Hello, stupid question, but why did you XOR-ed rdx with rbx, and not rax?
Lots of very good hints in the replies, but I’ll add a few to help those stuck after also being lost for a couple of hours.
What is the code repeating, and how many times?
rbx is relevant, already as a value, why? Reread the task.
The code is repeating, doing what, how do you handle that.
How do you observe the executable while it’s running your loop? Keep an eye on what changes in the stack, it is a stack, your loop handles it. It’ll get more obvious towards the end even if you have to quickly step through your loop multiple times.
Another practice example has shellcode ending with what? I know the pieces fit.
I watched the address, but pieced it into shellcode, also manually, but hey, hex is hex, flag is a flag.
1 Like
I had no clue that rdx was shellcode, I was looking for it to be the answer itself. That fixed it for me.
@panipuriben and to those who get to this point
Go back to the section ‘Shellcodes’ and look up how to run shell code using ‘pwntools’. you will want to concatenate your shell code you got there.
That should help you 
GL Friend
Thanks so much for the bswap tip @skid.t . I mistakenly assumed the “shellcode” on the stack would be valid and executable after the xor and it seems it’s not. I wasted a load of time trying to dump the entire 120 byte block to file at once, or trying to pass execution to the stack to run it.
I think this lab could have been way less confusing if it had been designed to execute rather than be concatenated from multiple values.