Let's take a look at short assembly puzzle from the ACE labs.

  AND       eax, 0                    
  CALL      $ + 0xA                
  ENTER     0, 0

  ADD       eax, 0xC829
  BSWAP     eax
  SHR       eax, 0x13 

Besides this snippet there is just a textbox were we can enter our answer.

Just looking at intructions we see that some of them are going to be skipped due to CALL. The $ is NASM evaluates to the assembly position of the line containing it. In our case this means we are going to jump 10 bytes from current address. We can compile this snippet using nasm.

nasm -felf64 snippet.asm

And decompile it using objdump

objdump -dw -Mintel <output>

to see hex representation of assembly.

  0000000000000000 <.text>:
   0:   83 e0 00                and    eax,0x0
   3:   e8 05 00 00 00          call   0xd
   8:   c8 00 00 00             enter  0x0,0x0
   c:   9f                      lahf   
   d:   05 29 c8 00 00          add    eax,0xc829
  12:   0f c8                   bswap  eax
  14:   c1 e8 13                shr    eax,0x13

Jumping 10 bytes gets us to the ADD instruction. Since EAX is zeroed out at the start with AND instruction, this will just put 0xC829 in it. Bitswapped this becomes 0x29c80000 (since we have 32bit register), and once we shift right by 0x13 we get 0x539. In decimal this is 1337, which is also the answer to the puzzle.

print(hex(0x29c80000 >> 0x13))

We can also just link the file we got from nasm and debug it.

ld <nasm_output> -o <output_name>
gdb <output_name>

In gdb we can put breakpoint at first instruction using starti and continue stepping one instruction at a time using si until we reach end of the snippet. If we look at value in rax register at the end we will see same value 1337 (layout reg enables register view in gdb).

Debugger view

- F3real