Overwatch teaser: ASM code/hex.

Overwatch8 - Overwatch teaser: ASM code/hex.

Hey all,

I've seen quite a few posts talking about the teaser trailer and various bits and pieces about the code which is displayed. Specifically there's a lot of references here : https://www.reddit.com/r/Overwatch/comments/atbyn7/new_teaser_hidden_message/

There's a few bits there I wanted to address, but given how burried that post is I also wanted to create a new post to try and help other people avoid going down the same rabbit holes.

TL;DR: The code is a reference to a real world exploit and likely has no hidden ARG in it.

Firstly: The geekcode. I'd suggest disregarding it. It's not actually valid geekcode. Geekcode is a very specific format which used to be used for various signatures, you can read more about it here: https://www.joereiss.net/geek/geek.html

The reason I'm suggesting disregarding it is the hex code doesn't translate to the letters and doesn't include the skill level indicators. What I believe has happened here is a false positive/coincidence. It just happens that due to the number of characters which can be used for geekcode, it's inevitable that a random string will match some of it.

The only bit which I think is valid is the name Baptiste. The rest of it is just control characters and other such ( although certain bits do look like header information/end information so I can't entirely rule it out. )

Secondly, I want to talk about the ASM Code (which I've seen a few folk draw conclusions from), I've included it below:

ASM VOLATILE { `MLTDWN:` `JNE 1B` `SHL $12, %%RAX` `ADD {%{DEST}}, %%EAX` `IMUL {%{FINAL}, %%RAX, 1}, %%RBX` `.REPT 300` `MUL $0x141, %%RAX` `.ENDR` `CLEANUP:` `:` `: {FINAL} "R" {RESULT_LIST}, {DEST} "R" {DEST}{TRUNG LE NGUYEN}` `: "RAX", "RBX":` }; 

It's worth mentioning my ASM is a touch rusty, so any corrections are welcome. At a glance this looks a bit like a weird mix of code. Bits of it look like the gcc inline assembly setup, bits of it dont, but I think there are certain assumptions we can make from it.

Interestingly the syntax below makes little sense to me. This might just be due to my rustiness as far as the different syntaxes to ASM. Some of it looks like AT&T syntax, some looks like Intel syntax. The difference between the two is certain symbols, operands and source/dest operators. I'll try and tag where I think somethings intel or GAS



Intel OPERAND DEST, source

Line by line(ish):


– So a weird bit with this. If this was pure gcc inline/extended, I'd be expecting it to be asm volatile (…). For now lets assume it's the same end result. With this we're setting up our assembler block and instructing the compiler to run as is with no optimisation. We're explicitly saying that this code could have side effects and not to do certain optimisations.


– This looks like a standard assembler symbolic label. This has global scope and would pop up in the symbol table. We're kind of saying, remember this location for later so we can jump back here.

I know I've seen a couple of think talk about MLTDOWN as being a hint to the hero. I've got a different idea. I think this is referencing the MELTDOWN security vulnerability (https://meltdownattack.com/)

This would make sense. Meltdown at a high level allowed for breaking out of isolation and getting access to memory you shouldn't have access too. I'll also talk about the below code in relation to meltdown.



– This would require a previous cmp operator. But we're effectively saying jump to label 1B if the previous comparison was not equal. We don't have the previous cmp so we're not sure what's being compared here.

GAS: SHL $12, %%RAX

– This is a shift left operator. $12 is an immediate/constant and %%RAX references the 64 bit RAX register. We're saying here to shift whats tored in %%RAX by 12. Were effectively doing a multiplcation of %%RAX by 2^12


– In GAS, the ADD would probably be ADDL. What we're saying here is ADD the content of %%EAX to DEST. I'm assuming DEST is an alias to a register although the syntax doesnt match with what I'm familiar with.


– I'm guessing intel here, but as with all of these operators, some bits of it look intel-ish some bits look GAS-ish. But I suspect FINAL is the dest so we'll assume intel-esque. This is an integer multiplcation. I believe what is trying to be done here is multiply (FINAL * RAX * 1) * RBX. With the words refereing to registers. The multiplication by 1 increasingly looks like nonsense.

.REPT 300

GAS: MUL $0x141, %%RAX


– I'm treating this as one block. What we're doing here I believe is saying multiply 321 by the contents of RAX, and repeat this 300 times. I /believe/ that the output of the MUL would store the result in %%RAX.

Now if you are still reading and paid attention to earlier, I mentioned meltdown. This is important as the above code looks very much like a psudo-code reference to the meltdown attack ( http://www.cis.syr.edu/~wedu/seed/Labs_16.04/System/Meltdown_Attack/Meltdown_Attack.pdf)

Specifically, TASK 7.3, using assembler code to trigger meltdown.

// Give eax register something to do

asm volatile(

".rept 400;" ➀

"add $0x141, %%eax;"

".endr;" ➁



: "eax"

All this does is force the computer to do useless computations to chew up time while the memory is being speculated. The whole things an interesting read. It's impossible not to notice the similaries though. The same 0x141 on the add ( MUL would work just as well ), using the eax instead of RAX register. the rept 400 instead of 300.

My point here is, the MLTDOWN label has nothing to do with the hero. This is a psudocode implementation of a genuine exploit which makes the whole thing look cool. I'm genuinely impressed with the level of detail here.

It also might not be psudocode. I'm assuming so but it might be it's valid x86_64 ASM code in a syntax I'm not familiar with. The point is still the same.

Now, for the final bit:



: "RAX", "RBX":

I'm not going to go into this line by line as it's not valid code that I can see. The CLEANUP label is fine but the rest is just nonsense. My gut feeling is this is meant to be a semi realistic looking bit to extract the secrets from the system.

In essence. The attention to detail is really quite awesome and referencing real world vulnerabilities is a nice touch, but I don't think people should read too much into it.

Source: Original link

© Post "Overwatch teaser: ASM code/hex." for game Overwatch.

Top 10 Most Anticipated Video Games of 2020

2020 will have something to satisfy classic and modern gamers alike. To be eligible for the list, the game must be confirmed for 2020, or there should be good reason to expect its release in that year. Therefore, upcoming games with a mere announcement and no discernible release date will not be included.

Top 15 NEW Games of 2020 [FIRST HALF]

2020 has a ton to look forward to...in the video gaming world. Here are fifteen games we're looking forward to in the first half of 2020.

You Might Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *