blockchain/evm-conditions
463 points
Writeup by Aryan
We are given some EVM runtime bytecode, and we need to find the value, in hex, to send in order to make the contract STOP and not self-destruct. The bytecode is quite long.
5f600f607002610258525f60056096046090525f600760090A61FFFA526105396126aa18620bfabf52600361fffa5102620bfabf51013461025851600402016090510114604857ff00
We can decompile the EVM using Dedaub, giving us some Assembly code.
0x0: PUSH0
0x1: PUSH1 0xf
0x3: PUSH1 0x70
0x5: MUL
0x6: PUSH2 0x258
0x9: MSTORE
0xa: PUSH0
0xb: PUSH1 0x5
0xd: PUSH1 0x96
0xf: DIV
0x10: PUSH1 0x90
0x12: MSTORE
0x13: PUSH0
0x14: PUSH1 0x7
0x16: PUSH1 0x9
0x18: EXP
0x19: PUSH2 0xfffa
0x1c: MSTORE
0x1d: PUSH2 0x539
0x20: PUSH2 0x26aa
0x23: XOR
0x24: PUSH3 0xbfabf
0x28: MSTORE
0x29: PUSH1 0x3
0x2b: PUSH2 0xfffa
0x2e: MLOAD
0x2f: MUL
0x30: PUSH3 0xbfabf
0x34: MLOAD
0x35: ADD
0x36: CALLVALUE
0x37: PUSH2 0x258
0x3a: MLOAD
0x3b: PUSH1 0x4
0x3d: MUL
0x3e: ADD
0x3f: PUSH1 0x90
0x41: MLOAD
0x42: ADD
0x43: EQ
0x44: PUSH1 0x48
0x46: JUMPI
0x47: SELFDESTRUCT
0x48: STOP
We can simulate the assembly by hand and create a trivial Python script to get the flag. I won't include the entire process of simulating here because I'm lazy. But basically, the final equation we get is 3 * (0x9 ** 0x7) = 0x4 * 0x690 + 0x1e + CALLVALUE
, and we just re-arrange to find the value of CALLVALUE
that makes the two statements equal.
Attached below is the final equation.
print(hex(int(3 * (0x9 ** 0x7) + (0x539 ^ 0x26aa)) - (4 * 0x690 + 0x1e)))
Flag: n00bz{0xdafba0}
Last updated