Update shellcode.asm
This commit is contained in:
parent
822c7f3700
commit
5a1112db8f
@ -1,13 +1,11 @@
|
|||||||
; © 2023-2024 John Breaux
|
; © 2023-2024 John Breaux
|
||||||
; Comtains spoilers for Microcorruption Halifax! Be warned!
|
; Comtains spoilers for Microcorruption Halifax! Be warned!
|
||||||
; just hash the first 0x140 B and stick them in memory
|
|
||||||
|
|
||||||
|
|
||||||
const:
|
const:
|
||||||
.define msize 0x1 ; length of each hash in bytes
|
.define msize 0x1 ; length of each hash in bytes
|
||||||
.define hsize 0x3 ; bytes kept per hash (only needs to be 3 to determine 1 byte of sram)
|
.define hsize 0x3 ; bytes kept per hash (only needs to be 3 to determine 1 byte of sram)
|
||||||
.define sr_len 0x140 ; number of bytes in sram to dump
|
.define sr_len 0x140 ; number of bytes in sram to dump
|
||||||
.define ha_len 0x3c0 ; number of bytes in hash array (hsize * sr_len)
|
|
||||||
.define haddr 0x7000 ; address of the big hash array
|
.define haddr 0x7000 ; address of the big hash array
|
||||||
.define iaddr 0x8000 ; address of the sram input buffer
|
.define iaddr 0x8000 ; address of the sram input buffer
|
||||||
.define kaddr 0x9000 ; address of the key buffer
|
.define kaddr 0x9000 ; address of the key buffer
|
||||||
@ -24,7 +22,7 @@ external_func:
|
|||||||
.define puts #0x4586
|
.define puts #0x4586
|
||||||
; memcpy(void *dest, void *src, size_t len)
|
; memcpy(void *dest, void *src, size_t len)
|
||||||
.define memcpy #0x45a4
|
.define memcpy #0x45a4
|
||||||
; sha256_internal(void * sram_addr, size_t sr_len, void * sha_buf)
|
; sha256_internal(void *sram_addr, size_t sr_len, void * sha_buf)
|
||||||
.define sha256_internal #0x45b6
|
.define sha256_internal #0x45b6
|
||||||
; memset(void* buf, char value, size_t length)
|
; memset(void* buf, char value, size_t length)
|
||||||
.define memset #0x45c8
|
.define memset #0x45c8
|
||||||
@ -35,10 +33,10 @@ get_sram_hashes:
|
|||||||
mov #haddr, r13 ; set destination to 0x8000
|
mov #haddr, r13 ; set destination to 0x8000
|
||||||
sr_loop:
|
sr_loop:
|
||||||
mov r11, r15 ; mov addr r15
|
mov r11, r15 ; mov addr r15
|
||||||
call sha256_internal ; <sha256_internal>
|
call sha256_internal ; sha256_internal (i, msize, haddr + i * hsize)
|
||||||
add #hsize, r13 ; keep 3 bytes of the output
|
add #hsize, r13 ; keep 3 bytes of the output
|
||||||
inc r11 ; inc r11
|
inc r11 ; inc r11
|
||||||
cmp #sr_len, r11 ; do that 0x1000 times
|
cmp #sr_len, r11 ; do that sram_len times
|
||||||
jnc sr_loop
|
jnc sr_loop
|
||||||
|
|
||||||
print_hex:
|
print_hex:
|
||||||
@ -53,27 +51,27 @@ print_hex:
|
|||||||
clrc
|
clrc
|
||||||
and #0xf, r14
|
and #0xf, r14
|
||||||
mov.b HEX_LUT(r15), r15
|
mov.b HEX_LUT(r15), r15
|
||||||
call putchar ; <putchar>
|
call putchar ; putchar (HEX_LUT[haddr[i] >> 4])
|
||||||
mov.b HEX_LUT(r14), r15
|
mov.b HEX_LUT(r14), r15
|
||||||
call putchar ; <putchar>
|
call putchar ; putchar (HEX_LUT[haddr[i] & 0xf])
|
||||||
inc r11 ; inc r11
|
inc r11
|
||||||
cmp #ha_len, r11 ; do that sram_length*3 times
|
cmp #sr_len * hsize, r11 ; do that sram_length * hash_size times
|
||||||
jnc ph_loop
|
jnc ph_loop
|
||||||
|
|
||||||
mov.b #0xa, r15 ; '\n'
|
mov.b #'\n', r15 ; '\n'
|
||||||
call #0x4578 ; putchar ('\n')
|
call putchar ; putchar ('\n')
|
||||||
|
|
||||||
|
|
||||||
take_input:
|
take_input:
|
||||||
mov #sr_len, r14
|
mov #sr_len, r14
|
||||||
mov #iaddr, r15
|
mov #iaddr, r15
|
||||||
call getsn ; <getsn>
|
call getsn ; getsn (iaddr, sr_len)
|
||||||
|
|
||||||
check_all_passwords:
|
check_all_passwords:
|
||||||
;for i in 0..sr_len:
|
;for i in 0..sr_len:
|
||||||
clr r9
|
clr r9
|
||||||
pw_loop:
|
pw_loop:
|
||||||
; memcpy(kaddr, iaddr + i, len)
|
; memcpy (kaddr, iaddr + i, len)
|
||||||
mov #0x10, r13
|
mov #0x10, r13
|
||||||
mov #iaddr, r14
|
mov #iaddr, r14
|
||||||
add r9, r14
|
add r9, r14
|
||||||
@ -84,7 +82,7 @@ check_all_passwords:
|
|||||||
push #0x42
|
push #0x42
|
||||||
call INT
|
call INT
|
||||||
add #4, sp
|
add #4, sp
|
||||||
; INT(7f)
|
; INT (7f)
|
||||||
unlock7f:
|
unlock7f:
|
||||||
push #0
|
push #0
|
||||||
push #0
|
push #0
|
||||||
|
Loading…
Reference in New Issue
Block a user