I'm doing a htb exercise and my shellcode doesn't give the right answer

Question

The exercise goes: We examine the file with gdb and see that it is loading an encoded shellcode to the Stack and storing the xor decoding key in rbx. We need to decode the shellcode after it is loaded to the Stack and then run the shellcode to get the flag.

Here the objdump of the initial file:

loaded_shellcode:     file format elf64-x86-64


Disassembly of section .text:

0000000000401000 <_start>:
  401000:   48 b8 d7 4b de 7c 5c    movabs rax,0xa284ee5c7cde4bd7
  401007:   ee 84 a2 
  40100a:   50                      push   rax
  40100b:   48 b8 9a 84 10 05 11    movabs rax,0x935add110510849a
  401012:   dd 5a 93 
  401015:   50                      push   rax
  401016:   48 b8 00 75 69 ab 9d    movabs rax,0x10b29a9dab697500
  40101d:   9a b2 10 
  401020:   50                      push   rax
  401021:   48 b8 9a 45 96 0d eb    movabs rax,0x200ce3eb0d96459a
  401028:   e3 0c 20 
  40102b:   50                      push   rax
  40102c:   48 b8 62 84 10 05 e3    movabs rax,0xe64c30e305108462
  401033:   30 4c e6 
  401036:   50                      push   rax
  401037:   48 b8 51 0c 3e 7c 5c    movabs rax,0x69cd355c7c3e0c51
  40103e:   35 cd 69 
  401041:   50                      push   rax
  401042:   48 b8 d6 85 a1 84 25    movabs rax,0x65659a2584a185d6
  401049:   9a 65 65 
  40104c:   50                      push   rax
  40104d:   48 b8 00 50 6c 6c 50    movabs rax,0x69ff00506c6c5000
  401054:   00 ff 69 
  401057:   50                      push   rax
  401058:   48 b8 81 56 50 aa 34    movabs rax,0x3127e434aa505681
  40105f:   e4 27 31 
  401062:   50                      push   rax
  401063:   48 b8 48 ff 69 1e 57    movabs rax,0x6af2a5571e69ff48
  40106a:   a5 f2 6a 
  40106d:   50                      push   rax
  40106e:   48 b8 e6 09 07 f2 af    movabs rax,0x6d179aaff20709e6
  401075:   9a 17 6d 
  401078:   50                      push   rax
  401079:   48 b8 c9 f1 5b 31 52    movabs rax,0x9ae3f152315bf1c9
  401080:   f1 e3 9a 
  401083:   50                      push   rax
  401084:   48 b8 9a 17 00 09 bb    movabs rax,0x373ab4bb0900179a
  40108b:   b4 3a 37 
  40108e:   50                      push   rax
  40108f:   48 b8 a3 a2 9a 05 44    movabs rax,0x69751244059aa2a3
  401096:   12 75 69 
  401099:   50                      push   rax
  40109a:   48 bb d2 44 21 4d 14    movabs rbx,0x2144d2144d2144d2
  4010a1:   d2 44 21

This is the assembly code I'm using:

global _start
section .text
_start:
mov rax,0xa284ee5c7cde4bd7
push rax
mov rax,0x935add110510849a
push rax
mov rax,0x10b29a9dab697500
push rax
mov rax,0x200ce3eb0d96459a
push rax
mov rax,0xe64c30e305108462
push rax
mov rax,0x69cd355c7c3e0c51
push rax
mov rax,0x65659a2584a185d6
push rax
mov rax,0x69ff00506c6c5000
push rax
mov rax,0x3127e434aa505681
push rax
mov rax,0x6af2a5571e69ff48
push rax
mov rax,0x6d179aaff20709e6
push rax
mov rax,0x9ae3f152315bf1c9
push rax
mov rax,0x373ab4bb0900179a
push rax
mov rax,0x69751244059aa2a3
push rax
mov rbx,0x2144d2144d2144d2

mov rdx, rsp
add rcx, 14
sub rsp, 8
call decrypt

decrypt:
    xor [rdx], rbx
    add rdx, 8
    loop decrypt

After going over $rdx with gdb and appending the values spits out the following Shell Code:

69751244059aa2a3373ab4bb0900179a9ae3f152315bf1c96d179aaff20709e66af2a5571e69ff483127e434aa50568169ff00506c6c500065659a2584a185d669cd355c7c3e0c51e64c30e305108462200ce3eb0d96459a10b29a9dab697500935add110510849aa284ee5c7cde4bd7

I'm supposed to get a flag to complete the exercise but I get an empty response, where did I go wrong?

Answer 1

断点必须放在 add rdx,8 而不是 xor [rdx],rbx 上。