Instruction not marked as branch

[circleous]

I'm using riscv64 to analyze a binary from Favourite Architecure challenge series in *CTF https://adworld.xctf.org.cn/media/uploads/task/c11db24e682f4d4d802f4a3ca9ca76b8.zip.

As you can see, 0x10546 supposed to be a branch instruction.

I'll gladly help if you could point me where should I take a look first.

[circleous]

I think it's because of the compressed instructions, the one with "c." suffix

[circleous]

https://riscv.org/wp-content/uploads/2019/06/riscv-spec.pdf, I've made a small change to get around this

diff --git a/riscv.py b/riscv.py
index db4c753..90514f9 100644
--- a/riscv.py
+++ b/riscv.py
@@ -20,7 +20,7 @@ from .lifter import Lifter

 branch_ins = set([
     'beq', 'bne', 'beqz', 'bnez', 'bge', 'bgeu', 'blt', 'bltu', 'blez', 'bgez',
-    'bltz', 'bgtz'
+    'bltz', 'bgtz', 'c.bnez', 'c.beqz'
 ])

 direct_call_ins = set(['jal', 'j'])

and it correctly marks the instruction as a branch.

[f0rki]

thanks. good catch! capstone only got support for compressed instructions after the initial/bulk work of this project so compressed instructions are still not well tested. I pushed a commit that should fix this.

btw. this binary is a good testcase also for the lifter, so if you encounter anything feel free to report it. I also pushed a bunch of new lifting handlers for the rv64 specifics.