mirror of
https://git.soft.fish/val/MicroCorruption.git
synced 2024-11-22 15:16:02 +00:00
66 lines
1.8 KiB
Markdown
66 lines
1.8 KiB
Markdown
|
|
## load_address:
|
|
|
|
8000: BE
|
|
vv
|
|
0080: LE
|
|
|
|
|
|
## program_text:
|
|
|
|
text:
|
|
|
|
35400880 0045 0545 0545 0545 0545 0545 0545 0f43 3041
|
|
|
|
disassembly:
|
|
```c
|
|
asm (msp430) : 8000
|
|
3540 0880 mov #0x8008, r5
|
|
0045 br r5 ; uncond branch to #8008
|
|
0545 nop
|
|
0545 nop
|
|
0545 nop
|
|
0545 nop
|
|
0545 nop
|
|
0545 nop
|
|
0f43 clr r15
|
|
3041 ret
|
|
|
|
```
|
|
## Signature:
|
|
8605e027f42368ea6bba9de66409f6a8ddedcd49614a4648281c47a7b4ad252f5639069b17ba8ff104d371e2d8a625b038f0750667364087e7987e40ea81510f
|
|
|
|
## public key?
|
|
|
|
`b6458aae646e18722450b46348f3a09b4be01a9e69edc9516a0752cc17d27d6f`: Nope
|
|
|
|
b645 8aae 646e 1872 2450 b463 48f3 a09b 4be0 1a9e 69ed c951 6a07 52cc 17d2 7d6f ?
|
|
|
|
45b6 ae8a 6e64 7218 5024 63b4 48f3 9ba0 e04b 9e1a ed69 51c9 076a cc52 d217 6fd7 ?
|
|
|
|
`45b6ae8a6e647218502463b448f39ba0e04b9e1aed6951c9076acc52d2176fd7`: Nope
|
|
|
|
|
|
# Solution:
|
|
|
|
```c
|
|
if ((int)loadaddr & 0x8000 && (int)loadaddr < 0xf001) {
|
|
// Here, it copies the payload
|
|
memcpy ((void *)loadaddr, &payload, 0x100);
|
|
// Then, it verifies the signature
|
|
if (verify_ed25519 ((char *)0x2400, loadaddr, 0x100, signature) == 1) {
|
|
puts ("Signature valid, executing payload");
|
|
```
|
|
| Cycle | Loadaddr | Payload | Signature |
|
|
|-------|----------|----------|-----------|
|
|
| 1 | 0880 | 30400245 | 00 |
|
|
| 2 | 0090 | 35400880 0045 0545 0545 0545 0545 0545 0545 0f43 3041 | 8605 e027 f423 68ea 6bba 9de6 6409 f6a8 dded cd49 614a 4648 281c 47a7 b4ad 252f 5639 069b 17ba 8ff1 04d3 71e2 d8a6 25b0 38f0 7506 6736 4087 e798 7e40 ea81 510f |
|
|
|
|
0880
|
|
30400245
|
|
00
|
|
|
|
0090
|
|
3540088000450545054505450545054505450f433041
|
|
8605e027f42368ea6bba9de66409f6a8ddedcd49614a4648281c47a7b4ad252f5639069b17ba8ff104d371e2d8a625b038f0750667364087e7987e40ea81510f
|