Created
April 3, 2023 14:23
-
-
Save mrT4ntr4/75405c505984640d505fc8c0ccc2c3b1 to your computer and use it in GitHub Desktop.
Disassembly for Crocodile VM - Initial Analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
=========== (0x000301fd) len=0x2b =========== Main | |
00 : pop V_60 | |
01 : V_1 = "squirrelware" | |
02 : resolve method V_2 => System.Void System.Console::set_Title(System.String) | |
03 : push V_1 | |
04 : call V_2 | |
05 : V_3 = "enter your username" | |
06 : resolve method V_4 => System.Void System.Console::WriteLine(System.String) | |
07 : push V_3 | |
08 : call V_4 | |
09 : V_5 = 0x0000302c | |
0a : V_6 = 0x0000a68a | |
0b : resolve method V_7 => System.Void VirtualGuard.Tests.Maths::.ctor(System.Int32, System.Int32) | |
0c : push V_6 | |
0d : push V_5 | |
0e : call V_7 | |
0f : pop V_8 | |
10 : resolve method V_9 => System.String System.Console::ReadLine() | |
11 : call V_9 | |
12 : pop V_10 | |
13 : resolve method V_11 => System.Void VirtualGuard.Tests.Authenticator::.ctor(System.String, VirtualGuard.Tests.Maths) | |
14 : push V_8 | |
15 : push V_10 | |
16 : call V_11 | |
17 : pop V_12 | |
18 : V_13 = "enter your password" | |
19 : resolve method V_14 => System.Void System.Console::WriteLine(System.String) | |
1a : push V_13 | |
1b : call V_14 | |
1c : resolve method V_15 => System.String System.Console::ReadLine() | |
1d : call V_15 | |
1e : pop V_16 | |
1f : resolve method V_17 => System.Void VirtualGuard.Tests.Authenticator::InputPassword(System.String) | |
20 : push V_12 | |
21 : push V_16 | |
22 : call V_17 | |
23 : resolve method V_18 => System.Boolean VirtualGuard.Tests.Authenticator::Validate() | |
24 : push V_12 | |
25 : call V_18 | |
26 : pop V_59 | |
27 : V_19 = 0x000947b4 | |
28 : brfalse V_19 | |
29 : V_20 = 0x000dcd6c | |
2a : br V_20 | |
=========== (0x0003dbf1) len=0x04 =========== | |
00 : resolve method V_27 => System.ConsoleKeyInfo System.Console::ReadKey() | |
01 : call V_27 | |
02 : pop V_28 | |
03 : ret V_29 | |
=========== (0x0003de18) len=0x04 =========== | |
00 : V_11 = 0x00000000 | |
01 : V_12 = 0x00000000 | |
02 : V_13 = 0x000eed3c | |
03 : br V_13 | |
=========== (0x0004928f) len=0x06 =========== | |
00 : V_28 = 0x00000002 | |
01 : ceq V_28 V_11 | |
02 : V_29 = 0x000c8d65 | |
03 : brfalse V_29 | |
04 : V_30 = 0x000a51a3 | |
05 : br V_30 | |
=========== (0x0004d446) len=0x13 =========== Validate | |
00 : pop V_60 | |
01 : 0x15 0x00000000 NULL | |
02 : 0x6 0x00000000 0x0000003c | |
03 : pop V_1 | |
04 : push V_1 | |
05 : resolve field ==> System.String VirtualGuard.Tests.Authenticator::_password | |
06 : pop V_2 | |
07 : resolve method V_3 => System.Int32 System.String::get_Length() | |
08 : push V_2 | |
09 : call V_3 | |
0a : pop V_4 | |
0b : V_5 = 0x00000005 | |
0c : ceq V_5 V_4 | |
0d : V_6 = 0x00000000 | |
0e : ceq V_6 V_59 | |
0f : V_7 = 0x0003de18 | |
10 : brfalse V_7 | |
11 : V_8 = 0x000a09c4 | |
12 : br V_8 | |
=========== (0x0004e76c) len=0x08 =========== Program | |
00 : pop V_60 | |
01 : 0x15 0x00000000 NULL | |
02 : 0x6 0x00000000 0x0000003c | |
03 : pop V_1 | |
04 : resolve method V_2 => System.Void System.Object::.ctor() | |
05 : push V_1 | |
06 : call V_2 | |
07 : ret V_3 | |
=========== (0x0005197a) len=0x01 =========== | |
00 : ret V_9 | |
=========== (0x0005386f) len=0x1a =========== Authenticator | |
00 : pop V_60 | |
01 : 0x15 0x00000000 NULL | |
02 : 0x6 0x00000000 0x0000003c | |
03 : pop V_1 | |
04 : resolve method V_2 => System.Void System.Object::.ctor() | |
05 : push V_1 | |
06 : call V_2 | |
07 : 0x15 0x00000000 NULL | |
08 : 0x6 0x00000000 0x0000003c | |
09 : pop V_3 | |
0a : 0x15 0x00000001 NULL | |
0b : 0x6 0x00000000 0x0000003c | |
0c : pop V_4 | |
0d : push V_4 | |
0e : push V_3 | |
0f : resolve field ==> System.String VirtualGuard.Tests.Authenticator::_user | |
10 : 0x15 0x00000000 NULL | |
11 : 0x6 0x00000000 0x0000003c | |
12 : pop V_5 | |
13 : 0x15 0x00000002 NULL | |
14 : 0x6 0x00000000 0x0000003c | |
15 : pop V_6 | |
16 : push V_6 | |
17 : push V_5 | |
18 : resolve field ==> VirtualGuard.Tests.Maths VirtualGuard.Tests.Authenticator::_math | |
19 : ret V_7 | |
=========== (0x0006da02) len=0x01 =========== | |
00 : ret V_2 | |
=========== (0x0007c475) len=0x06 =========== | |
00 : V_18 = 0x00000000 | |
01 : resolve method V_19 => System.Void System.Environment::Exit(System.Int32) | |
02 : push V_18 | |
03 : call V_19 | |
04 : V_20 = 0x0007ccd6 | |
05 : br V_20 | |
=========== (0x0007ccd6) len=0x0a =========== | |
00 : 0x15 0x00000000 NULL | |
01 : 0x6 0x00000000 0x0000003c | |
02 : pop V_21 | |
03 : 0x15 0x00000001 NULL | |
04 : 0x6 0x00000000 0x0000003c | |
05 : pop V_22 | |
06 : push V_22 | |
07 : push V_21 | |
08 : resolve field ==> System.String VirtualGuard.Tests.Authenticator::_password | |
09 : ret V_23 | |
=========== (0x0008fdbf) len=0x11 =========== InputPassword | |
00 : pop V_60 | |
01 : 0x15 0x00000000 NULL | |
02 : 0x6 0x00000000 0x0000003c | |
03 : pop V_1 | |
04 : push V_1 | |
05 : resolve field ==> VirtualGuard.Tests.Maths VirtualGuard.Tests.Authenticator::_math | |
06 : pop V_2 | |
07 : resolve method V_3 => System.Int32 VirtualGuard.Tests.Maths::Add() | |
08 : push V_2 | |
09 : call V_3 | |
0a : pop V_4 | |
0b : V_5 = 0x00000002540be3ff | |
0c : V_6 = 0x000ebf9a | |
0d : cgt V_5 V_4 | |
0e : brfalse V_6 | |
0f : V_7 = 0x000d8852 | |
10 : br V_7 | |
=========== (0x000934e2) len=0x10 =========== Add | |
00 : pop V_60 | |
01 : 0x15 0x00000000 NULL | |
02 : 0x6 0x00000000 0x0000003c | |
03 : pop V_1 | |
04 : push V_1 | |
05 : resolve field ==> System.Int32 VirtualGuard.Tests.Maths::_i1 | |
06 : pop V_2 | |
07 : 0x15 0x00000000 NULL | |
08 : 0x6 0x00000000 0x0000003c | |
09 : pop V_3 | |
0a : push V_3 | |
0b : resolve field ==> System.Int32 VirtualGuard.Tests.Maths::_i2 | |
0c : pop V_4 | |
0d : add V_2 V_4 | |
0e : V_5 = 0x0006da02 | |
0f : br V_5 | |
=========== (0x000947b4) len=0x06 =========== | |
00 : V_24 = "invalid!" | |
01 : resolve method V_25 => System.Void System.Console::WriteLine(System.String) | |
02 : push V_24 | |
03 : call V_25 | |
04 : V_26 = 0x0003dbf1 | |
05 : br V_26 | |
=========== (0x000967e1) len=0x04 =========== | |
00 : V_23 = 0x00000001 | |
01 : add V_12 V_23 | |
02 : V_24 = 0x000eed3c | |
03 : br V_24 | |
=========== (0x000a09c4) len=0x03 =========== | |
00 : V_9 = 0x00000000 | |
01 : V_10 = 0x0005197a | |
02 : br V_10 | |
=========== (0x000a51a3) len=0x03 =========== | |
00 : V_9 = 0x00000001 | |
01 : V_31 = 0x0005197a | |
02 : br V_31 | |
=========== (0x000aa617) len=0x04 =========== | |
00 : V_16 = 0x0007ccd6 | |
01 : brfalse V_16 | |
02 : V_17 = 0x0007c475 | |
03 : br V_17 | |
=========== (0x000b9932) len=0x04 =========== | |
00 : V_21 = 0x00000001 | |
01 : add V_11 V_21 | |
02 : V_22 = 0x000967e1 | |
03 : br V_22 | |
=========== (0x000bf4e5) len=0x1a =========== Maths | |
00 : pop V_60 | |
01 : 0x15 0x00000000 NULL | |
02 : 0x6 0x00000000 0x0000003c | |
03 : pop V_1 | |
04 : resolve method V_2 => System.Void System.Object::.ctor() | |
05 : push V_1 | |
06 : call V_2 | |
07 : 0x15 0x00000000 NULL | |
08 : 0x6 0x00000000 0x0000003c | |
09 : pop V_3 | |
0a : 0x15 0x00000001 NULL | |
0b : 0x6 0x00000000 0x0000003c | |
0c : pop V_4 | |
0d : push V_4 | |
0e : push V_3 | |
0f : resolve field ==> System.Int32 VirtualGuard.Tests.Maths::_i1 | |
10 : 0x15 0x00000000 NULL | |
11 : 0x6 0x00000000 0x0000003c | |
12 : pop V_5 | |
13 : 0x15 0x00000002 NULL | |
14 : 0x6 0x00000000 0x0000003c | |
15 : pop V_6 | |
16 : push V_6 | |
17 : push V_5 | |
18 : resolve field ==> System.Int32 VirtualGuard.Tests.Maths::_i2 | |
19 : ret V_7 | |
=========== (0x000c8d65) len=0x03 =========== | |
00 : V_9 = 0x00000000 | |
01 : V_32 = 0x0005197a | |
02 : br V_32 | |
=========== (0x000d824f) len=0x11 =========== | |
00 : 0x15 0x00000000 NULL | |
01 : 0x6 0x00000000 0x0000003c | |
02 : pop V_14 | |
03 : push V_14 | |
04 : resolve field ==> System.String VirtualGuard.Tests.Authenticator::_password | |
05 : pop V_15 | |
06 : resolve method V_16 => System.Char System.String::get_Chars(System.Int32) | |
07 : push V_15 | |
08 : push V_12 | |
09 : call V_16 | |
0a : pop V_17 | |
0b : V_18 = 0x00000064 | |
0c : ceq V_18 V_17 | |
0d : V_19 = 0x000967e1 | |
0e : brfalse V_19 | |
0f : V_20 = 0x000b9932 | |
10 : br V_20 | |
=========== (0x000d8852) len=0x0e =========== | |
00 : 0x15 0x00000000 NULL | |
01 : 0x6 0x00000000 0x0000003c | |
02 : pop V_8 | |
03 : push V_8 | |
04 : resolve field ==> VirtualGuard.Tests.Maths VirtualGuard.Tests.Authenticator::_math | |
05 : pop V_9 | |
06 : resolve method V_10 => System.Int32 VirtualGuard.Tests.Maths::Add() | |
07 : push V_9 | |
08 : call V_10 | |
09 : pop V_11 | |
0a : V_12 = 0x0000271c | |
0b : clt V_11 V_12 | |
0c : V_13 = 0x000aa617 | |
0d : br V_13 | |
=========== (0x000dcd6c) len=0x06 =========== | |
00 : V_21 = "valid!" | |
01 : resolve method V_22 => System.Void System.Console::WriteLine(System.String) | |
02 : push V_21 | |
03 : call V_22 | |
04 : V_23 = 0x0003dbf1 | |
05 : br V_23 | |
=========== (0x000ebf9a) len=0x03 =========== | |
00 : V_14 = 0x00000000 | |
01 : V_15 = 0x000aa617 | |
02 : br V_15 | |
=========== (0x000eed3c) len=0x06 =========== | |
00 : V_25 = 0x00000005 | |
01 : clt V_12 V_25 | |
02 : V_26 = 0x000d824f | |
03 : brtrue V_26 | |
04 : V_27 = 0x0004928f | |
05 : br V_27 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment