extremecoders-re

## borkedsalsa.c
typedef unsigned int uint32_t;
typedef unsigned short uint16_t;
typedef unsigned char uint8_t;

static uint16_t rotl(uint16_t value, uint16_t shift)
{
  return (value << shift) | (value >> (32 - shift));
}


## borkedsalsasnip.c
static uint16_t rotl(uint16_t value, uint16_t shift)
{
  return (value << shift) | (value >> (32 - shift));
}


static void s20_quarterround(uint16_t *y0, uint16_t *y1, uint16_t *y2, uint16_t *y3)
{
  *y1 = *y1 ^ rotl(*y0 + *y3, 7);
  *y2 = *y2 ^ rotl(*y1 + *y0, 9);

## petya.bxrc
# configuration file generated by Bochs
plugin_ctrl: unmapped=1, biosdev=1, speaker=1, extfpuirq=1, parallel=1, serial=1, gameport=1
config_interface: win32config
display_library: win32
memory: host=32, guest=32
romimage: file="C:\Program Files\Bochs-2.6/BIOS-bochs-latest"
vgaromimage: file="C:\Program Files\Bochs-2.6/VGABIOS-lgpl-latest"
boot: disk
floppy_bootsig_check: disabled=0
# no floppya

## standarddisassembly.txt
>>> import marshal, dis
>>> f = open('1.pyc', 'rb')
>>> f.seek(8)
>>> co = marshal.load(f)
>>> dis.disassemble(co)

  1     >>    0 SETUP_EXCEPT            99 (to 102)
              3 <144>                  387
              6 STOP_CODE
              7 JUMP_FORWARD           217 (to 227)

## trace.txt
0 SETUP_EXCEPT 99
3 <INVALID>
102 POP_TOP
103 POP_TOP
104 POP_TOP
105 LOAD_CONST 1
108 JUMP_FORWARD 14
125 MAKE_FUNCTION 0
128 JUMP_ABSOLUTE 205
205 STORE_FAST 0

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                extremecoders-re
                / keybase.md
            
            
              Created
              November 12, 2016 04:55
            
          
    Keybase proof

I hereby claim:

I am extremecoders-re on github.
I am 0xec (https://keybase.io/0xec) on keybase.
I have a public key whose fingerprint is 299B 7870 256E BBBE 5899  D032 7283 ABC9 3A50 CD5C

To claim this, I am signing this object:

  
## log.txt
$ python my_aegg.py
WARNING | 2017-08-02 12:47:21,314 | claripy | Claripy is setting the recursion limit to 15000. If Python segfaults, I am sorry.
WARNING | 2017-08-02 12:47:22,664 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
INFO    | 2017-08-02 12:47:22,725 | aegg.aegg | Start hacking ...
WARNING | 2017-08-02 12:47:46,590 | simuvex.plugins.symbolic_memory | Concretizing symbolic length. Much sad; think about implementing.
WARNING | 2017-08-02 12:48:08,428 | simuvex.engine.successors | Exit state has over 257 possible solutions. Likely unconstrained; skipping. <BV32 (if (((0xffbfdfa1 + (if (<...> == <...>) then 0x402060 else (if <...> then <...> else <...>)))[31:5] == 0x0) && ((1 + (if (<...>[7:0] == 0) then 0 else (if (<...> == <...>) then 1 else (if <...> then <...> else <...>)))) <= 25)) then 0 else file_/dev/stdin_0_0_3_2456[207:200]) .. (if (((0xffbfdfa1 + (if (<...> == <...>) then 0x402060 else (if <...> then <...> else <...>

## thetool.py
import string
from PyQt4.QtCore import *
from PyQt4.QtGui import *
import sys
import ui_mainwindow

encoded = 'QAYLHhIJbzIQClFAQgQTFkNYbz5aUBQZURIXXBARFztifGQwPRdaaFkePE9KOjMWRBRdUhtDXkIXaGkpYTc6REs7UgB6AAAATQ1FUUlOU0dWEylVOSlzfDJUGwwaXAMCeWZeXnsHSztPGn0LXnp9DlAUWksWUloCH1JaJjV0c04cLApTdR9SWiY1dHNOB1Q4XQEEJF1Fc3QyQUhBSit3Enp9Vi1UB3lEHQAABRRQXg4LPTsOT1JHBl8tN0kEQVsMRUc6EE1HMDQqe3MIYxdgFU4YRh5bX2llARVCbFwZOAYRHQJhJX52dkpwd3MaZkpvE0hTYVcUdmgyYlx4MBI4JHJ5BzAyGx03LRx9AHUqLgkAcFUiLgwcFD4+FAY+Ij4dOzoLCwAYSgciNQ0NLS0QGw91FAQ0bgULMRQCFjxKCgAzIjoMMBsKGxlmGBJJBAoWEC5XDy5sEDcuHBADBz0kGRUAERw9CyMQFDkbGBUtMhUmcQwEAhsSBiEMCyhdVSUEJjZUHiUqGg8mahAYFAwbEDIqURg9dAohDz4xFwk+MRxdMQQHLi4QAgAABhAXEHMHKnUTGXEmMhc+CwouSwgvCARhdwQAHFsKInkWGC4qOwANIWQWOnUbHzMqMQF4MQcSWil3DisqMRErCz8wEj5RFS1TNjtbXjACHyEyDABdKQQ/aQoXFWR3GiIpARMsPSYUMAwUAgdHZBQGKS8FAAAoAQEfUho/egUxKD4xJBFXBx4QCCAiKFpwGzU+AA1IATEOLgsTFGZBLAQbMj8VO2M9BS5ZLwMuJmIEEwMMGQAuRyNbRQASAEclIHMyPCM4dgAKLjoJBgQmDmh7dV1DEBhzZ2AxPTgRTUIjHj8dGCdQKDo3Ug9vX3p6ZnhBa2QXVAtGFQBFfHZXKCZIb05rZ

## aplib.py
################################################################################
# quick hack for using aplib (http://www.ibsensoftware.com/products_aPLib.html)
# put aplib.dll in %PATH% or same dir as this script
# on *nix it might require LD_LIBRARY_PATH set depending on where libaplib.so is

import os
from ctypes import *

################################################################################

## future.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

void genMatrix(char mat[5][5], char str[]) {
	for (int i = 0; i < 25; i++) {
		int m = (i * 2) % 25;
		int f = (i * 7) % 25;
		mat[m/5][m%5] = str[f];
	}
	typedef unsigned int uint32_t;
	typedef unsigned short uint16_t;
	typedef unsigned char uint8_t;

	static uint16_t rotl(uint16_t value, uint16_t shift)
	{
	return (value << shift) \| (value >> (32 - shift));
	}
	static uint16_t rotl(uint16_t value, uint16_t shift)
	{
	return (value << shift) \| (value >> (32 - shift));
	}


	static void s20_quarterround(uint16_t y0, uint16_t y1, uint16_t y2, uint16_t y3)
	{
	y1 = y1 ^ rotl(y0 + y3, 7);
	y2 = y2 ^ rotl(y1 + y0, 9);
	# configuration file generated by Bochs
	plugin_ctrl: unmapped=1, biosdev=1, speaker=1, extfpuirq=1, parallel=1, serial=1, gameport=1
	config_interface: win32config
	display_library: win32
	memory: host=32, guest=32
	romimage: file="C:\Program Files\Bochs-2.6/BIOS-bochs-latest"
	vgaromimage: file="C:\Program Files\Bochs-2.6/VGABIOS-lgpl-latest"
	boot: disk
	floppy_bootsig_check: disabled=0
	# no floppya
	>>> import marshal, dis
	>>> f = open('1.pyc', 'rb')
	>>> f.seek(8)
	>>> co = marshal.load(f)
	>>> dis.disassemble(co)

	1 >> 0 SETUP_EXCEPT 99 (to 102)
	3 <144> 387
	6 STOP_CODE
	7 JUMP_FORWARD 217 (to 227)
	0 SETUP_EXCEPT 99
	3 <INVALID>
	102 POP_TOP
	103 POP_TOP
	104 POP_TOP
	105 LOAD_CONST 1
	108 JUMP_FORWARD 14
	125 MAKE_FUNCTION 0
	128 JUMP_ABSOLUTE 205
	205 STORE_FAST 0
	$ python my_aegg.py
	WARNING \| 2017-08-02 12:47:21,314 \| claripy \| Claripy is setting the recursion limit to 15000. If Python segfaults, I am sorry.
	WARNING \| 2017-08-02 12:47:22,664 \| cle.loader \| The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
	INFO \| 2017-08-02 12:47:22,725 \| aegg.aegg \| Start hacking ...
	WARNING \| 2017-08-02 12:47:46,590 \| simuvex.plugins.symbolic_memory \| Concretizing symbolic length. Much sad; think about implementing.
	WARNING \| 2017-08-02 12:48:08,428 \| simuvex.engine.successors \| Exit state has over 257 possible solutions. Likely unconstrained; skipping. <BV32 (if (((0xffbfdfa1 + (if (<...> == <...>) then 0x402060 else (if <...> then <...> else <...>)))[31:5] == 0x0) && ((1 + (if (<...>[7:0] == 0) then 0 else (if (<...> == <...>) then 1 else (if <...> then <...> else <...>)))) <= 25)) then 0 else file_/dev/stdin_0_0_3_2456[207:200]) .. (if (((0xffbfdfa1 + (if (<...> == <...>) then 0x402060 else (if <...> then <...> else <...>
	import string
	from PyQt4.QtCore import *
	from PyQt4.QtGui import *
	import sys
	import ui_mainwindow

	encoded = 'QAYLHhIJbzIQClFAQgQTFkNYbz5aUBQZURIXXBARFztifGQwPRdaaFkePE9KOjMWRBRdUhtDXkIXaGkpYTc6REs7UgB6AAAATQ1FUUlOU0dWEylVOSlzfDJUGwwaXAMCeWZeXnsHSztPGn0LXnp9DlAUWksWUloCH1JaJjV0c04cLApTdR9SWiY1dHNOB1Q4XQEEJF1Fc3QyQUhBSit3Enp9Vi1UB3lEHQAABRRQXg4LPTsOT1JHBl8tN0kEQVsMRUc6EE1HMDQqe3MIYxdgFU4YRh5bX2llARVCbFwZOAYRHQJhJX52dkpwd3MaZkpvE0hTYVcUdmgyYlx4MBI4JHJ5BzAyGx03LRx9AHUqLgkAcFUiLgwcFD4+FAY+Ij4dOzoLCwAYSgciNQ0NLS0QGw91FAQ0bgULMRQCFjxKCgAzIjoMMBsKGxlmGBJJBAoWEC5XDy5sEDcuHBADBz0kGRUAERw9CyMQFDkbGBUtMhUmcQwEAhsSBiEMCyhdVSUEJjZUHiUqGg8mahAYFAwbEDIqURg9dAohDz4xFwk+MRxdMQQHLi4QAgAABhAXEHMHKnUTGXEmMhc+CwouSwgvCARhdwQAHFsKInkWGC4qOwANIWQWOnUbHzMqMQF4MQcSWil3DisqMRErCz8wEj5RFS1TNjtbXjACHyEyDABdKQQ/aQoXFWR3GiIpARMsPSYUMAwUAgdHZBQGKS8FAAAoAQEfUho/egUxKD4xJBFXBx4QCCAiKFpwGzU+AA1IATEOLgsTFGZBLAQbMj8VO2M9BS5ZLwMuJmIEEwMMGQAuRyNbRQASAEclIHMyPCM4dgAKLjoJBgQmDmh7dV1DEBhzZ2AxPTgRTUIjHj8dGCdQKDo3Ug9vX3p6ZnhBa2QXVAtGFQBFfHZXKCZIb05rZ
	################################################################################
	# quick hack for using aplib (http://www.ibsensoftware.com/products_aPLib.html)
	# put aplib.dll in %PATH% or same dir as this script
	# on *nix it might require LD_LIBRARY_PATH set depending on where libaplib.so is

	import os
	from ctypes import *

	################################################################################
	#include <stdio.h>
	#include <string.h>
	#include <stdlib.h>

	void genMatrix(char mat[5][5], char str[]) {
	for (int i = 0; i < 25; i++) {
	int m = (i * 2) % 25;
	int f = (i * 7) % 25;
	mat[m/5][m%5] = str[f];
	}