/bin/xia
and 19 others
boosted
Hexdump of the binary. Next to the hexdump is a textual rendering of the binary, where we can see that the last 20 bytes of the binary are the string "What could go wrong?"
![A screenshot from Ghidra with some disassembled x86 Intel-style assembly code. The disassembly reads as follows:
entry
LEA ECX,[LAB_08049086]
XOR dword ptr [ECX]=>LAB_08049086,0x5414070e
XOR dword ptr [ECX + 0x4]=>LAB_08049087+3,0x550a1141
XOR dword ptr [ECX + 0x8]=>LAB_0804908d+1,0x1241010e
XOR dword ptr [ECX + 0xc]=>LAB_0804908f+3,0x711491b
XOR dword ptr [ECX + 0x10]=>LAB_08049096,0x466d4f03
ADD EBX,0x1
ADD EAX,0x4
ADD EDX,0x13
INT 0x80
SUB EAX,0x12
XOR EBX,EBX
INT 0x80
LAB_08049086
PUSH EDI
LAB_08049087+3
PUSH 0x63207461
OUTSD DX,ESI
LAB_0804908d+1
JNZ LAB_080490fb
LAB_0804908f+3
AND byte ptr FS:[EDI + 0x6f],AH
AND byte ptr [EDI + 0x72],DH
LAB_08049096
OUTSD DX,ESI
OUTSB DX,ESI
AAS](https://assets.chaos.social/media_attachments/files/115/877/401/443/625/841/original/0864a1c0bf9b770f.png)
A screenshot from Ghidra with some disassembled x86 Intel-style assembly code. The disassembly reads as follows:
entry
LEA ECX,[LAB_08049086]
XOR dword ptr [ECX]=>LAB_08049086,0x5414070e
XOR dword ptr [ECX + 0x4]=>LAB_08049087+3,0x550a1141
XOR dword ptr [ECX + 0x8]=>LAB_0804908d+1,0x1241010e
XOR dword ptr [ECX + 0xc]=>LAB_0804908f+3,0x711491b
XOR dword ptr [ECX + 0x10]=>LAB_08049096,0x466d4f03
ADD EBX,0x1
ADD EAX,0x4
ADD EDX,0x13
INT 0x80
SUB EAX,0x12
XOR EBX,EBX
INT 0x80
LAB_08049086
PUSH EDI
LAB_08049087+3
PUSH 0x63207461
OUTSD DX,ESI
LAB_0804908d+1
JNZ LAB_080490fb
LAB_0804908f+3
AND byte ptr FS:[EDI + 0x6f],AH
AND byte ptr [EDI + 0x72],DH
LAB_08049096
OUTSD DX,ESI
OUTSB DX,ESI
AAS
A sticker with a big QR code on it. In the center of the QR core is a white rectangle with "i386-unknown-linux" written on it. The QR code contains a 154B sized ELF binary.
9