Second level of GCHQ ‘canyoucrackit’ challenge requires to implement own Virtual Machine(!). This VM must emulate segmented memory model with 16-byte segment size (notation seg:offset). For details please read this link:

I wrote quick overview about this challenge, how to solve it and some tips. It can be found here:

Anyway, I am impressed how many people saw this post and how fast this link was shared in community 🙂 Of course I’m happy of that but also a bit terrified. Anyway, in this short post I didn’t put much details about how to implement this VM, if there is any difficulties, etc. This was one of the reason I received a few emails asking some help to solve it. This is the reason why I decide finally write this second post. I want to share with my VM which i wrote in pure C (I love this language). To be honest I didn’t implement it at the beginning like it is here. I found some implementation in the webpage in python language. Unfortunately it has some mistakes (in fact serious mistakes). This was the reason why this machine didn’t work properly and in fact after a few instruction put exceptions and of course whole VM stops. I spend some time to fix it and I did it. After rewriting this machine, python VM starts working. This machine had a few problems like doesn’t correct  implement the most important instructions (JMP and JMPE). Also there was mistakes in take care about MOD flag. Another bug was that CS and DS register can be used in operations like ADD via normal operand argument as register. Also operations which use addressing [seg:off] must especially take care if the arguments are inside of the SEGMENT, if not make them fix. In fact this was critical bugs.

Anyway because of that I rewrote almost whole program so after all I decide, OK let’s do that in my way and this was the point why I implement everything again in C. Here you have got my VM in pure C:


Btw. In fact this challenge is NOT finished yet… Maybe it was mistake to publish solution BEFORE end of it? I feel a bit guilty.


Best regards,

Adam Zabrocki


  1. Chris on 07.06.2012


    Great blog you have here! thx for sharing knowledge,,,one thing i dont understand is that in the solution of this challenge (level2 – VM implementation) is why you initiate the ds =16 while cs=0 ?

    This clearly means that the bytes of the code segment and data segment overlap each other which is of course erroneous. Code segment and data segments are supposed to be in different regions of memory ?

  2. admin on 07.08.2012

    @Chris: Thank you for your appreciation… About your question, if you look carefully for all information provided by GCHQ:

    you can find initial state of CPU:

    cpu: {
    ip: 0x00,

    r0: 0x00,
    r1: 0x00,
    r2: 0x00,
    r3: 0x00,

    cs: 0x00,
    ds: 0x10,

    fl: 0x00,

    firmware: [0xd2ab1f05, 0xda13f110]

    ds == 0x10 == 16 🙂

  3. Chris on 07.13.2012

    Thank you for your answer…

    I can see your point but i wanted to know why ds =16 ! is this an arbitrary number
    or it has a logical explanation ?

    What i want to say is if has any connection with the segment size which is also 16.

Leave a Reply

CAPTCHA * Time limit is exhausted. Please reload the CAPTCHA.