Xornet-Euphoria/solve.py

## solve.py
from unicorn import Uc, UC_ARCH_ARM64, UC_MODE_ARM
from unicorn.arm64_const import UC_ARM64_REG_X0, UC_ARM64_REG_LR
from capstone import Cs, CS_ARCH_ARM64, CS_MODE_ARM

with open("./asm.txt") as f:
    f.readline()
    raw_codes = f.readlines()

raw_codes = raw_codes[:-1]

codes = [int(l.split(":   ")[1].split("        ")[0], 16).to_bytes(4,"little") for l in raw_codes]
data = b"".join(codes)

start = 0x10000

md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
for m in md.disasm(data, 0):
    print(hex(m.address), m.mnemonic, m.op_str)

emu = Uc(UC_ARCH_ARM64, UC_MODE_ARM)
emu.mem_map(start, 1024**2)
emu.mem_write(start, data)

# if lr is not set, the ret instruction (878) must be removed (in line #9)
# emu.reg_write(UC_ARM64_REG_LR, 0x20000)

emu.emu_start(start, start+len(data))

r0 = emu.reg_read(UC_ARM64_REG_X0)
print(r0)
	from unicorn import Uc, UC_ARCH_ARM64, UC_MODE_ARM
	from unicorn.arm64_const import UC_ARM64_REG_X0, UC_ARM64_REG_LR
	from capstone import Cs, CS_ARCH_ARM64, CS_MODE_ARM

	with open("./asm.txt") as f:
	f.readline()
	raw_codes = f.readlines()

	raw_codes = raw_codes[:-1]

	codes = [int(l.split(": ")[1].split(" ")[0], 16).to_bytes(4,"little") for l in raw_codes]
	data = b"".join(codes)

	start = 0x10000

	md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
	for m in md.disasm(data, 0):
	print(hex(m.address), m.mnemonic, m.op_str)

	emu = Uc(UC_ARCH_ARM64, UC_MODE_ARM)
	emu.mem_map(start, 1024**2)
	emu.mem_write(start, data)

	# if lr is not set, the ret instruction (878) must be removed (in line #9)
	# emu.reg_write(UC_ARM64_REG_LR, 0x20000)

	emu.emu_start(start, start+len(data))

	r0 = emu.reg_read(UC_ARM64_REG_X0)
	print(r0)
No results found