Skip to content

Instantly share code, notes, and snippets.

@enkomio
Created December 17, 2019 12:59
Show Gist options
  • Save enkomio/35b14084c1422db6740b5ed98cdb2db7 to your computer and use it in GitHub Desktop.
Save enkomio/35b14084c1422db6740b5ed98cdb2db7 to your computer and use it in GitHub Desktop.
proc data_section
S:
// Hardcode the initial state of the S array
byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
byte 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
byte 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F
byte 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F
byte 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F
byte 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F
byte 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F
byte 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F
byte 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F
byte 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F
byte 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF
byte 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF
byte 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
byte 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF
byte 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF
byte 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF
// add a halt to make it syntax valid and avoid assembler warning.
// It is safe to add halt since it will never be executed
halt
endp
proc decode_password(pwd, pwd_len)
.mov index, 0
decode_pwd_loop:
// read the byte to decode
.mov pwd_offset, (pwd + index)
.nread.b pwd_offset
pop xored_char
// decode the byte with hardcoded key
.xor xored_char, 0xA1
// write back the result
pop xored_char
.nwrite.b pwd_offset, xored_char
// check if completed
.inc index
.cmp index, pwd_len
push decode_pwd_loop
jumpifl
ret
endp
proc swap(i, j)
.read.b (S + i)
pop S_i
.read.b (S + j)
pop S_j
// swap the values
.write.b (S + i), S_j
.write.b (S + j), S_i
ret
endp
proc ksa(password, password_length)
.mov i, 0
.mov j, 0
ksa_loop:
// read the i-th byte from S array
.read.b (S + i)
pop S_i
// read the i-th byte from password
.nread.b (password + (i % password_length))
pop pwd_i
// compute loop expression
.mov j, ((j + S_i + pwd_i) % 256)
.swap(i, j)
// check if I have to iterate
.inc i
.cmp i, 256
push ksa_loop
jumpifl
ret
endp
proc prga(buffer, buffer_length)
.mov i, 0
.mov j, 0
.mov n, 0
prga_loop:
// update index i
.mov i, ((i + 1) % 256)
// update index j
.read.b (S + i)
pop S_i
.mov j, ((j + S_i) % 256)
// swap
.swap(i, j)
// read indexes
.read.b (S + i)
pop S_i
.read.b (S + j)
pop S_j
// compute random
.read.b (S + ((S_i + S_j) % 256))
pop rnd
// read n-th buffer value
.nread.b (buffer + n)
pop buffer_n
// XOR with buffer and write back the result
.xor buffer_n, rnd
pop encrypted_char
.nwrite.b (buffer + n), encrypted_char
// check if I have to iterate
.inc n
.cmp n, buffer_length
push prga_loop
jumpifl
ret
endp
proc main(buffer, buffer_length, password, password_length)
.mov result, 0
// invoke the routine to decode the password
.decode_password(password, password_length)
// do KSA phase
.ksa(password, password_length)
// do PRGA phase and write back the result
.prga(buffer, buffer_length)
// finally invoke the native method
.ncall(buffer)
halt
endp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment