GCHQ Stage 2 Solution VM disassembled

Instructions decoded at 0x00 - decrypts second stage decrypter (below)
--------------------------------------------------------------
First program - decrypts 0x100->0x14F (second stage)
r1 = 4
r3 = 170
loop
r0 = [ds:r2]
r0 ^= r3
[ds:r2] = r0
r2++
r3++
?if r2=80
r0 = 20
jmpe next
jmp loop

next
jmp 16:0


Second decrypter - at 0x100
----------------------------
- on entry r=(0,4,80,240,cs=16,ds=16)
r2 = 0
r5 += 12
r1 = 8
r3 = 50

now r=(0,8,0,50,16,28) (ds=start of GET string)
loop1:
r0 = [ds:r2]
r0 ^= r3
[ds:r2] = r0
r2++
r3 += 3
if r2=0?
  jmp r3
if r0 = 0
  jmp end
jmp loop1

end:
hlt

plain text is at 0x1C0 to 0x1F1