/im stupid Secret

## im stupid
#!/usr/bin/python
import unicorn
from binascii import hexlify, unhexlify
from hexdump import hexdump
import struct

def emulate(msg, key, msg_len, rot):
    code_base = 0x100
    stack_base = 0x2000
    seedkey_addr = 0x3000
    buffer_addr = 0x3144
    five_mb = 5*1024*1024

    emu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32 + unicorn.UC_MODE_LITTLE_ENDIAN)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_EAX, buffer_addr)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_EBX, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_ECX, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_EDX, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_ESP, stack_base+4)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_EBP, stack_base)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_ESI, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_EDI, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_EIP, code_base)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_EFLAGS, 0x0)
    emu.mem_map(0x0, five_mb)

    data = open('./crypt.raw', 'r').read()
    emu.mem_write(code_base, data)

    # set the arguments on the stack
    emu.mem_write(stack_base + 0x8, bytes(msg))
    readback = emu.mem_read(stack_base + 0x8, msg_len)
    print(hexlify(msg))
    print(hexlify(readback))

    emu.mem_write(stack_base + 0x8 + msg_len, key)
    readback = emu.mem_read(stack_base + 0x8 + msg_len, 16)
    print(hexlify(key))
    print(hexlify(readback))

    emu.mem_write(stack_base + 0x8 + msg_len + 0x10, struct.pack("I", msg_len))
    readback = emu.mem_read(stack_base + 0x8 + msg_len + 0x10, 1)
    print(hex(msg_len))
    print(hexlify(readback))

    emu.mem_write(stack_base + 0x8 + msg_len + 0x14, struct.pack("I", rot))
    readback = emu.mem_read(stack_base + 0x8 + msg_len + 0x14, 1)
    print(hex(rot))
    print(hexlify(readback))

    readback = emu.mem_read(stack_base + 0x8, msg_len + 16 + 1 + 1)
    print(hexlify(readback))


    # run that shit
    try:
        emu.emu_start(code_base, code_base+0xca)
    except Exception as e:
        emu.emu_stop()
        print('Error: {}'.format(e))

    return emu

def emu_and_dumpmem():
    msg = '6cd022c2da6dc500105a9274cab92177177527d683fad205fb002071d7931f67170a90080f92'
    key = 'C28222B7B746D25A8F180FFCFADCFF11'
    #for i in range(256):
    i = 0
    emu = emulate(unhexlify(msg), unhexlify(key), len(msg) / 2, i)
    # dump the result buffer
    mem = emu.mem_read(0x3144, 16)
    val1,val2,val3,val4 = struct.unpack('4I', mem)
    print ("%08X %08X %08X %08X" % (val1,val2,val3,val4))

emu_and_dumpmem()
	#!/usr/bin/python
	import unicorn
	from binascii import hexlify, unhexlify
	from hexdump import hexdump
	import struct

	def emulate(msg, key, msg_len, rot):
	code_base = 0x100
	stack_base = 0x2000
	seedkey_addr = 0x3000
	buffer_addr = 0x3144
	five_mb = 510241024

	emu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32 + unicorn.UC_MODE_LITTLE_ENDIAN)
	emu.reg_write(unicorn.x86_const.UC_X86_REG_EAX, buffer_addr)
	emu.reg_write(unicorn.x86_const.UC_X86_REG_EBX, 0x0)
	emu.reg_write(unicorn.x86_const.UC_X86_REG_ECX, 0x0)
	emu.reg_write(unicorn.x86_const.UC_X86_REG_EDX, 0x0)
	emu.reg_write(unicorn.x86_const.UC_X86_REG_ESP, stack_base+4)
	emu.reg_write(unicorn.x86_const.UC_X86_REG_EBP, stack_base)
	emu.reg_write(unicorn.x86_const.UC_X86_REG_ESI, 0x0)
	emu.reg_write(unicorn.x86_const.UC_X86_REG_EDI, 0x0)
	emu.reg_write(unicorn.x86_const.UC_X86_REG_EIP, code_base)
	emu.reg_write(unicorn.x86_const.UC_X86_REG_EFLAGS, 0x0)
	emu.mem_map(0x0, five_mb)

	data = open('./crypt.raw', 'r').read()
	emu.mem_write(code_base, data)

	# set the arguments on the stack
	emu.mem_write(stack_base + 0x8, bytes(msg))
	readback = emu.mem_read(stack_base + 0x8, msg_len)
	print(hexlify(msg))
	print(hexlify(readback))

	emu.mem_write(stack_base + 0x8 + msg_len, key)
	readback = emu.mem_read(stack_base + 0x8 + msg_len, 16)
	print(hexlify(key))
	print(hexlify(readback))

	emu.mem_write(stack_base + 0x8 + msg_len + 0x10, struct.pack("I", msg_len))
	readback = emu.mem_read(stack_base + 0x8 + msg_len + 0x10, 1)
	print(hex(msg_len))
	print(hexlify(readback))

	emu.mem_write(stack_base + 0x8 + msg_len + 0x14, struct.pack("I", rot))
	readback = emu.mem_read(stack_base + 0x8 + msg_len + 0x14, 1)
	print(hex(rot))
	print(hexlify(readback))

	readback = emu.mem_read(stack_base + 0x8, msg_len + 16 + 1 + 1)
	print(hexlify(readback))



	# run that shit
	try:
	emu.emu_start(code_base, code_base+0xca)
	except Exception as e:
	emu.emu_stop()
	print('Error: {}'.format(e))

	return emu

	def emu_and_dumpmem():
	msg = '6cd022c2da6dc500105a9274cab92177177527d683fad205fb002071d7931f67170a90080f92'
	key = 'C28222B7B746D25A8F180FFCFADCFF11'
	#for i in range(256):
	i = 0
	emu = emulate(unhexlify(msg), unhexlify(key), len(msg) / 2, i)
	# dump the result buffer
	mem = emu.mem_read(0x3144, 16)
	val1,val2,val3,val4 = struct.unpack('4I', mem)
	print ("%08X %08X %08X %08X" % (val1,val2,val3,val4))

	emu_and_dumpmem()