CTF site

GoVM(c) -- Government VM and Compiler

I've written a small bytecode interpreter along with a custom bytecode for CIPHER 5, originally based on an idea by Sascha Müller, who also wrote a little assembler for his vm, which I extended.

When I tried to write bytecode with his assembler, I had to repeat the same instruction sequences over and over again. Because I hate to repeat myself more often than never, I decided I need to write a compiler.

The idea of using the VM in a Capture the Flag contest was to force teams to write their own shellcode, to write their own buffer overflow protection, and to write their own disassembler. Thus, teams who cannot afford a commercial disassembler (or who are unwilling to buy one) are not at a disadvantage.

The VM supports execution of arbitrary bytecode on its stack, provided the originally executed bytecode is vulnerable to stack overflows.

The VM is written in C; the current version is implemented as a python module. It supports three syscalls: getc, putc and halt. getc and putc are redirected to python functions to allow for easy integration.

How to write a hello world application for govm.

I've written a small webserver for govm, which requires only a basic python backend (handling incoming connections; redirection of stdin/stdout to a socket).

I've also written a video library: three cgi-scripts that allow a user to a) create an account; b) add videos, specifying the title and the location; c) ask for the location of a video by specifying its location. These CGI-scripts require a more complex python environment: both a database and the CGI parameters have to be passed through getc; database write access as well as access to the output socket must be possible through putc. \0 is used as delimiter.

For now, you can download

If you've got questions, please send me an email. If you write some script for govm, I'm interested in a copy.


2b72640e6b9420780b6ab7c40f8e4303bec1b3b6

Impressum