From b9492db7035fb9b71604e1f094aa83be886e7d55 Mon Sep 17 00:00:00 2001
From: nganhkhoa <mail.nganhkhoa@gmail.com>
Date: Mon, 14 Dec 2020 01:25:00 +0700
Subject: [PATCH] add inctf 2019 easy-vm

---
 2019/inctf/easy-vm/BIGbadEASYvm | Bin 0 -> 22648 bytes
 2019/inctf/easy-vm/crackme.i    | Bin 0 -> 29400 bytes
 2019/inctf/easy-vm/run.py       | 259 ++++++++++++++++++++++++++++++++
 3 files changed, 259 insertions(+)
 create mode 100644 2019/inctf/easy-vm/BIGbadEASYvm
 create mode 100644 2019/inctf/easy-vm/crackme.i
 create mode 100644 2019/inctf/easy-vm/run.py

diff --git a/2019/inctf/easy-vm/BIGbadEASYvm b/2019/inctf/easy-vm/BIGbadEASYvm
new file mode 100644
index 0000000000000000000000000000000000000000..a0bd4be60987a576cf483fbee22eec0d4d1b7fa3
GIT binary patch
literal 22648
zcmeHvdw5hu()URSkRWE*6%`R*CM&!zs1p-FKNOG&Wb}+C5QQizn1ql(z70usGEwl|
zNMa@~$3e`x;^K92b-nDWn^n;{UJ?Ro5HEy_$O>vi&^a0)z;Kb<yuYe*dZuRx?*8#U
z-}C*!$urZZtE#K3s;jH3`<%=oSI)JG2?>h05|wKds&)2uGRXW^l)#N#wP0hF6ve4r
zs0>#60Fs1{lQC49ccMIEu@+^rMb`@@wHupg0>&mf`9_pOOt2zKAt9B$Eu2|6t(sZR
zu&Sa|6g%Uo9m%Rp;VQ~P^TsL*Ejc=G>2DF(xg;>P8(_5?V9|@R(-KUSLO;@tKGQ9}
z(-WPjQQb*}B~`Q}TDtOfdFRl5(>Si8bn=ZTldS$CrAemTh<2=>RsUDT0E^%ztH0CP
zMX}@;rPaN1d3o9FE5}@3KF3jBR#CISv0&_#jw{EcS68NwV!eq!(Ox$tpL?S57OV(B
z^?vyD#U}+HVK?0JCHfJ5BE~_CJ>kX2YVvOtqe1n{9w;w64g8|hz|T7k{HoKyhn)s~
z3*dHq;xDpaPja4h8n}Y-C?@k?sgx`z^D3p4RV5Wlm8Y!2TdGuhJ>{s)E%6r5EAl9%
z#pRXNB}%EMq-c&(P(UpUs=Y-XZ^8VcvI^z89QUNj1*6hOrC$N;-1(Ii7PbI=CrW>2
z&6GR=qe0^#{HkVf8HP1cxxqv$-BSzsj(k*%Apwp^aPkFl4azIzTY?c^aoHuf>`x;k
zIQfjYG9<W|V}u(k!R2}5l;E;YsuG<1Ra|OASF-Bw{qps8MQvQ=O$>La4euqd5ojfR
z#h-x+4}TWlwxLekQGFiajm|Kx;g3<BR5Uuc{t(qkHDeXm@25JcWHfXAUaFHS#tN?A
zO?5J<(ZqER)k!6z4)x64Zf(OIs<uOI*x8*o-QB*b>T0K=wznx<w0HD@Oy_>*wksjq
z&}>CHu%<NKHq?ja3d@@xD1_$f1pd}`dCw0JhEzR!Rx1I+o!oBLno=%X2$rwb@39)F
zZ6|xFTDRI3oTw&zpl&$nJvYMPtSARXw6B}+A!Jc%&d*o1UBP>x!3VwH1SDbB8cRO1
zVpK*VoAslH&P|!AuGV*TL&$blh-B4jyH%|w=&$Y8YLB$Ln)fu%Smt*%Yi;!g-D<9v
zwA>eLzF9E2LG*stOO8)&)PQ)_=9?`;H>jmgYOWPF-@zn__LZaSpV3@T*nAT(2oVnL
z`=5SRb1k>|zQ)i+plzRQ1N32=Z-dPDtx<QprMa4Hz8abD=!6mNnrn&8_ZyjZ<g{zH
zYOcjL-(O|EyWY*-uep3S-yj)!&uv=)t+V+uWxhMgJqNYM-@>vs-)Ay;_JjIyt#JV(
zTID_qN`8@`HF_CwzRYUb_H&Z7#wteamRUVton+G*%Na2Nz8x`u_WEZRYmM_vgxum+
zpUuzE8s{(~P44`SCo`|m8Veb5r;Mojx@4@@IFk`0WL7ubmo-jnoWY1^<QBt9X69>+
z(;4v_S*qc;`DSX3d5m~UX7yt4-xq6*IgIF(Tg>>)Bfr)fRYqJSw|M5RKQ7W5vl)>k
zIyXu|5+I}K<XQgwBMnCrZ8>e4tJ$~#D7Dpx*+^Hj66|*zvo@?XI>968KqWw)pp)yU
zZ>0`?_3^J8j{c<jYl5o(o@A|YJjk>M#^PJmmSs>I{TSW5I#j<4G){!4eB7@joSLv-
zZTKNU9l77u(tkk1Pi6iGsC~A-kr-szTx+%5W+MQ(17s}jG;^c2MfKN$)uQAaKiD?x
zNpvT4PqMWP?AvfO-R5F7d}yP#E{m!$8B(;K1Xr!`GJFS%Nvf9TECN%u1<Aqjrm&rA
zyK5~O0Ocym3(#X{a3YxM<QZ>~Z#EoJY_4@A;Q8Fyi_y-u97Sj71)Ytc&JLj-Ou*WK
z`A&1g*oDChI@7_9{OK(kSC}ZEHq-_bTQ)OY4HAeI(Au>1!DVoBv?XHWMIZt+?{u2f
z4daJz{!2N6qp9~2YSsFFRFoUgHCmc3H4MTSWz4uX5L^MK{-oh`Xs)@AgNQuUxSrUP
z+vqei{rSfmjwV>XaXF!A%IFj#7$w|hAfYHA=`_nNR5lOAPcWZ}qA9{C=*XzAfC@f}
z#X)nuj{a$48|w(R>)aUF8w6{!$H4v!7~0UBHy$DUKEyl0q!EAsMM9lsMnmoEqDNQ?
z_UVY)=hB~Ol<YK0%_akCW@Lj7wrPfK9DzTU|In~1p*NM92}3_Tj+BnEYrJ<P9QNmi
zw8kMc>TA{d_bBAgT4SWa{-v?&1J;8&AOkSJqJ0p6<rHnT`ateZRU@~?N2~2nwe_k$
zw<CBv7{fKNQf&R(X9auxuC26EOz~#?O>=#$<*v2)dVzrz&^~rF&b}3h_iVll_+$k7
z(C7VL)?BM>z9boX<-s9uYOZ$xl{wsf#qV0-iZ&nlNrVISjX|>c7C_nv^xmB7dLwAq
ze4Auw^Yr5vVHvaenq+8A>ym8Eg_Z4AneP+Bdf&<`+h&>e#gyyk@yb>!XpKd<3y|76
zu}2I!qBa~gy?(1P8%VV^#oC)7XyqR!ujlm^hBMhcVT>alB(qMc*Vpbm^3~g>V{A2s
z0vCJ*!4LFgL?e}m<A<oz8lEO|c$$Lm973E5kQP}wSx!Y%aA7V&)vd-y&?!c&7Es5F
zwZwRq$O3g$g(wjblJTW|>d)=e`VX%{_M#T&quX3~MSC!pyCYL(=`^S@-OWTpwRKR`
z3R8RNZn1F%$o#HOc(NDVg}Orlg=kQkKx8qaKNE)F%XPSeFE2VlzD!pnC*%C4p=*E|
zD75<3YLEMCjzd@s!>0#D9CU?(`%r0j9jQF9DAVsc;-FG<b=!OtUfH7z$`X;T4nS95
zU>Z?oMf|gF$+|f!KWqB504AuS>SG)J`IjeEN4MI(8dQklhm0TBeR*=*8}0z`VH>{O
zdgjrU_n$jYX?DMbszQ^|{WjexK&$2*fbJHC0qAaBI(g>gdvD)=yZapz7Pj#`^wV4%
zKYS}90R|t-&Ec?H`z$wems{JMn|VAZWp8fEaf0TgeXq9d9Ru1YK$`<vrU>O~Cv!8u
z%S}7!ZrhWQtsMrz3MQxl!RPMGuXD5mIhn_D(hjI?KVGJN4g6y6Y!>iaax=ejYuj=&
z54h8|x!Zmmk<A24m;neH4j?*g%E{d1);8v5u5+hs%S~BF(A>05ARlIuH!*oG$oD~b
z5UzG>9q!ET+>{OOlx~9NrnR}-j6vDjdUWsO?rWgyA&_^t>$_oQMa^87lk$O@vW~!N
z+7{O2VUYUG78H+;JnFCg_;47$MXSo~Su?X{W!;fgK*_R?ts3!{)-R(m`1u3y3^TA2
z5pFxs+PdY{4fj~0OyB6)|5|rP`P~A3t>hYro58z@x$F4!FC4e}UB?|%YOc`FxLr^D
z^RO0>Rd}5YeZTCdKlxoD3d9R;u55r8Yq?!E-#SblD>QaHPNt1oqPc=dfukX}+p)2a
zu~c*IwE3i*vfDAKGkdw_>a_WukU3B<nrpkw*8%M#d_P@#-gAg8HlI(Xed<3CzpA-5
z+kB76(58Zw?;`QC`CgPcguY#}4`XHXg=OfGNohkg7nYOPWN80K|6u3k<PMqdy*Io$
zoR<?Cq=;k}pZ%eWmy;zj^om<QD(B@SD4<3<cm+r{otj8#M94UYP{dv*JsH)DlaG*b
z1nmPPrA{mvm1Lp5BorB3Cp%au$}mF4YC@5HbyAyAW;PQto{zMmL1dJ<7=#ScAozQH
z@xmLTQ8N}0Y(D2ISd2~B9D=2!#L(ptY*#F7Ji#^~&`JD800ur}VS`Q;5gPGLAnpzf
z5T&umy_bh@xD=6>_nX%I$!mq7l;BhFEz>3Yjehe@%O$^PoDaV-UGgh=*ocN*@;KT?
zhV7NtuGzpYX_p;!VNuIQcF8F+ho$A8b+JpnAVc3edCg&V$rCcP_%FAeV3(9OT-}Zf
zstzQvOD>dY|F-By8@ptaEZN2Nmkwr^{G$xrd3MHy?2>c>9Mz)ukt^6GOJ%-+9j(>u
zk~M;sQ-uKW(5X{v)G2ok8P}m{bQDM{V+=q6(nKd=kZV)qPT=e{WSmb(GL%mJ)Q=xd
z!H`Z4ZMn?vFglInw-X?>IEe$izkeg8msF*OTK~p6UXS@`8g9S>&}<CQ5a~3mmH>&C
z0F?Hcj<AgGXmoTkFz-x$(rQD77w|X{iU8_C1X@u5W|4Xp#d6qJVCguAWl3Wlwu&9r
zT)!cRzcz%tpxxEIeD6);{BTZ$&cuy}5DUAsTm(sf)c3j^qei{`FneSr3~Y^Xm*ddN
zg-@|Zj+SZH*WIv^J@PS`wlIDBJM58zW!g`!y9qvxAW5Sd;XCn}i96UMrE`rgNAdT0
zfFelxW!mqb9I~4|a)!+J{YmY;G|IVm$g~r4YWlH98Zz|#VF`oSBR|0~L}a)mzu+<s
zl3&QQWGl|Ob7b0oT+)6E=iE}p+~s)YqQ?q3=cXVM<vag!<k85v9~4mI8T1gi1aO_q
zYz0J$mEFc-LXnYlvMPLy(hxHwb{oGYBuOtLli3lw4GIz_Q>kS?o(A1UCXf*y>?RW$
z|3UOLNIGfLP#ZEmy4&bY2(rCS!wnJ0ErkfQf&@rW87V}dT-#(RwG<+}0%V*Bj}twO
zy-t1z5qep=+)D@=Qk_NxB2e-qL@41_7+D!9L{K9vrItd3OM#3NVUP)e%D|Y0p#&FE
z9})j^oV3`6a{h}mT`S(d0-zc1-50e5t$5$@nx|gGdz^5K(eHNDezj`_$NPL4`gqx4
z>=2QH%t6PNr*u0GUO5+Men>%Rj}(E1SI_>CXBU}10;RrrcG1Qq0^NL3DP+U!+AMQ;
zXLRpho*M5TxwFqeo?S1?93Fo0yBm3S9h0Fqk7&7#XIG-k*Yoo7J9u{8CPOc5saeFc
zYq;QG#(RS6q|DF6d$N`p?@11wM6|+fOuQ%a>13^c74Mm!i1(Z(n*m<LUIbYR|L_TD
zfFi^VINp<TI_Yf*aB95&3r-bUY2bA-@af_`b1VXP>QfHzSbAu!`FT;Scu(UR7w?&G
z3iw776gl3*U+w0ybdnBN=x8bA>HftM%U|hM_^TAzx*clxS2($*)j*6MRtm@ZljmN_
z{z^|gBi?q-^1L$k*XT&!0epbqIyH$I>B&GvCSQp9F){!OUh_S+kH!5t&}m5z#Eu7(
zMYXhJQeKTc1#J&b+5cvk`ld$oO&(z{vh>Y(@G~p~W<GYetiw+a)=gl2ACsXQzIk^h
z>pM<{5<k{Ax?7$Pe1NER>LEton}CYyOZ^xV0a9B>SetY)^8PXGgxIQI{2lMkEnhT6
z+ipbF&w%=u3iVIX-)ZTO!zy#U3yyv9g{A+026y~b=zm<Et#5q!@+#K9UWQUj)}J=+
zk@5bj%-@Ig-z!6Zxw;W2P1qv+UgmIY%Fq!UpRSdmmn<2U&he>M<}m7xjL{sQbQ!ug
z=ZDE0pXlH*BEx;HnfV-_DDjIxQ<r*bHCp}03R*r(3Q&JKA!9~{j@qIlL#8qIp<RG%
zp_7tvF^3j;dibFPU&UcgD~YR<bkQmQDv)s;{{)bj@=}&b%lRo$hefDBg8-?glkF@K
z#Ab-{Y;1oigq?P-Fc&Le(4fQx3`R$N$q8TjniIsx`WCal?wxV&{g(64t#F<Zve`$?
z{xgm=5iA@sv}N+<f3Wi;%1d6uFD8D@&eJT@j+yqsPIjJKVxYrjeb3HQB|{tgo{hv0
zi`zjMBQo?OkIX;7&hwrO4fcK=+aaWm_sbmeH@}VT&{~_%DMN4g=0iI>&mNh>-O0{k
zUfgb%Y3I({f{=&f+F#1h^UmJj;neX?!NJ^LlYMkTvitS5cFMfJCb4z038Rwb{Wa;S
zlc<bJk@weRTAgIDP}2T-3~Z*8IT_W*YQ_6&Zbe!$s<*XqSpr$5{Wa-p?yu>oow-M5
z*c_s}6-ki<<Nfu@$UdCucz^vgp07xBmN(L9#Can(iF#vC`|Cn8o?U~pBQu_TlXbm_
zX9HSlBKej>cC$~WZN^>%E_p(R-jme*KD*?9$k44j)_1T=?v$aS)i1$O5zkZ^N`13S
z#_Zb{jogI2I9&2#*&Qxlwe%-;$sdI~&>H&j`NyyX!6p02v^PI|6uB8(@>3bQ<lxNn
z*(F^vv}xlw>`?Fo;UgJ(O~-^>cFC{|P1)IiIEg0+F){W19khbIZu4!CB`Y3gz^U;B
zVYJNQ56y4fV?IF;P~&~v1xRO|RAg^5Pya*4Ux6}X<kEeJkxWDyM`I-IY@#ueY;V*M
zKN?D%#ElDiGYCnB&`D~wcpzs_{xQqU4f{Y&7{-}Ze()ADhEo^j!6oj{TZr28Qv}>o
zM+POZ0UBbRd?GH;??R&hjfhSrp)M(0OI=d_Cc2#3M&}hA`D41I_6F^2&?R+b(7rD~
zeyP&{T3w2C(nClZLY?gWFS?|s!y(QhVzs39hBeoyBQe)3Be1QbbFC1Oe<e0CvF}GT
zbXob+r+dYG`}?>@23t$OsHrEO7E8bn5IGWlojY&VdA`wl7lD>-9Q!5Dw^WD_ff7HS
zZ&%8+-yV4eIRWNdOs+Nj?bcB|-^v6nKgkIYT&E^6-q#Ew)B6TM`c@_)$)eu3lqe9`
zl;EB{f`XKaQecBA`6p>$+zL<+YdCF2{R7QYnon^KuYI0&xM6=dZ9~d>qUI%jeB8!@
z`K5rLnXXeN_cWe_%jb!f{ii@aGu|2Jwm)jwpKgWy7l2E|rnMU`Si$y>$*3NF<E+24
z{prz4gm&^_{X4dQwG0hy^dDjSZ<3*d%Ada=&i?NJA0W6+oyOSzX`oE|H|>UXnTUFe
zT6Ymqu>C6{6eMMoViqW(@qwf=t_SEe_P6~#dUDrePQ?sj4c^QKH_yYcKeFuoRhO{$
z)LolaS@xz|VegpzQP!#<pRv7ZS&UfruTKv_WX66z#)oHT-Hix}{d{D{VJt+e08#72
zD8`1gb&BdwZH*f&{W%Jm`uYc&2bH<owGICK?VEN)JkE4TaIj`QbBHy-Q0yI|=NUr(
zABFylZyPzp(*NFG$1ttU{Su9PL{p++{bT0vjP?7?{b7v$!RCu*v;NVnob@Maosd7H
zKMC;f=zsLI`ZI^0(?2gJ-)(v7catsU-PO-G3gu&t$ZK{dnv<<t4r{HmcfZ1eAM-rv
zh8vH6!^+cmM9lY^=UOx0m5xfg9UWh;#KsEGlRlG8{mA1_;ph>`Ma=O^PI&%APA-nh
zv?M(z7cs%%#6OM!isWLsOnZm+;dG5QOELNG5Z}rIPA=Y+X=feED?c^gEouoZ<m6(2
z(9O(uNe`U_<bmxk=es0|PTDi-Y&qX0bL(VUMy1O6E_I}n3>HetcgZ?B3C*ap<b0P~
zk(P|=*K@v0qh{v2??MSPXJr`YyBcyo3C8*EuA~^4neRsOVs2}#!8G<_4Td!-6JT`I
z8+*!kMf?wn`M9*pE!N+bXHUK)TrwuoKh@{>t2`f{kcVy2=c`)SB|ny-#E)IlE<@8(
z3KntvzfM36TFV0j*QsB&qR8`nK$(&LIh@<HG7-rTjpMUH5shOci7^$RxHxXbv3eu;
z&ne3jHq^IK8JWxR$8yXiYCT##zvW<F2hL*unt}Pe8B4Rdc>eePZLeGNnQn#gVuJbj
z`|rYB!e)Wi{>U8l7Bo&`<I#hg2=uD{ojGj0=wTPFSOMap6Vfu1>7tW>Qd=(_=S0bG
z@Tr^m4L;ZQU<K~f*4!w{0YEDva~L5Yn1@O<MHmNYX%jtfgl_akgQ;8BlE)vmbQ=)r
zzE9|OfxKZM8rJPQ2oTZ2(Kq*xtXs_7?{91Q6YDln%xBuLJaKaP3+xyV%h37*m3Rde
zvFeb_clUve{v4}fINW=C%~c$${vgv1``tfbUu=Y8WT^hHk%&r&RWT0_dwK7?nPb%f
znZx7nueyz6)eHeOu7HdI>Q5&XF&6blSKOB%o&wTgQPd}?D}xS!0;G&i+~TtG@4;7C
zT)b=+B4UFc83jlxos1T@f1orpK&H@1M<6>eWMbx!4dQr8?^w7()Xt~?5uyckV9-Pg
z(D>>!5>{8@K*(isqrH&7Kc@t}Z=K+}Fk!8OipU#sA!=_7Vy+@FVD%BVtcM)0;SlK5
z^HfMmyiI>=?l*dm<!^K={4HiK4W7R)h5aq&k??cIic8qvrl7xw7y7pBnZy1@2@XSz
zYjGDKYMmIxgq%x(iVhyNjZ=t0QH5@zNfUoQJPiro3}Jp(sNL1I_!GUwk4K+)3i?7r
z%R`V|%S8s)5q0*UBfHmeAdtb$lc5bWk{{)Xu}y}mKV113PmIAb^owD~kcndv|66o&
z1|1(?z70oYcq!x|q{Nn4f)0|1Cx&$D8g#sJ;0PiECdSP&hX<YKB=W=v%Ds(S{5$NL
za6*tP^G#awBqkgVt=<#n##_LS{{6m1K*I?^n+&~R*@`KALeM4m_OAVfTlj?FxJ<k6
zo(;d{6N1RuvGFxp1;`RQb?VO#Nz<^)Xam+f)G7N0F^@=eGO<`Zx{N;&1wKmfx(Edc
z8l|WO7EkIxf})EQHvTU_0WyeA0~s?XyNp~ylKeUi8<rgkqy91M-Ss~tP4#R~*k8Yz
z${114JGGl$0Era}C2#OB_jn4LZ0p;8cwp{YtY!w4YVkf*OFBsJ6jC$!*^k=RX^(4a
z4Dnxc4K0LJN=>08d5h7AaSqVv=wx<FN%It;%OLj*kgMtBEtwmkAFDZ@rOVPfvPO1m
zTSlJDO6blWxjIHsI=YRsCpoYhxMO<CZ6AI$cL4q`gcc|Dt@pMRez>F8^~=;2R26z1
z4KJOM_Sx3Fs&DVQ^ou>&3GMZJ=_aRm{S<%yPe_0Bows%F%>AnNshYV3@4TrgTNs+Q
zFLLNHo{x6gz8|C(f1U$6e)Dak8(V8Nv(2sH?YlMZv=4K%O={X2HEmsP%13I-CU@qx
zoRls6I$TPdn)azX<v_exdmRhD$tJPd=|(MX&(VgwPh!EgWKm<J=}c_ri};=r{D^<i
z;~p%CcnxUA?Z`aZ@p}3x@rCx2a?I@7GwiJSR(L6|Pj40BWjc68CVWQiIltoYGE;_9
zOAas5$4s{YA0TR-c*U-6T?S>MYU`qCMzQT9DWf=v3i%(6l<H4n#Z`oGyw^@DQ7$zd
zV;Oy%)I{%k;;l$}-81Kb;d{=pBg1;YLFKe8?Sxx9lrwS{^i5XVPV@@eh<)R3uRU{{
zc)u`5JDQ^%%GUN~g$Hg|8`dPKSAALY1Nut7eU^9|aZOXS!vkv|Kk>8vODX|R(A^cq
zl^#z?vDaQxT{O3(pK^<*vSO~iw5+_u?p;^~fM>RH`z5pN*Ak?((lfuvYp<yE+N(VH
zFE>xWD1&~=O(otMPlf%?qH=o%x0zPr^_GEKO;x`rk84lmLHylQ?Oso1&Fu0LCXH76
zDZ`7Eev=`Ur^tJ^ePLyd$6i)ZRpYhaRa9;F&Vy9tMRS#Y(<<kec;}(J|Ejj%MM^Lq
zm&a4-vCk{2n1lb7oNJ$&H+gEd%YOCnIi^Ie1@nq(s=Xzs;(y&P>@|+km7%!r_%IwU
z#C_hnaM+Hr4rLBXCx(GeSo1c7!_T6$Bad7~c$C`-z6Em@0c-`zAt;s4!(sYA+opep
z!}R~C&h6oF70SA=!{H?;Gj@c-FQBx48xFrm<<4-p6J;SDQ65Lxja>@;V^JYaPsX6^
z#Hmgm$~>IEl~alMu$W4m20u%9oZ_!SX~zr5+fgcbl6C}T6`ocO#Ky{rr?wd=S0Ee7
zL0N_Lp8lh)6J;|>x(1qsl5qD;O2UEx2^aS7o7|MpcfbI^hu|{;wxMK!uAXVl|3xI)
z%Rmb?_!@@q41DIT4TtLpk~-kp)IrzV&blkPPMJ7(+$E!j{ffYpMp4GujJCb;@I%Q;
z9dKXb<g@9PaI{}|c6~TZ%UnFJ37{Dp!(p1~GR}_bOZYqi+**uN1m|w(yQI$py_Y6E
z*o$~~;6r<e$tWW<xFuW{KEDNS8p?QFGI*{6&fkMf!+;wDKX|DJoD;aU@Qn#HR&jdH
z1g;DI(o?$yz>yE_=s_0RM@;Vwhv{K!JkMs}#$w5z(1R==12+?X*pm)H;5v4N!*hF(
zlm5|Sm=O;DH)!JfvjeyI2l#3axbeVk|1lgs(Sw}y(%CBbd`~zpaL-~M^dx5!aDy->
zuIiybvg3HnldpQ{Z!K`j{&1N7=`dagdTcd46b`THp&k7*bu#AKG@3hN{9Fy}OGALm
z!F+o^u3a|jW66$qv89A?lTrsfm^dkQ(9&M6RQm%-lTt@4>8++_+}B4<9ox`1H`VD$
z9h;S!k(D}PQmP$vpr4eQ%>VCO2R<Xfhr~W}ow2|f3!JgQ84H}Tz!?jivA`J%oUy<e
z3!JgQ84LXXX@OOJoGe(ARnnG~E>ZS3tBSL?lkd*9>fWo(`UO^9{GQr{Rz2A&2aEcY
zLcXK(7`g<Wwybn5NOV%696TAWq%x4`q$2WLQEPjdbvl2cYipvD3jPf-Dog1L*I8!4
zXC-udu2mNWZF%|1E964#Szj=rk+USc+sfDZR=GUM$#()i&#DVO=uC;O6tjr*k0UMC
zN44m2`pR`-UmO!~J>9}v&HtYj;&<%gJG|2x@B6Is5vzR8D&Mfm53F*FRmStVZt~=-
z?IZGM*Hn0G?EfcyOnQbRvxaM#_hgPu&lr=QInsnHQ)idfR2LU{D?N^!oSSp)#pOjf
zExohEQ(abBVMojKOuK!=?4s(DId%Zz$(aDB`{~v5@Ox+8qS;D1e*CP&Q>CQithgjS
zYm(dH#UX9_+=`m?c}3Opl=L|ZE2<aHH%qU_#8~~sR0@Fel#~}y1M9A;+)MoNOKa)g
zk_GrKMFqIZIYr(gCB0-`L8+%`eo4W+IcO_tW{ZL%kEdv%*+Sfdanby;V)R-GUieDq
z4oqgVtE-jt;>!8+ODgEt@qgu_c|txY{C{ks6Se5?F^YN0Kzs>*74>s)(-$AnetM!4
zHTr!+E)=_2M83s57l7fop~twQy_o+CEWmh+kZ9-<^Gxtb0}RK?m7=|f7Xb?(<d1L9
z%<x5L$7BQ1Uc{5F7NFZA?1PeY7yS>i;G<DeED`NRd|GP-m{N;Q6!G?>m**%Ji1uRs
zr&|h&Gi@QipcAEv_7qzpbt`_TR(reEalHH%SfSq?BvR2{#54Y7Ilx6c6aB~QUu3nP
zgpw{1AD3JGzhHuSjL*Y;eEVMmMm8b&=o0IT)9O&fT@!1{D(<Ny`^xPLt@u-DwXY*0
z=^9|&i}E+9%k4X@_MKMyhsH>aaVy#h=v{H`#d_$y+N2QcfS|X`BC1NQ)n3@Y?rJCF
z>a6zkGPQigw{HZJNJM+_`=H`?L+Kfke8so_1CVn2<>Q@9zTBF4^!!G?#P|u=lekI6
zCqibe@8Wkv<LO0RlrN&KO=_QPwNIv(M{o%`vlguj_(~wicSQeU9TUIP+G*)8{7bYG
z<47+{6NzXqexI^?DuB2Iomo4z|206!?G-DZQ1Z+cRw0^4^bvA=9M?Y2YM*B{JYD~S
z;YQpLFCl-S)xOYbUzaa3H?u`Nzs~_C`7=y(<Xg0-`5|AHIk^qNV|14YH(335N-(+=
I?FIOM08p)dvH$=8

literal 0
HcmV?d00001

diff --git a/2019/inctf/easy-vm/crackme.i b/2019/inctf/easy-vm/crackme.i
new file mode 100644
index 0000000000000000000000000000000000000000..cc07a7d85c7896d5e3d41e01acdace3e3e8e44ff
GIT binary patch
literal 29400
zcmb823GkP59>;%_O7}$vZ3mG%RFvpnM6D3HH&l{4M}=Iw*4iAI)-e`qX&mF27E85*
zm}Cbz7Q5~&HpjYJTeMhfcAwvGd%V2=^LtG+v;O;kJ@4=P^ZDMN=gEvo$M>IhWZO#R
zCzVRmO0P;~c=hMlO6BnC&xT56a;5k)cAd&G)t?RPRR7tes@rmnzWn`&M!y%5nqT?+
zkVd~3ymj%vs&D8{YV`Zjjeb9+(eEcW`n|E=kVem2Hv0X^>hBY(nN-%T_Up6i@BM4P
zuUFZm*54w}mH%BSyhHGHs|{=VNy4uPj{i2n@i|`j?!vbhK3sTh-oEXx#U;;G;R7EO
z9G^FWqrX!4h~W5aD!dr)+Pr-f&xuo8*LC`Lo9HJ6C;p<~_)ityJ~%$jgpU*cad6^p
z799Vrg=e1V{}_7wEzgOe$7e-wd<FzZ|4DH4=L??@9G|YjZQe(S{+;0Dvs8Gw?rP`L
zx9f{`v!&h0;Pm4F;iHAm4^G^F3D5aQzg+Zx5WaD6^50o_cj2}!dWb&9nYj0do_<+A
z<-FNCyGHz`2Pghc!W)FY7My&C1;_u=;OI{cj{dyh=uZodenD{b*<biV(VrL`|JQ@#
z^NR3J!SPuf9G`MN&z9%QgxmRZx9HmhC$C3>lh>5s=<f=Se%IjWt>2%99v@prR@Y>n
z_%siH@+rrATY0{l@N<F_CpmH66TO|EJBA*g1BDM3Ui9xf^&dW~gOmRY!iy`RuFtIC
z_;e0V+;Y5|%Jaj6<7fRao^>NWSBrn!;N<&KaD43C$aRn2*5Bjef3I+>tNVqX{Ko_*
zpANy%o6qK=&vC|QX6T8V^*?-x=<S~G8+zhyDZE^FzlrC>w|nd;(OW&#GxX$T`{9Pr
zlaJl!wtgGJhq&trw|e+TqQ56NdA=z8RpE1lTU~1B@}TgczmEndPrEnm9vl@u_~&|n
z+j(u{b94BUXSq(Z{^0q6(T@13hwmkN+do4@|3Gl^SwA>&j}Tt_-cjfMqJ`+~eeUAW
zlh1X+KNo(v@VkW{7M%W;^Y&moC$EmdX=mf{Sm^P&UiiMk2L~r^>f!d@cxU*KkDdP?
zir&_v?YClF>((8%et#Ky^4uUe{k88fMa#Nzy9mE8IB|ytC+-))(U<FJi+D~utHUOT
z9zVP9tbV>td@?TncHg!RAM!svI6hX7v<f{w-G$rxyxoJgF0KrJ^33-U_)Vg>^_%Yr
z_~bnT?-BltLlfZ_1;?jcU)c}*mP)%m!O@>2{7m8fgzqo>h2ZqV-nX9<y`2ko-c1T0
z`a3{)_Ln@{i~gbD=obh-HaPj%_@5Pe{LA^zI)>*jOS^{P#J7I`DfIXs5*#0^g9}C7
zbNGVb_}l&RbJ1JfVe7^2%^Xkq^&g3A=T134cK+Kr`Fn};uJ8?mldp}(N1<oD?S1qF
z(Qp5~IQiIqULihhgX7al__W~k%kIrtqMs{#qu}II%yZp!-C4NZcjbC{G1}1&o1b=}
zC$A~Ot&W@?dg3O>f1c>~369>rv)KJ+`@gyPoBrw0(=V%cR*8PG@Q%Uhuf5m)BJ||5
zO!(2k@i(6tp~t^(aD1%4LquP$Q_FW|v?IQqliP)!yjlvk`JWnk;#z&tCG^C#x@lbK
z@wd9o*4J_3V|A_ZoFDQTDE{{fA1OS27#};odW8@AtAmqgxsI-v=YJP&`)W++iEsM6
z=gI3J@ku@Yc0WE8KKR@DYxVT7@F8yDSohws{J#o4`8@vv`K6*iL-^;y%lZF)_ZRt&
z2tUT-0O58%XZ>P6#I=3cM&h0m9G@k^uMlqc+9{&%9GreN2;W8c#lgwne4Z11o>Szr
zL+Ii2gA>=zeH-T&#Am<Y#I<oN*J)pAcT;fky;b;V;rYFQydL~sdg6X5`ia7O1}E+p
z!ST0w7$y4U!XFl1j`sk0Zu7Kh=;_Ct;Pj(iaP&_FN58l5&xL;?{9xgm2PdEFf|HNE
zA6cGXi%*U-agP!GmBLpG&+i)Kf1c=VJ$@ki4T6*ZWx<JCuCLs0Jik`jH4RRjZo=)J
zEaKO_w`T<>pCVFSecoT_?R<GNe9)&4{klZ-R!6=sdV6oR@4L;yhkSYo?<%~U=Pl&9
zeOI&iw%_c0w)czflFuH&ZGPZZkJ!4qM*MAj>^`^ka-#Te8Jzj-Bz!aBcJ7$o-uo;c
ztH14@FutMW|5<S6al7D*Pq}_)#&g;wr(N!U_>Ay@+dY3@=!yG`aQp5%PxQ7P?H+$X
zd{zjzy6_3n+k4jSqPKN7BJ_;2or9N$o^iH+Uv1ye<8OK!&vJcPeQtbt#3$cxgxfiF
zl<0Q~PXDe8PTcvz4-Jmbc;Qxm?I-#Jh1+@BT=WZr)32?9lmC~&(LXEP{O!E9d7Lc%
zeS(vx)d{~2J^AN)z-L70;pO`6CeN+DOOD@@;X__|p2F?luNo*m4+-xPoP6wjxgzxB
zW8=^w^!T?DZs)$$Emp@p9RB2)`x1Vq=&ur9&i~o*oc`H9`6~3pKUert;q8MHH|sd~
z2+?Q$<nvVM;kh31e_QmH=PJ?LJe1=-N!r=@V0D|-5yy(Zoe%l<BaBm@@L`-b68?|i
z_+(so@6hAlRCovB<+$2@xBJu1b$d_VIpWigVZzPF`gfc7>?!;u;W-ZExwq(73hxq}
z`Po#soqNZHo_sn6$Ny)+(Pte2ZykDk%5^a(p3~0iK${<1$H|HRZ;5Mlrv3XjcHa&S
zf8ri2d_r)>!S>al(Br=#I6ijIEE0V=Kf~iWao!J3oGHQ4Tm8Ae=-&%&{_t%>Ph4BC
z*M}aTH-+0hHYW7MwYq1V=*#gwL7rb5oP2G(cL+UsO%`tJ;P%iHcVck-+X?R}e06aA
zdk4pVq;RVnW{7@k;WiE}MW6oU|8D5v8wRIeZv;nwzwmOs*!b-l?TBOVpH`RH`DW*{
z?eo;rza^0;e2?JdpYNsUt**0uU~%mnxgqi)?vUW*`DAeP<-FN<x|gNh`oW1aJ~(mg
zyG#Gj<752h(BprX@SJD--x9su!_7mFPx_NjXVG669KG#Z`);st_>j*);j4lZ_W|Ly
z9?JD%<9B-ak(cd5t0zwtpGShzkK2Ve3r;?72gk?Oo&9~@@bJOk@;NW`#I<=?BKn!a
zy9Xzq4}%le>ZbI^=bz$pi|}&2*gD=S+7ZX{weLW-9_{_}nuyDI6dBb0`@cTITL`!B
zgKb2=FgW=f^}RUbc9!TT3BOFZ?VD+$&wWq+gF{cAR!8&{eYuY8{m|Bn-M70-oNmHx
z{OnwPJbW0BMZ)d9)b4Ye2YX+z`Lz1=LCJGOaOQIx;d=|u@x*7e==%v@TU}#*>xo|z
z;dVdUcw1e)oA`eaob|F;xYd6{L(jNg5FG#P7kWES%YA6$I#=T4`9PekpW&~G&-CEv
ze;1tojSG%G&sBK(<70W+IaZ8Q-Fw9L;bWmEZaLl`%kv+4Z)9CX92*ZiKdnA|O7i@v
z@J_**hj)ULXZzsj?HsUmbYuA7zkP807X(K?DmeO=f}^+fSk80Cr=8W$Hvi2dK6x3p
zIxO?Sr>FR@4o?2(3hx*k|7pSTv2*nh(QgtQ|9Qdj-yk^pgM*_l=j~H@Zs&=Ot9=jo
zO#H_OCtq9Nmxi8x<hg*)T+z1*j=q<0+lS|bo_x9n$3MpteqZSEvAS^o(Bos@$;x?t
zHQEv9Y2j^y6X)jO_<Sk+BH@n+xAXQ)(c6B=eMtWHJ<smRV<Rp;w+3e%GA_Jx=<%`p
z;<?b{W9P`pp~ru5aD4U)j{aA{(OZAZ^<{B#{P44L*y^+AC9k7`(~r%C?=1X|;N)rd
z)K#L-eDIkdddp{Q=;_y@;P`h6j=r3q>*6`>juUS0R|kcjIEM+hzaN+xdh(esJo6;(
zi=wxEK3nw92>(cUIj&YW^pAGr+edg4;jM*lA$&z}#?|Wg_Ms=w3xnfh_4A#gxB2fC
zdg9vqZH_1T<UGU6`N{V;o<AD#;kF<9g`RxB369S);hP1==lS6H*nZn5^!Q8-j!*Ib
z>b}<v7Jh>8$AaUZammN(q;h_C3_sd!Dm?YX-%j*a7f%d5K6ZZRy@bAH_^dtuvqF#0
z^}-hj-&?qyBfk~By+7rAlILmS^MLU4g<JkMkHvbayMFr$e<e8i=RE~)6?*2eT&Grd
zO^bH;*}A(}^t%KnemCJ0g=aqa<T(jn9zNuMiST`c<70eV(Odmlj`uiecckz?2d5wH
zf|IX(pME0r_}D%<L-aQYKR!75Slwgyxt*)`hd=q>BK%t6(}i1|v|H%um(73rqqpx1
zO~rq0>u8{~yC*o~l;=Nr4GKMcN^pE^9jzaFd^!uya}xc*qR;P1=&i2mAU?LA&F4qr
z^Hp%h$IiRAMBg?z{n|^oz5nI>l8@bwbHX3JjdOW^4Ucx@yM=H&pAQxN9l^<KmhjcW
z-w?iCaPqf2_Y}R=JDo&t-?yyJ%I`wtc~|%|KDO@C2ffYXkHeq1Yx_=O?=i{o>n(8}
z4o<#S51l0XrNXn0z`sT4$<xmHV?vLQ)mvYS-rfhMivDon<^H@#p4)q#-6M8y&k%oG
ze|ApVy=wc!-goUBX&!kppMMR`yjlHvYUuHq9UPx7!O`2fc4O%Ac}Mt|;P?*}-dp%z
zf)n>|!gKtITdcdf?=O~TxlT`vcEq=S+xh&c_@qDi4hubeu<$2?lc(LER)5VCAFG3w
ziN1Gm^0)T{TVLbEr<@;)Q$(yg-?rc8hMw_j9h`pHd%o$dZfht0R;Qj8dh)dTuTAL5
zzlZSl!dC_-u6@_ExEqHL`78{Mzl}rB(BsoPI6ijXJuCXz!fpM$Ci?Ed$+KL)Hvi{I
zJ9`i6D*7XYA0|BGGJfMlKT7z!!SUHCIOB1K@YjRmb6{|MY~C!-+POKQn2kzhoywqf
zi+@yFR*IL(;!l$`{~f;{#CKnl*XZichMG^ahD~ZeYyaKDTHQLfQt42AKH>k*CyZS4
zyrEL5)p5P555GOXn)UCv=6SI>YyB>CwS7_e6n~nH9Z>sO%eSlp+e-YitGsAeq*OQl
zkTuT_lIJH>c|)aA+kbW9*UrC!Z!PV6t!aNq^=F;-EvmeKr804iuG+uvj$hfY3DSOp
dDldW*LsFjqF@CkU#q;m%i+EndD@x-^<$uI?)d&Cp

literal 0
HcmV?d00001

diff --git a/2019/inctf/easy-vm/run.py b/2019/inctf/easy-vm/run.py
new file mode 100644
index 0000000..e668f5d
--- /dev/null
+++ b/2019/inctf/easy-vm/run.py
@@ -0,0 +1,259 @@
+from z3 import *
+
+
+class Program:
+
+  def __init__(self):
+    raw_bytes = open('crackme.i', 'rb').read()[8:]
+    self.code = [ int.from_bytes(raw_bytes[i:i+8], byteorder='little') for i in range(0, len(raw_bytes), 8) ]
+    self.register = [0 for i in range(10)]
+
+    self.instruction = 0
+    self.data_10 = 0
+    self.data_6 = 0
+    self.data_4 = 0
+    self.data_7 = 0
+    self.data_8 = 0
+    self.data_3 = 0
+    self.data_5 = 0
+    self.data_11 = 0
+    self.data_12 = 0
+    self.code_data = [0 for i in range(10000)]
+
+    self.s = Solver()
+    self.flag_count = 0
+    self.vars = []
+
+  def decode(self, ins):
+    self.instruction = ins;
+    self.data_10 = ~(~ins | 0xF000FFFFFFFFFFFF) >> 52;
+    self.data_6 = (ins & (ins ^ 0xFFF0FFFFFFFFFFFF)) >> 48;
+    self.data_4 = (ins & (ins ^ 0xFFFF0FFFFFFFFFFF)) >> 44;
+    self.data_7 = (ins & (ins ^ 0xFFFFF0FFFFFFFFFF)) >> 40;
+    self.data_8 = ~(~ins | 0xFFFFFF0FFFFFFFFF) >> 36;
+    self.data_3 = ~(~ins | 0xFFFFFFF000FFFFFF) >> 24;
+    self.data_5 = ~(~ins | 0xFF000000);
+    self.data_11 = (~(~ins | 0xFFFFFFF000FFFFFF) >> 24) // 5;
+
+    if self.data_5 >= 0x10:
+      self.data_5 = int(hex(self.data_5)[-2:], 16)
+
+    return (~(~ins | 0xFFFFFFF000FFFFFF) >> 24) // 5;
+
+
+  def switch_code1(self):
+    data_3 = self.data_3
+    if data_3 == 10:
+      return self.add()
+    if data_3 == 11:
+      print("end routine")
+      return 1
+    if data_3 == 12:
+      return self.jump()
+    if data_3 == 13:
+      print("has_current_eip")
+      return 1
+    if data_3 == 14:
+      return self.foo7()
+    return 0
+
+
+  def switch_code2(self):
+    data_3 = self.data_3
+    data_4 = self.data_4
+    register = self.register
+    if data_3 == 0:
+      return self.load()
+    if data_3 == 1:
+      return self.save()
+    if data_3 == 2:
+      print("register[{}] = get_char()".format(data_4))
+      register[data_4] = Int('flag_{:>3}'.format(self.flag_count))
+      self.s.add(register[data_4] >= 0)
+      self.s.add(register[data_4] <= 255)
+      self.flag_count += 1
+      return 1
+    if data_3 == 3:
+      print("print register[{}] {}".format(data_4, chr(register[data_4])))
+      return 1
+    if data_3 == 4:
+      return self.mov()
+    return 0
+
+
+  def switch_code3(self):
+    data_3 = self.data_3
+    if data_3 == 5:
+      return self.cmp()
+    if data_3 == 6:
+      return self.foo1()
+    if data_3 == 7:
+      return self.mul()
+    if data_3 == 8:
+      return self.shift_left()
+    if data_3 == 9:
+      return self.shift_right()
+    return 0
+
+  def load(self):
+    data_6 = self.data_6
+    data_5 = self.data_5
+    data_4 = self.data_4
+    data_7 = self.data_7
+    register = self.register
+    code_data = self.code_data
+
+    if data_6 == 1:
+      print("code_data[{}] = register[{}]".format(data_5, data_4))
+      code_data[data_5] = register[data_4]
+      return 1
+
+    if data_6 == 2:
+      print("code_data[register[{}]] = register[{}]".format(data_7, data_4))
+      code_data[register[data_7]] = register[data_4]
+      return 1
+
+    return 0
+
+
+  def save(self):
+    data_6 = self.data_6
+    data_5 = self.data_5
+    data_4 = self.data_4
+    data_7 = self.data_7
+    register = self.register
+    code_data = self.code_data
+
+    if data_6 == 1:
+      print("register[{}] = code_data[{}]".format(data_4, data_5))
+      register[data_4] = code_data[data_5]
+      return 1
+
+    if data_6 == 2:
+      print("register[{}] = code_data[register[{}]]".format(data_4, data_7))
+      register[data_4] = code_data[register[data_7]]
+      return 1
+
+    return 0
+
+  def mov(self):
+    data_6 = self.data_6
+    data_5 = self.data_5
+    data_4 = self.data_4
+    data_7 = self.data_7
+    register = self.register
+
+    if data_6 == 1:
+      print("register[{}] = register[{}]".format(data_4, data_7))
+      register[data_4] = register[data_7]
+      return 1
+
+    if data_6 == 0:
+      print("register[{}] = {} = {}".format(
+        data_4, data_5, data_5.to_bytes(1, byteorder='little')
+      ))
+      register[data_4] = data_5
+      return 1
+
+    return 0
+
+  def add(self):
+    data_4 = self.data_4
+    data_5 = self.data_5
+    data_7 = self.data_7
+    register = self.register
+    print("register[{}] = {} + register[{}]".format(data_4, data_5, data_7))
+    register[data_4] = register[data_7] + data_5
+    return 1
+
+  def jump(self):
+    data_10 = self.data_10
+    data_6 = self.data_6
+    data_5 = self.data_5
+    if data_6 == 0:
+        print("jump offset {}".format(data_5))
+    else:
+        print("jump {}".format(data_10))
+    return 1
+
+  def mul(self):
+    data_4 = self.data_4
+    data_7 = self.data_7
+    data_8 = self.data_8
+
+    print("register[{}] = register[{}] * register[{}]".format(data_4, data_8, data_7))
+    return 1
+
+  def foo1(self):
+    print("foo1")
+
+    data_4 = self.data_4
+    data_7 = self.data_7
+    data_8 = self.data_8
+    register = self.register
+
+    register[data_4] = ~register[data_8] & register[data_7]  | ~register[data_7] & register[data_8]
+    return 1
+
+  def shift_left(self):
+    data_4 = self.data_4
+    data_5 = self.data_5
+    print("register[{}] <<= {}".format(data_4, data_5))
+    return 1
+
+  def shift_right(self):
+    data_4 = self.data_4
+    data_5 = self.data_5
+    print("register[{}] <<= {}".format(data_4, data_5))
+    return 1
+
+  def cmp(self):
+    data_4 = self.data_4
+    data_7 = self.data_7
+    data_6 = self.data_6
+    register = self.register
+    if data_6 == 0:
+      print("register[{}] != register[{}]".format(data_7, data_4))
+      print(register[data_4] == register[data_7])
+      self.s.add(register[data_4] == register[data_7])
+      return 1
+    if data_6 == 1:
+      print("register[{}] > register[{}]".format(data_7, data_4))
+      print(register[data_4] <= register[data_7])
+      self.s.add(register[data_4] <= register[data_7])
+      return 1
+    if data_6 == 2:
+      print("register[{}] < register[{}]".format(data_7, data_4))
+      print(register[data_4] >= register[data_7])
+      self.s.add(register[data_4] >= register[data_7])
+      return 1
+    return 0
+
+
+  def foo7(self):
+    print("foo7")
+    return 1
+
+  def run(self):
+    for i in range(len(self.code)):
+      ins = self.code[i]
+      self.decode(ins)
+      print("{}\t {} [{}][{}][{}]\t".format(i, hex(ins), self.data_11, self.data_3, self.data_6), end='')
+      data_11 = self.data_11
+      if data_11 == 0:
+        self.switch_code2()
+      elif data_11 == 1:
+        self.switch_code3()
+      elif data_11 == 2:
+        self.switch_code1()
+      else:
+        print("invalid code?")
+    self.s.check()
+    m = self.s.model()
+    for k, v in sorted([(k, m[k]) for k in m], key=lambda x: str(x[0])):
+        print(chr(v.as_long()), end='')
+    print()
+
+
+program = Program()
+program.run()