Skip to content

Instantly share code, notes, and snippets.

@AmunRha

AmunRha/_hell86_disasm.c

Last active October 24, 2022 17:44
Show Gist options
  • Save AmunRha/2396f09357bb5ef102af9ad48fb58cb7 to your computer and use it in GitHub Desktop.
Save AmunRha/2396f09357bb5ef102af9ad48fb58cb7 to your computer and use it in GitHub Desktop.
Download ZIP
Disassembler for hell86 crackme by ttlhacker
Raw
_hell86_disasm.c
#include<stdio.h>
#include<stdint.h>
#include<stdlib.h>
#include<string.h>
uint8_t bytecode[] =
{
0x0F, 0x0B, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x08, 0x09, 0x00, 0x0F, 0x0B, 0xE4, 0xA1, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x0A, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0A, 0x0F, 0x00, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x0F, 0x0F, 0x00, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x14, 0x00, 0x0A, 0x08, 0x0F, 0x0B, 0xDA, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x0D, 0x0D, 0x00, 0x0F, 0x0B, 0xCE, 0xA3, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x27, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0xCD, 0xB0, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0xDA, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0xF8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x14, 0x00, 0x0A, 0x0D, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x10, 0x08, 0x0A, 0x00, 0x0F, 0x0B, 0xCD, 0xB0, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0C, 0x0D, 0x00, 0x0F, 0x0B, 0x2E, 0xA8, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0xCE, 0xA3, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x27, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x10, 0x08, 0x0A, 0x00, 0x0F, 0x0B, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x09, 0x08, 0x00, 0x0F, 0x0B, 0x7D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0xCE, 0xA3, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x27, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0xF8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x10, 0x09, 0x0A, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x08, 0x09, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x06, 0xA4, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0xCE, 0xA3, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x26, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x08, 0x0D, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0xFE, 0xA5, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0xC0, 0xC8, 0x35, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0xDC, 0xA3, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0F, 0x0A, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x0A, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2E, 0x08, 0x09, 0x00, 0x0F, 0x0B, 0x98, 0xC8, 0x35, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x01, 0x0D, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x01, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x09, 0x08, 0x00, 0x0F, 0x0B, 0xA0, 0xB0, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0xC8, 0xA8, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x00, 0x00, 0x0F, 0x0B, 0xC6, 0xA5, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x26, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0xA0, 0xB0, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x02, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x0D, 0x0D, 0x02, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x01, 0x0D, 0x0F, 0x0B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x01, 0x01, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x08, 0x08, 0x00, 0x0F, 0x0B, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0xA0, 0xA4, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x27, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0xC0, 0xC8, 0x35, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x24, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2E, 0x0C, 0x09, 0x00, 0x0F, 0x0B, 0xA0, 0xAF, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0x2E, 0xA8, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B, 0x00, 0x00, 0x09, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x01, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x08, 0x08, 0x00, 0x0F, 0x0B, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x40, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x02, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x02, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x08, 0x08, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x0D, 0x0D, 0x00, 0x0F, 0x0B, 0xE8, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x0C, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x01, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B, 0x00, 0x00, 0x01, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x19, 0x0D, 0x0D, 0x00, 0x0F, 0x0B, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x0C, 0x0C, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x08, 0x08, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x4A, 0xA8, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x27, 0x00, 0x0C, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0D, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0x2A, 0xA9, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x21, 0x00, 0x00, 0x09, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x0D, 0x0D, 0x00, 0x0F, 0x0B, 0xD6, 0xA8, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00
};
#define LEN_BYTECODE 1973
#define CHECK 0x1010101
#define BBL_BASE_OFF 0x190
#define BYTECODE_BASE_ADDR 0x5591cf150000
#define LIBC_MALLOC 0x5591cf35c898
#define LIBC_FREE 0x5591cf35c8c0
#define FLAG_FORMAT_ADDR 0x5591cf15b0cd
#define ASCII_BYTES_ADDR 0x5591cf15b0a0
#define OFFSET_CHK 0x5591cf15afa0
#define STACK_START 0
#define STK_SZ 20
typedef struct vm_struct{
uint64_t reg0;
uint8_t opcode;
uint8_t reg1;
uint8_t reg2;
uint8_t reg3;
} vm_struct;
typedef struct bcode_struct
{
uint64_t mem[15];
uint64_t res;
uint64_t vm_bbl;
} bcode_struct;
typedef struct data_struct
{
uint64_t unknown[5];
struct bcode_struct bcode;
} data_struct;
vm_struct vm;
bcode_struct bcode;
char inp[] = "FLAG{x86-1s-s0-fund4m3nt4lly-br0k3n}";
char ascii_bytes[] = "abdfgehikmanoqrstucvwlxyz-01h23p456u78j9-_.+";
uint64_t offset_chk[] = {
0x16C8, 0x0FFFFFFFFFFFF8BA1, 0x0FFFFFFFFFFFFE0C0, 0x3600, 0x0FFFFFFFFFFFFE535, 0x16C8, 0x0FFFFFFFFFFFF8BA1, 0x5F45, 0x0FFFFFFFFFFFFD668, 0x0FFFFFFFFFFFFFFF8, 0x5F45, 0x0FFFFFFFFFFFFCA00, 0x0FFFFFFFFFFFFBB58, 0x0AB8, 0x0FFFFFFFFFFFFBB58, 0x4CE3, 0x0FFFFFFFFFFFF8000, 0x2D9, 0x4CE3, 0x0FFFFFFFFFFFFFFFF, 0x2D9, 0x3E8, 0x7D, 0x0FFFFFFFFFFFFE938, 0x200, 0x200, 0x0FFFFFFFFFFFFE535, 0x1F40, 0x0FFFFFFFFFFFFE0C0, 0x0};
char flag_fmt[] = "FLAG{";
uint64_t mheap[31]={0};
uint64_t *inp_ptr = (uint64_t *)&inp;
uint64_t stack[STK_SZ] = {0};
int stack_ctr=0, k=(STK_SZ/2)+3;
char disasm_ins[][42] = {
"add mem[0x%lx], mem[0x%lx] + mem[0x%lx]",
"sub mem[0x%lx], mem[0x%lx] - mem[0x%lx]",
"mul mem[0x%lx], mem[0x%lx] * mem[0x%lx]",
"mov mem[0x%lx], -mem[0x%lx]",
"mov mem[0x%lx], 0x%lx",
"mov mem[0x%lx], _BYTE[mem[0x%lx]+0x%lx]",
"mov mem[0x%lx], _QWORD[mem[0x%lx]+0x%lx]",
"mov _QWORD[mem[0x%lx]+0x%lx], mem[0x%lx]",
"push mem[0x%lx]",
"pop mem[0x%lx]",
"mov mem[0x%lx], mem[0x%lx]",
"or mem[0x%lx], mem[0x%lx] | mem[0x%lx]",
"xor mem[0x%lx], mem[0x%lx] ^ mem[0x%lx]",
"mov mem[0x%lx], mem[0x%lx] == mem[0x%lx]",
"mov mem[0x%lx], mem[0x%lx] != 0x%lx",
"cmp mem[0x%lx], 0\njz 0x%lx",
"cmp mem[0x%lx], 0\njnz 0x%lx",
"call 0x%lx",
"ret",
"ret if mem[0x%lx] != 0",
"ret if mem[0x%lx] == 0",
"mov mem[0x%lx], mem[0x%lx] + 0x%lx",
"mov mem[0x%lx], mem[0x%lx] << 0x%lx"};
void init_vm_struct(uint8_t *bytecode){
memcpy(&vm, bytecode, sizeof(vm));
}
void init_bcode_struct(int malloc_flag){
if(malloc_flag == 0){
bcode.res = (uint64_t)&stack[k];
bcode.mem[9] = bcode.mem[10] = (uint64_t)&inp_ptr - 8;
bcode.mem[8] = 2;
}
else if(malloc_flag == 1){
bcode.mem[0] = bcode.mem[8] = bcode.mem[13] = (uint64_t)&mheap[0];
}
else if(malloc_flag == 2){
bcode.mem[0] = (uint64_t)&mheap[0];
}
}
void init_stack(int f){
if(f == 0)
stack[k] = CHECK;
stack_ctr = ((uint64_t)bcode.res - (int64_t)&stack[STACK_START])/sizeof(uint64_t);
k = stack_ctr;
}
void print_reg(){
printf("--------- REG VALS ---------\n");
printf("[*] reg0 - 0x%lx", vm.reg0);
printf("\n[*] reg1 - 0x%lx", vm.reg1);
printf("\n[*] reg2 - 0x%lx", vm.reg2);
printf("\n[*] reg3 - 0x%lx\n", vm.reg3);
}
void print_bcode(){
printf("--------- BCODE STRUCT ---------\n");
printf("mem {\n");
for(int i=0;i<15;i++){
printf("[0x%x] - 0x%lx\n", i, bcode.mem[i]);
}
printf("}\n");
printf("res - 0x%lx (stack[0x%x])\n", bcode.res, stack_ctr);
printf("vm_bbl - 0x%lx\n", bcode.vm_bbl);
}
void print_stack(){
printf("--------- STACK ---------\n");
printf("stack { ");
for(int i=0;i<k;++i){
stack[i] = 0;
}
for(int i=0;i<STK_SZ;++i){
printf("0x%lx, ", stack[i]);
}
printf("}\n");
}
void print_heap(){
printf("--------- HEAP ---------\n");
printf("heap { ");
for(int i=0;i<30;i++){
printf("0x%lx, ", mheap[i]);
}
printf("}\n");
}
void print_metadata(){
printf("---------- META DATA -----------\n");
printf("[+] Addr of inp: 0x%lx\n", &inp);
printf("[+] Addr of ptr to inp: 0x%lx\n", &inp_ptr);
printf("[+] Addr of stack: 0x%lx\n", &stack[STACK_START]);
printf("[+] Addr of heap: 0x%lx\n", &mheap[0]);
printf("[+] Addr of offset check: 0x%lx\n", &offset_chk[0]);
printf("[+] Addr of ascii chars: 0x%lx\n", &ascii_bytes[0]);
printf("---------------------------------\n\n");
}
void check(uint64_t res){
if(res == 1){
printf("\n-------------------------");
printf("\n[!] WRONG!\n");
printf("-------------------------\n");
exit(0);
}
else if(res == 0){
printf("\n-------------------------");
printf("\n[+] OK!\n");
printf("-------------------------\n");
exit(0);
}
}
int main(){
print_metadata();
int i=0, flag=0, ctr=-1, malloc_flag=0;
init_bcode_struct(malloc_flag);
init_stack(0);
while(i<LEN_BYTECODE)
{
ctr++;
if(flag != 1){
bcode.vm_bbl = i;
}
flag = 0;
if(malloc_flag != 0){
init_bcode_struct(malloc_flag);
malloc_flag = 0;
}
init_vm_struct(&bytecode[i+2]);
// printf("\n[0x%x] [%d] OPCODE - 0x%lx ---------\n",i, ctr, vm.// opcode);
// print_reg();
init_stack(1);
// print_bcode();
// print_stack();
// print_heap();
// printf("--------------------------------------\n");
switch (vm.opcode)
{
case 0x1 :
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] + bcode.mem[vm.reg3];
printf(disasm_ins[0], vm.reg1, vm.reg2, vm.reg3);
break;
case 0x2 :
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] - bcode.mem[vm.reg3];
printf(disasm_ins[1], vm.reg1, vm.reg2, vm.reg3);
break;
case 0x3 :
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] * bcode.mem[vm.reg3];
printf(disasm_ins[2], vm.reg1, vm.reg2, vm.reg3);
break;
case 0x8 :
bcode.mem[vm.reg1] = -bcode.mem[vm.reg2];
printf(disasm_ins[3], vm.reg1, vm.reg2);
break;
case 0x9 :
if(vm.reg0 == FLAG_FORMAT_ADDR){
vm.reg0 = (uint64_t)&flag_fmt[0];
bcode.mem[vm.reg1] = vm.reg0;
}
else if(vm.reg0 == ASCII_BYTES_ADDR){
vm.reg0 = (uint64_t)&ascii_bytes[0];
bcode.mem[vm.reg1] = vm.reg0;
}
else if(vm.reg0 == OFFSET_CHK){
vm.reg0 = (uint64_t)&offset_chk[0];
bcode.mem[vm.reg1] = vm.reg0;
}
else if(vm.reg0 >= BYTECODE_BASE_ADDR){
i = (int)(vm.reg0 & 0xfff) - (int)BBL_BASE_OFF;
bcode.mem[vm.reg1] = i;
flag = 1;
}
else{
bcode.mem[vm.reg1] = vm.reg0;
}
printf(disasm_ins[4], vm.reg1, vm.reg0);
break;
case 0xa :
bcode.mem[vm.reg1] = *(uint8_t *)(bcode.mem[vm.reg2] + vm.reg0);
printf(disasm_ins[5], vm.reg1, vm.reg2, vm.reg0);
break;
case 0x10:
bcode.mem[vm.reg1] = *(uint64_t *)(bcode.mem[vm.reg2] + vm.reg0);
printf(disasm_ins[6], vm.reg1, vm.reg2, vm.reg0);
break;
case 0x14:
*(uint64_t *)(bcode.mem[vm.reg2] + vm.reg0) = bcode.mem[vm.reg3];
printf(disasm_ins[7], vm.reg2, vm.reg0, vm.reg3);
break;
case 0x15:
stack[--k] = bcode.mem[vm.reg2];
bcode.res = (uint64_t)&stack[k];
printf(disasm_ins[8], vm.reg2);
break;
case 0x17:
bcode.mem[vm.reg1] = *(uint64_t *)(bcode.res);
bcode.res = (uint64_t)&stack[++k];
printf(disasm_ins[9], vm.reg1);
break;
case 0x18:
if(vm.reg2 == 0xa && vm.reg1 == 0xf){
bcode.mem[vm.reg2] = bcode.res + 0x10;
}
bcode.mem[vm.reg1] = bcode.mem[vm.reg2];
printf(disasm_ins[10], vm.reg1, vm.reg2);
break;
case 0x19:
bcode.mem[vm.reg1] = bcode.mem[vm.reg3] | bcode.mem[vm.reg2];
printf(disasm_ins[11], vm.reg1, vm.reg3, vm.reg2);
break;
case 0x1b:
bcode.mem[vm.reg1] = bcode.mem[vm.reg3] ^ bcode.mem[vm.reg2];
printf(disasm_ins[12], vm.reg1, vm.reg3, vm.reg2);
break;
case 0x21:
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] == bcode.mem[vm.reg3];
printf(disasm_ins[13], vm.reg1, vm.reg2, vm.reg3);
break;
case 0x24:
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] != vm.reg0;
printf(disasm_ins[14], vm.reg1, vm.reg2, vm.reg0);
break;
case 0x26:
if(bcode.mem[vm.reg2] == 0){
i = (int)(vm.reg0 & 0xfff) - (int)BBL_BASE_OFF;
bcode.vm_bbl = i;
flag = 1;
}
printf(disasm_ins[15], vm.reg2, vm.reg0);
break;
case 0x27:
if(bcode.mem[vm.reg2] != 0){
i = (int)(vm.reg0 & 0xfff) - (int)BBL_BASE_OFF;
bcode.vm_bbl = i;
flag = 1;
}
printf(disasm_ins[16], vm.reg2, vm.reg0);
break;
case 0x28:
if(vm.reg0 == LIBC_MALLOC){
printf("malloc(0x%lx)", bcode.mem[0x8]);
malloc_flag = 1;
break;
}
else if(vm.reg0 == LIBC_FREE){
printf("free(0x%lx)", bcode.mem[0x8]);
malloc_flag = 2;
break;
}
else{
stack[--k] = i+14;
bcode.res = (uint64_t)&stack[k];
i = (int)(vm.reg0 & 0xfff) - (int)BBL_BASE_OFF;
bcode.vm_bbl = i;
flag = 1;
}
printf(disasm_ins[17], vm.reg0);
break;
case 0x29:
if(stack[k] == CHECK){
printf("ret\n");
uint64_t res = bcode.mem[0xd];
check(res);
}
i = stack[k];
bcode.vm_bbl = i;
bcode.res = (uint64_t)&stack[++k];
flag = 1;
printf(disasm_ins[18]);
break;
case 0x2a:
if(bcode.mem[vm.reg2] != 0){
i = stack[k];
bcode.vm_bbl = i;
bcode.res = (uint64_t)&stack[++k];
flag = 1;
}
printf(disasm_ins[19], vm.reg2);
break;
case 0x2b:
if(bcode.mem[vm.reg2] == 0){
i = stack[k];
bcode.vm_bbl = i;
bcode.res = (uint64_t)&stack[++k];
flag = 1;
}
printf(disasm_ins[20], vm.reg2);
break;
case 0x2c:
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] + vm.reg0;
printf(disasm_ins[21], vm.reg1, vm.reg2, vm.reg0);
break;
case 0x2e:
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] << vm.reg0;
printf(disasm_ins[22], vm.reg1, vm.reg2, vm.reg0);
break;
default:
printf("[!] UNKNOWN OPCODE: 0x%x\n", vm.opcode);
break;
}
puts("");
if(flag != 1)
i+=14;
}
return 0;
}
Raw
hell86_decrypt.c
#include<stdio.h>
#include<stdint.h>
int64_t enc[] = {0x16C8, 0x0FFFFFFFFFFFF8BA1, 0x0FFFFFFFFFFFFE0C0, 0x3600, 0x0FFFFFFFFFFFFE535, 0x16C8, 0x0FFFFFFFFFFFF8BA1, 0x5F45, 0x0FFFFFFFFFFFFD668, 0x0FFFFFFFFFFFFFFF8, 0x5F45, 0x0FFFFFFFFFFFFCA00, 0x0FFFFFFFFFFFFBB58, 0x0AB8, 0x0FFFFFFFFFFFFBB58, 0x4CE3, 0x0FFFFFFFFFFFF8000, 0x2D9, 0x4CE3, 0x0FFFFFFFFFFFFFFFF, 0x2D9, 0x3E8, 0x7D, 0x0FFFFFFFFFFFFE938, 0x200, 0x200, 0x0FFFFFFFFFFFFE535, 0x1F40, 0x0FFFFFFFFFFFFE0C0, 0x0};
int64_t loff[30] = {0};
int64_t lenc[30] = {0};
char inp[] = "x86defghijklmnopqrstuvwxyz01234";
char ascii[] = "abdfgehikmanoqrstucvwlxyz-01h23p456u78j9-_.+";
void encrypt(){
int k = 0x1e;
for(int i=0;i<30;i++){
int a = (loff[i+1] - loff[i]) ^ --k;
a = a * a * a;
lenc[i] = a;
}
}
void find_off(char *inp){
loff[29] = 0x1e;
for(int i=0;i<30;i++)
for(int j=0;j<44;j++)
if(inp[i] == ascii[j]){
loff[i] = j;
break;
}
}
int main(){
int k = 1;
printf("FLAG{x");
for(int i=0;i<44;i++){
if(k == 30)
break;
inp[k] = ascii[i];
find_off(inp);
encrypt(loff);
if(lenc[k-1] == enc[k-1]){
k+=1;
printf("%c", ascii[i]);
i=0;
}
}
printf("}\n");
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment