Flag was contained at the first EEPROM section (0x0). We've analyzed the instruction trace to find useful gadgets. Then we've used buffer overflow vulnerability in "magic function" to pwn the binary and dump sector with a flag.

Full writeup: [https://github.com/p4-team/ctf/tree/master/2020-08-22-google-ctf/registers_matter](https://github.com/p4-team/ctf/tree/master/2020-08-22-google-ctf/registers_matter)

Original writeup (https://github.com/p4-team/ctf/tree/master/2020-08-22-google-ctf/registers_matter).