MicroCorruption/19-Hollywood/notes.md

15 lines
673 B
Markdown
Raw Permalink Normal View History

# Chernobyl
### First impressions:
- Location-independent (my god these relative jumps)
- Copies itself around in memory
- Tries to be cheeky, and overwrites the original memory
- Sucks for it, my disassembler is so bad the instructions are wrong anyway
- A top-down disassembly is not possible here.
- Does long jumps by calculating large pc-relative offsets, pushing pc, and BR'ing them
- Never used Ghidra before, but it really doesn't like this. It crashed so hard.
- Decrypts_one_byte a lot -- and there's a blob of garbage in RAM. How fun.
- Do I need to find an inverse of the encryption algorithm?
#### TL;DR: Everybody knows it sucks