100 lines
2.5 KiB
NASM
100 lines
2.5 KiB
NASM
; just hash the first 0x140 B and stick them in memory
|
|
; 6000 1c 0b43 1e43 3d400080 0f4b b012b645 3d500300 1b53 3b904001 f72b 3041
|
|
|
|
; Compile with this fork of msprobe:
|
|
const:
|
|
.define msize 0x1 ; length of each hash in bytes
|
|
.define hsize 0x3 ; bytes kept per hash (only needs to be 3 to determine 1 byte of sram)
|
|
.define sr_len 0x140 ; number of bytes in sram to dump
|
|
.define ha_len 0x3c0 ; number of bytes in hash array (hsize * sr_len)
|
|
.define haddr 0x7000 ; address of the big hash array
|
|
.define iaddr 0x8000 ; address of the sram input buffer
|
|
.define kaddr 0x9000 ; address of the key buffer
|
|
external_data:
|
|
.define HEX_LUT 0x4710; "0123456789ABCDEF"
|
|
external_func:
|
|
; INT(int interrupt, ...)
|
|
.define INT #0x4550
|
|
; getsn(void *dest, size_t len)
|
|
.define getsn #0x4568
|
|
; putchar(char character)
|
|
.define putchar #0x4578
|
|
; puts(char *str)
|
|
.define puts #0x4586
|
|
; memcpy(void *dest, void *src, size_t len)
|
|
.define memcpy #0x45a4
|
|
; sha256_internal(void * sram_addr, size_t sr_len, void * sha_buf)
|
|
.define sha256_internal #0x45b6
|
|
; memset(void* buf, char value, size_t length)
|
|
.define memset #0x45c8
|
|
|
|
get_sram_hashes:
|
|
clr r11 ; loop variable in r11
|
|
mov #msize, r14 ; r14 = 1
|
|
mov #haddr, r13 ; set destination to 0x8000
|
|
sr_loop:
|
|
mov r11, r15 ; mov addr r15
|
|
call sha256_internal; <sha256_internal>
|
|
add #hsize, r13 ; keep 3 bytes of the output
|
|
inc r11 ; inc r11
|
|
cmp #sr_len, r11 ; do that 0x1000 times
|
|
jnc sr_loop
|
|
|
|
print_hex:
|
|
clr r11;
|
|
ph_loop:
|
|
mov.b haddr(r11), r14
|
|
mov.b r14, r15
|
|
rra r15 ; using rra here instead of rra.b means the value won't roll into the highest bit
|
|
rra r15 ; which negates the need to and 0xf, r15
|
|
rra r15
|
|
rra r15
|
|
clrc
|
|
and #0xf, r14
|
|
mov.b HEX_LUT(r15), r15
|
|
call putchar ; <putchar>
|
|
mov.b HEX_LUT(r14), r15
|
|
call putchar ; <putchar>
|
|
inc r11 ; inc r11
|
|
cmp #ha_len, r11 ; do that sram_length*3 times
|
|
jnc ph_loop
|
|
|
|
mov.b #0xa, r15 ; '\n'
|
|
call #0x4578 ; putchar ('\n')
|
|
|
|
|
|
take_input:
|
|
; 3e4040003f400090b0126845
|
|
mov #sr_len, r14
|
|
mov #iaddr, r15
|
|
call getsn ; <getsn>
|
|
|
|
check_all_passwords:
|
|
;for i in 0..sr_len:
|
|
clr r9
|
|
pw_loop:
|
|
; memcpy(kaddr, iaddr + i, len)
|
|
mov #10, r13
|
|
mov #iaddr, r14
|
|
add r9, r14
|
|
mov #kaddr, r15
|
|
call memcpy
|
|
; INT (0x42, key)
|
|
push #kaddr
|
|
push #42
|
|
call INT
|
|
add #4, sp
|
|
; INT(7f)
|
|
unlock7f:
|
|
push #0
|
|
push #0
|
|
push #7f
|
|
call INT
|
|
add #6, sp
|
|
inc r9
|
|
cmp #sr_len, r9
|
|
jl pw_loop
|
|
|
|
end:
|
|
ret
|