Last active
June 23, 2021 23:26
-
-
Save AmunRha/ffa44fd3a1337675cde9153453fccccc to your computer and use it in GitHub Desktop.
Disassembler for a simple VM crackme challenge written in C and rust and python, cause why not?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const bytecode: [i16; 85] = [ 0x14, 0x00, 0x01, 0x0F, 0x04, 0x15, 0x0F, 0x0E, 0x53, 0x14, | |
| 0x01, 0x14, 0x02, 0x14, 0x03, 0x14, 0x04, 0x01, 0x08, 0x13, | |
| 0x01, 0x09, 0x37, 0x01, 0x0A, 0x01, 0x01, 0x0B, 0xF0, 0x01, | |
| 0x0C, 0x0F, 0x01, 0x0D, 0x90, 0x01, 0x07, 0xAD, 0x15, 0x27, | |
| 0x0E, 0x2C, 0x03, 0xEA, 0x07, 0x19, 0x01, 0x07, 0xE9, 0x15, | |
| 0x17, 0x0E, 0x37, 0x03, 0xEA, 0x07, 0x48, 0x07, 0x49, 0x01, | |
| 0x07, 0xCB, 0x15, 0x47, 0x0E, 0x44, 0x03, 0xEA, 0x07, 0x3D, | |
| 0x07, 0x3C, 0x07, 0x39, 0x01, 0x07, 0x16, 0x15, 0x37, 0x0E, | |
| 0x53, 0x03, 0xEA, 0x16, 0x0E ]; | |
| struct VmStruct { | |
| reg: [i8; 15], | |
| r0: i8, | |
| r1: i8, | |
| r2: i8, | |
| stack: [i8; 258], | |
| stk_ptr: i32, | |
| pc: usize, | |
| } | |
| fn main() { | |
| let mut vm: VmStruct = VmStruct { reg: [0; 15], r0: 0, r1: 0, r2: 0, stack: [0; 258], stk_ptr: 0, pc: 0}; | |
| while vm.pc < 85 { | |
| let opcode = bytecode[vm.pc]; | |
| let reg_d = bytecode[vm.pc + 1]; | |
| let ureg = reg_d >> 4; | |
| let lreg = reg_d & 0xf; | |
| print!("[{:>2}]:[{:>2}] ", vm.pc, bytecode[vm.pc]); | |
| match opcode { | |
| 1 => { | |
| print!("mov reg{} 0x{}", reg_d, bytecode[vm.pc + 2]); | |
| vm.pc+=1; | |
| } | |
| 2 => print!("mov reg{} reg{}", ureg, lreg), | |
| 3 => print!("add reg{} reg{}", ureg, lreg), | |
| 4 => print!("sub reg{} reg{}", ureg, lreg), | |
| 7 => print!("xor reg{} reg{}", ureg, lreg), | |
| 8 => print!("or reg{} reg{}", ureg, lreg), | |
| 10 => print!("mov reg{}, reg{} == 0", ureg, lreg), | |
| 12 => print!("shr reg{} reg{}", ureg, lreg), | |
| 14 => print!("if r0:{} == 0\n\tmov pc {}-2:{}\n\tcontinue\n", vm.r0, reg_d, reg_d-2), | |
| 15 => print!("if r1:{} != 0\n\tmov pc {}-2:{}\n\tcontinue\n", vm.r1, reg_d, reg_d-2), | |
| 20 => print!("pop reg{}", reg_d), | |
| 21 => { | |
| print!("if reg{} == reg{}\n\tr0 = 1\n", ureg, lreg); | |
| print!("\telse if reg{} - reg{} < 0\n\tr2 = 1\n", ureg, lreg); | |
| print!("\telse if reg{} - reg{} > 0\n\tr1 = 1\n", ureg, lreg); | |
| }, | |
| 22 => print!("ret reg{}", reg_d), | |
| _ => print!("[!] Unknown opcode: {}", opcode), | |
| } | |
| vm.pc += 2; | |
| println!(""); | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<stdio.h> | |
| #include<stdint.h> | |
| #include<string.h> | |
| uint8_t bytecode[] = | |
| { | |
| 0x14, 0x00, 0x01, 0x0F, 0x04, 0x15, 0x0F, 0x0E, 0x53, 0x14, | |
| 0x01, 0x14, 0x02, 0x14, 0x03, 0x14, 0x04, 0x01, 0x08, 0x13, | |
| 0x01, 0x09, 0x37, 0x01, 0x0A, 0x01, 0x01, 0x0B, 0xF0, 0x01, | |
| 0x0C, 0x0F, 0x01, 0x0D, 0x90, 0x01, 0x07, 0xAD, 0x15, 0x27, | |
| 0x0E, 0x2C, 0x03, 0xEA, 0x07, 0x19, 0x01, 0x07, 0xE9, 0x15, | |
| 0x17, 0x0E, 0x37, 0x03, 0xEA, 0x07, 0x48, 0x07, 0x49, 0x01, | |
| 0x07, 0xCB, 0x15, 0x47, 0x0E, 0x44, 0x03, 0xEA, 0x07, 0x3D, | |
| 0x07, 0x3C, 0x07, 0x39, 0x01, 0x07, 0x16, 0x15, 0x37, 0x0E, | |
| 0x53, 0x03, 0xEA, 0x16, 0x0E | |
| }; | |
| uint64_t pass = 0xdeadbeef; | |
| typedef struct vm{ | |
| uint8_t reg[15]; | |
| uint8_t r0; | |
| uint8_t r1; | |
| uint8_t r2; | |
| uint8_t stack[258]; | |
| uint32_t stk_ptr; | |
| uint64_t pc; | |
| } vm_struct; | |
| vm_struct vm; | |
| void init_vm(){ | |
| memset(vm.reg, 0, 15); | |
| memset(vm.stack, 0, 258); | |
| vm.r0 = vm.r1 = vm.r2 = vm.pc = vm.stk_ptr = 0; | |
| } | |
| int main(){ | |
| init_vm(); | |
| int opcode; | |
| uint8_t reg_d, lreg, ureg; | |
| while (vm.pc < 85){ | |
| opcode = bytecode[vm.pc]; | |
| reg_d = bytecode[vm.pc + 1]; | |
| ureg = reg_d >> 4; | |
| lreg = reg_d & 0xf; | |
| printf("[%2d]:[%2d] ", vm.pc, bytecode[vm.pc]); | |
| switch (opcode) | |
| { | |
| case 1: | |
| printf("mov reg%d %x", reg_d, bytecode[vm.pc + 2]); | |
| ++vm.pc; | |
| break; | |
| case 2: | |
| printf("mov reg%d reg%d", ureg, lreg); | |
| break; | |
| case 3: | |
| printf("add reg%d reg%d", ureg, lreg); | |
| break; | |
| case 4: | |
| printf("sub reg%d reg%d", ureg, lreg); | |
| break; | |
| case 7: | |
| printf("xor reg%d reg%d", ureg, lreg); | |
| break; | |
| case 8: | |
| printf("or reg%d reg%d", ureg, lreg); | |
| break; | |
| case 10: | |
| printf("mov reg%d, reg%d == 0", ureg, lreg); | |
| break; | |
| case 12: | |
| printf("shr reg%d reg%d", ureg, lreg); | |
| break; | |
| case 14: | |
| printf("if r0:%d == 0\n\tmov pc %d-2:%d\n\tcontinue\n", vm.r0, reg_d, reg_d-2); | |
| break; | |
| case 15: | |
| printf("if r1:%d != 0\n\tmov pc %d-2:%d\n\tcontinue\n", vm.r1, reg_d, reg_d-2); | |
| break; | |
| case 20: | |
| printf("pop reg%d", reg_d); | |
| break; | |
| case 21: | |
| printf("if reg%d == reg%d\n\tr0 = 1\n", ureg, lreg); | |
| printf("\telse if reg%d - reg%d < 0\n\tr2 = 1\n", ureg, lreg); | |
| printf("\telse if reg%d - reg%d > 0\n\tr1 = 1\n", ureg, lreg); | |
| break; | |
| case 22: | |
| printf("ret reg%d", reg_d); | |
| break; | |
| default: | |
| printf("[!] Unkown opcode: %d", opcode); | |
| break; | |
| } | |
| vm.pc += 2; | |
| puts(""); | |
| } | |
| return 0; | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bytecode = [0x14, 0x00, 0x01, 0x0F, 0x04, 0x15, 0x0F, 0x0E, 0x53, 0x14, 0x01, 0x14, 0x02, 0x14, 0x03, 0x14, 0x04, 0x01, 0x08, 0x13, 0x01, 0x09, 0x37, 0x01, 0x0A, 0x01, 0x01, 0x0B, 0xF0, 0x01, 0x0C, 0x0F, 0x01, 0x0D, 0x90, 0x01, 0x07, 0xAD, 0x15, 0x27, 0x0E, 0x2C, 0x03, 0xEA, 0x07, 0x19, 0x01, 0x07, 0xE9, 0x15, 0x17, 0x0E, 0x37, 0x03, 0xEA, 0x07, 0x48, 0x07, 0x49, 0x01, 0x07, 0xCB, 0x15, 0x47, 0x0E, 0x44, 0x03, 0xEA, 0x07, 0x3D, 0x07, 0x3C, 0x07, 0x39, 0x01, 0x07, 0x16, 0x15, 0x37, 0x0E, 0x53, 0x03, 0xEA, 0x16, 0x0E] | |
| pc = 0 | |
| r0 = 0 | |
| r1 = 0 | |
| while pc < 85: | |
| opcode = bytecode[pc] | |
| reg_d = bytecode[pc + 1] | |
| ureg = reg_d >> 4 | |
| lreg = reg_d & 0xf | |
| print(f"[{pc:>2}]:[{bytecode[pc]:>2}] ", end='') | |
| if opcode == 1: | |
| print(f"mov reg{reg_d} {hex(bytecode[pc + 2])}", end='') | |
| pc+=1 | |
| elif opcode == 2: | |
| print(f"mov reg{ureg} reg{lreg}", end='') | |
| elif opcode == 3: | |
| print(f"add reg{ureg} reg{lreg}", end='') | |
| elif opcode == 4: | |
| print(f"sub reg{ureg} reg{lreg}", end='') | |
| elif opcode == 7: | |
| print(f"xor reg{ureg} reg{lreg}", end='') | |
| elif opcode == 8: | |
| print(f"or reg{ureg} reg{lreg}", end='') | |
| elif opcode == 10: | |
| print(f"mov reg{ureg}, reg{lreg} == 0", end='') | |
| elif opcode == 12: | |
| print(f"shr reg{ureg} reg{lreg}", end='') | |
| elif opcode == 14: | |
| print(f"if r0:{r0} == 0\n\tmov pc {reg_d}-2:{reg_d-2}\n\tcontinue\n", end='') | |
| elif opcode == 15: | |
| print(f"if r1:{r1} != 0\n\tmov pc {reg_d}-2:{reg_d-2}\n\tcontinue\n", end='') | |
| elif opcode == 20: | |
| print(f"pop reg{reg_d}", end='') | |
| elif opcode == 21: | |
| print(f"if reg{ureg} == reg{lreg}\n\tr0 = 1\n", end='') | |
| print(f"\telse if reg{ureg} - reg{lreg} < 0\n\tr2 = 1\n", end='') | |
| print(f"\telse if reg{ureg} - reg{lreg} > 0\n\tr1 = 1\n", end='') | |
| elif opcode == 22: | |
| print(f"ret reg{reg_d}", end='') | |
| else: | |
| print(f"[!] Unknown opcode: {opcode}", end='') | |
| pc += 2 | |
| print("") | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ 0]:[20] pop reg0 | |
| [ 2]:[ 1] mov reg15 4 | |
| [ 5]:[21] if reg0 == reg15 | |
| r0 = 1 | |
| else if reg0 - reg15 < 0 | |
| r2 = 1 | |
| else if reg0 - reg15 > 0 | |
| r1 = 1 | |
| [ 7]:[14] if r0:0 == 0 | |
| mov pc 83-2:81 | |
| continue | |
| [ 9]:[20] pop reg1 | |
| [11]:[20] pop reg2 | |
| [13]:[20] pop reg3 | |
| [15]:[20] pop reg4 | |
| [17]:[ 1] mov reg8 13 | |
| [20]:[ 1] mov reg9 37 | |
| [23]:[ 1] mov reg10 1 | |
| [26]:[ 1] mov reg11 f0 | |
| [29]:[ 1] mov reg12 f | |
| [32]:[ 1] mov reg13 90 | |
| [35]:[ 1] mov reg7 ad | |
| [38]:[21] if reg2 == reg7 | |
| r0 = 1 | |
| else if reg2 - reg7 < 0 | |
| r2 = 1 | |
| else if reg2 - reg7 > 0 | |
| r1 = 1 | |
| [40]:[14] if r0:0 == 0 | |
| mov pc 44-2:42 | |
| continue | |
| [42]:[ 3] add reg14 reg10 | |
| [44]:[ 7] xor reg1 reg9 | |
| [46]:[ 1] mov reg7 e9 | |
| [49]:[21] if reg1 == reg7 | |
| r0 = 1 | |
| else if reg1 - reg7 < 0 | |
| r2 = 1 | |
| else if reg1 - reg7 > 0 | |
| r1 = 1 | |
| [51]:[14] if r0:0 == 0 | |
| mov pc 55-2:53 | |
| continue | |
| [53]:[ 3] add reg14 reg10 | |
| [55]:[ 7] xor reg4 reg8 | |
| [57]:[ 7] xor reg4 reg9 | |
| [59]:[ 1] mov reg7 cb | |
| [62]:[21] if reg4 == reg7 | |
| r0 = 1 | |
| else if reg4 - reg7 < 0 | |
| r2 = 1 | |
| else if reg4 - reg7 > 0 | |
| r1 = 1 | |
| [64]:[14] if r0:0 == 0 | |
| mov pc 68-2:66 | |
| continue | |
| [66]:[ 3] add reg14 reg10 | |
| [68]:[ 7] xor reg3 reg13 | |
| [70]:[ 7] xor reg3 reg12 | |
| [72]:[ 7] xor reg3 reg9 | |
| [74]:[ 1] mov reg7 16 | |
| [77]:[21] if reg3 == reg7 | |
| r0 = 1 | |
| else if reg3 - reg7 < 0 | |
| r2 = 1 | |
| else if reg3 - reg7 > 0 | |
| r1 = 1 | |
| [79]:[14] if r0:0 == 0 | |
| mov pc 83-2:81 | |
| continue | |
| [81]:[ 3] add reg14 reg10 | |
| [83]:[22] ret reg14 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment