ctfwriteup.com
Search
K

Puzzle 9

Puzzle

############
# Puzzle 9 #
############
00 34 CALLVALUE
01 6000 PUSH1 00
03 52 MSTORE
04 6020 PUSH1 20
06 6000 PUSH1 00
08 20 SHA3
09 60F8 PUSH1 F8
0B 1C SHR
0C 60A8 PUSH1 A8
0E 14 EQ
0F 6016 PUSH1 16
11 57 JUMPI
12 FD REVERT
13 FD REVERT
14 FD REVERT
15 FD REVERT
16 5B JUMPDEST
17 00 STOP
? Enter the value to send: (0)

Solution

Pseudocode:
mstore(0, msg.value);
hash = sha3(0, 0x20); // hash that msg.value
if (hash >> 0xF8 == 0xA8) {
jump(0x16);
}
The condition hash >> 0xF8 == 0xA8 means the MSB of hash is 0xA8. In other words, in this challenge our task is to find an integer x such that hash(x) begins with 0xA8.
Write a simple Bash script to brute-force msg.value:
#!/bin/bash
COUNTER=1
while [ $COUNTER -lt 1024 ]
do
echo "msg.value: $COUNTER"
printf "$COUNTER\n\n" | npx hardhat play | grep "Puzzle solved!"
COUNTER=$[$COUNTER +1]
rm -f solutions/solution_9.json
done
The answer is 47.
Last modified 10mo ago