Hexecution
HackTheBox
Two files: `cook` — ELF 64-bit LSB PIE executable, x86-64, stripped, dynamically linked (custom VM interpreter) and `recipe.asm` — 289 lines of cooking-themed esoteric assembly. The binary reads and executes the recipe file.
$ ls tags/ techniques/
$ cat /etc/rate-limit
Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.
Hexecution — HackTheBox
Description
My friend is always tampering with low-level things. So created something different, and going to challenge him. Before challenge him, can you try it and see if it works or not?
Two files: cook — ELF 64-bit LSB PIE executable, x86-64, stripped, dynamically linked (custom VM interpreter) and recipe.asm — 289 lines of cooking-themed esoteric assembly. The binary reads and executes the recipe file.
Analysis
Initial Reconnaissance
$ file cook cook: ELF 64-bit LSB pie executable, x86-64, dynamically linked, stripped $ file recipe.asm recipe.asm: ASCII text $ wc -l recipe.asm 289 recipe.asm
The binary is stripped — no symbols, full reverse engineering through disassembler required. The recipe.asm file contains instructions with cooking-themed names: BOIL, AES256, SPELL, ROAST, QUICKMAFFS, GRIND, GOODBYE, WINDOW, LADDER, PEPEFROG, CHAIR.
VM Architecture
The VM has 6 16-bit registers and a 256-byte memory array:
| Register | Purpose |
|---|---|
| VEGETABLE | General purpose |
| FRUIT | General purpose |
| MEAT | General purpose |
| DAIRY | General purpose |
| PROTEIN | Accumulator / pointer |
| CARBO | Memory base pointer |
Additionally: internal counter (auto-increment for AES256 and SPELL 0).
Opcode Mapping
Full reverse engineering of the cook binary through Ghidra revealed the following mapping:
...
$ grep --similar
Similar writeups
- [reverse][free]Auto Cooker— GPNCTF 2026
- [pwn][free]Regularity— hackthebox
- [pwn][free]Restaurant— hackthebox
- [reverse][free]Virtually Mad— HackTheBox
- [pwn][free]Getting Started— hackthebox