tldr: trace instructions and build CFG, realize it looks like the AVR bootloader and leak the full program. There is a stack overflow in get_int function and we can jump into the flash subroutine to leak the flag

full writeup: [https://ctf.harrisongreen.me/2020/googlectf/registers_matter/](https://ctf.harrisongreen.me/2020/googlectf/registers_matter/)

Original writeup (https://ctf.harrisongreen.me/2020/googlectf/registers_matter/).