> For the complete documentation index, see [llms.txt](https://ret2basic.gitbook.io/ctfwriteup/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ret2basic.gitbook.io/ctfwriteup/web3-ctf/more-evm-puzzles/puzzle-9.md).

# Puzzle 9

## Puzzle

```
############
# Puzzle 9 #
############

00      34        CALLVALUE
01      6000      PUSH1 00
03      52        MSTORE
04      6020      PUSH1 20
06      6000      PUSH1 00
08      20        SHA3
09      60F8      PUSH1 F8
0B      1C        SHR
0C      60A8      PUSH1 A8
0E      14        EQ
0F      6016      PUSH1 16
11      57        JUMPI
12      FD        REVERT
13      FD        REVERT
14      FD        REVERT
15      FD        REVERT
16      5B        JUMPDEST
17      00        STOP

? Enter the value to send: (0) 
```

## Solution

Pseudocode:

```solidity
mstore(0, msg.value);
hash = sha3(0, 0x20); // hash that msg.value

if (hash >> 0xF8 == 0xA8) {
    jump(0x16);
}
```

The condition `hash >> 0xF8 == 0xA8` means the MSB of hash is `0xA8`. In other words, in this challenge our task is to find an integer `x` such that `hash(x)` begins with `0xA8`.

 Write a simple Bash script to brute-force msg.value:

```bash
#!/bin/bash

COUNTER=1

while [ $COUNTER -lt 1024 ]
do
     echo "msg.value: $COUNTER"
     printf "$COUNTER\n\n" | npx hardhat play | grep "Puzzle solved!"
     COUNTER=$[$COUNTER +1]
     rm -f solutions/solution_9.json
done
```

The answer is 47.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ret2basic.gitbook.io/ctfwriteup/web3-ctf/more-evm-puzzles/puzzle-9.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.