diff --git a/sample-asm/shellcode.asm b/sample-asm/shellcode.asm index 0eac4f5..140ec16 100644 --- a/sample-asm/shellcode.asm +++ b/sample-asm/shellcode.asm @@ -1,13 +1,11 @@ ; © 2023-2024 John Breaux ; Comtains spoilers for Microcorruption Halifax! Be warned! -; just hash the first 0x140 B and stick them in memory const: .define msize 0x1 ; length of each hash in bytes .define hsize 0x3 ; bytes kept per hash (only needs to be 3 to determine 1 byte of sram) .define sr_len 0x140 ; number of bytes in sram to dump -.define ha_len 0x3c0 ; number of bytes in hash array (hsize * sr_len) .define haddr 0x7000 ; address of the big hash array .define iaddr 0x8000 ; address of the sram input buffer .define kaddr 0x9000 ; address of the key buffer @@ -24,7 +22,7 @@ external_func: .define puts #0x4586 ; memcpy(void *dest, void *src, size_t len) .define memcpy #0x45a4 -; sha256_internal(void * sram_addr, size_t sr_len, void * sha_buf) +; sha256_internal(void *sram_addr, size_t sr_len, void * sha_buf) .define sha256_internal #0x45b6 ; memset(void* buf, char value, size_t length) .define memset #0x45c8 @@ -35,10 +33,10 @@ get_sram_hashes: mov #haddr, r13 ; set destination to 0x8000 sr_loop: mov r11, r15 ; mov addr r15 - call sha256_internal ; + call sha256_internal ; sha256_internal (i, msize, haddr + i * hsize) add #hsize, r13 ; keep 3 bytes of the output inc r11 ; inc r11 - cmp #sr_len, r11 ; do that 0x1000 times + cmp #sr_len, r11 ; do that sram_len times jnc sr_loop print_hex: @@ -53,27 +51,27 @@ print_hex: clrc and #0xf, r14 mov.b HEX_LUT(r15), r15 - call putchar ; + call putchar ; putchar (HEX_LUT[haddr[i] >> 4]) mov.b HEX_LUT(r14), r15 - call putchar ; - inc r11 ; inc r11 - cmp #ha_len, r11 ; do that sram_length*3 times + call putchar ; putchar (HEX_LUT[haddr[i] & 0xf]) + inc r11 + cmp #sr_len * hsize, r11 ; do that sram_length * hash_size times jnc ph_loop - mov.b #0xa, r15 ; '\n' - call #0x4578 ; putchar ('\n') + mov.b #'\n', r15 ; '\n' + call putchar ; putchar ('\n') take_input: mov #sr_len, r14 mov #iaddr, r15 - call getsn ; + call getsn ; getsn (iaddr, sr_len) check_all_passwords: ;for i in 0..sr_len: clr r9 pw_loop: - ; memcpy(kaddr, iaddr + i, len) + ; memcpy (kaddr, iaddr + i, len) mov #0x10, r13 mov #iaddr, r14 add r9, r14 @@ -84,7 +82,7 @@ check_all_passwords: push #0x42 call INT add #4, sp - ; INT(7f) + ; INT (7f) unlock7f: push #0 push #0