j/msp430-repl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update shellcode.asm

Browse Source
This commit is contained in:
John 2024-07-31 11:59:45 -05:00
parent 822c7f3700
commit 5a1112db8f
1 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
sample-asm/shellcode.asm
View File

@ -1,13 +1,11 @@
; © 2023-2024 John Breaux ; © 2023-2024 John Breaux
; Comtains spoilers for Microcorruption Halifax! Be warned! ; Comtains spoilers for Microcorruption Halifax! Be warned!
; just hash the first 0x140 B and stick them in memory
const: const:
.define msize 0x1 ; length of each hash in bytes .define msize 0x1 ; length of each hash in bytes
.define hsize 0x3 ; bytes kept per hash (only needs to be 3 to determine 1 byte of sram) .define hsize 0x3 ; bytes kept per hash (only needs to be 3 to determine 1 byte of sram)
.define sr_len 0x140 ; number of bytes in sram to dump .define sr_len 0x140 ; number of bytes in sram to dump
.define ha_len 0x3c0 ; number of bytes in hash array (hsize * sr_len)
.define haddr 0x7000 ; address of the big hash array .define haddr 0x7000 ; address of the big hash array
.define iaddr 0x8000 ; address of the sram input buffer .define iaddr 0x8000 ; address of the sram input buffer
.define kaddr 0x9000 ; address of the key buffer .define kaddr 0x9000 ; address of the key buffer
@ -35,10 +33,10 @@ get_sram_hashes:
mov #haddr, r13 ; set destination to 0x8000 mov #haddr, r13 ; set destination to 0x8000
sr_loop: sr_loop:
mov r11, r15 ; mov addr r15 mov r11, r15 ; mov addr r15
call sha256_internal ; <sha256_internal> call sha256_internal ; sha256_internal (i, msize, haddr + i * hsize)
add #hsize, r13 ; keep 3 bytes of the output add #hsize, r13 ; keep 3 bytes of the output
inc r11 ; inc r11 inc r11 ; inc r11
cmp #sr_len, r11 ; do that 0x1000 times cmp #sr_len, r11 ; do that sram_len times
jnc sr_loop jnc sr_loop
print_hex: print_hex:
@ -53,21 +51,21 @@ print_hex:
clrc clrc
and #0xf, r14 and #0xf, r14
mov.b HEX_LUT(r15), r15 mov.b HEX_LUT(r15), r15
call putchar ; <putchar> call putchar ; putchar (HEX_LUT[haddr[i] >> 4])
mov.b HEX_LUT(r14), r15 mov.b HEX_LUT(r14), r15
call putchar ; <putchar> call putchar ; putchar (HEX_LUT[haddr[i] & 0xf])
inc r11 ; inc r11 inc r11
cmp #ha_len, r11 ; do that sram_length*3 times cmp #sr_len * hsize, r11 ; do that sram_length * hash_size times
jnc ph_loop jnc ph_loop
mov.b #0xa, r15 ; '\n' mov.b #'\n', r15 ; '\n'
call #0x4578 ; putchar ('\n') call putchar ; putchar ('\n')
take_input: take_input:
mov #sr_len, r14 mov #sr_len, r14
mov #iaddr, r15 mov #iaddr, r15
call getsn ; <getsn> call getsn ; getsn (iaddr, sr_len)
check_all_passwords: check_all_passwords:
;for i in 0..sr_len: ;for i in 0..sr_len: