes), which `sub_140001480` decodes back into instruction names and `sub_140001900` parses into tokenized lines.
The VM engine (`sub_140001E10`) takes the user input as a byte buffer and applies 10 sequential transformations before comparing the result against a 21-byte target hardcoded in `main`:
```
XOR 0x5A → ROR 6 → XOR 0x5A → ROR 6 → XOR 0x5A → ROR 2 → XOR 0x5A → ROR 6 → XOR 0x5A → ROR 2
```
The target buffer (from stack immediates in main) is: `80 A8 D8 BC A4 84 4C 14 34 EC 00 14 38 D4 D4 14 58 EC 80 8C 9C`.
To recover the flag, I applied the inverse operations in reverse order (ROL 2, XOR 0x5A, ROL 6, XOR 0x5A, ROL 2, XOR 0x5A, ROL 6, XOR 0x5A, ROL 6, XOR 0x5A) on the target bytes.
**Flag:** `zplus{I_WaZ_Too_Lazy}`
|
2026-04-18 12:19 |