# Reverse Engineering

<table><thead><tr><th width="347">Challenge</th><th>Link</th></tr></thead><tbody><tr><td>PlatyProtect 64 (936 pts)</td><td><a href="#platyprotect-64-936-pts">Here</a></td></tr></tbody></table>

## PlatyProtect 64 (936 pts)

### Description

Rummaging through the attic I found an old Commodore 64. It still had a cartridge inserted, so I plugged it in and booted it up. To my surprise it still worked! But the program appears to be protected by *PlatyProtect 64*. A quick Google search revealed an old website which still hosts a version of the program. Can you tell me the password?

Further notes:

* The password is the flag. To submit it you’ll have to wrap the password with the format, i.e. you submit `PP{<password>}`.
* Any C64 emulator should work, but the program was tested with the [VICE](https://vice-emu.sourceforge.io/) emulator, which additionally provides helpful features like a monitor. With VICE installed you can run the program like so `x64sc ./pp64.prg`.

### Solution

Given .prg file, in some cases there are protection of .prg file that make the disassembler and decompiler produce the wrong results. To defeat this, we can use debugger then dump the memory.&#x20;

* Open c64 debugger
* drag n drop the .prg file
* Press ctrl + f8
* execute S PRG 0 fffd /tmp/dump.prg
  \*

  ```
  <figure><img src="/files/9uipBXGxmikLffX5jseE" alt=""><figcaption></figcaption></figure>
  ```
* Open ghidra and import new file with below options
  \*

  ```
  <figure><img src="/files/pr4cetIxrWQlW3gxqyz0" alt=""><figcaption></figcaption></figure>
  ```
* Select all block then disassemble, now we've the same address and instruction like in the debugger
  \*

  ```
  <figure><img src="/files/VvGFSCHs24f2Yk1PtWme" alt=""><figcaption></figcaption></figure>
  ```

\----TBU-----

Flag: PP{petscii-vs-ascii::Gtr5u8JPycCw}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kos0ng.gitbook.io/ctfs/write-up/2024/platypwn-ctf/reverse-engineering.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.