Skip to content

Instantly share code, notes, and snippets.

@st98

st98/build.py

Last active April 8, 2021 12:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save st98/d7629d01cd8bd24d63405ef2912fbf3e to your computer and use it in GitHub Desktop.
Save st98/d7629d01cd8bd24d63405ef2912fbf3e to your computer and use it in GitHub Desktop.
Download ZIP
(not solved, just making quine) / TSG CTF 2020 - Self Host
Raw
build.py
import os
import re
import sys
def str_to_list(a):
return ','.join(str(ord(c)) for c in a)
if __name__ == '__main__':
if len(sys.argv) < 2:
print 'gimme argv'
sys.exit(1)
with open(sys.argv[1], 'r') as f:
prog = f.read()
START_LINE_NUM = 0 # will be used to adjust jump targets of jz
# assemble
prog = '\n'.join(line for line in prog.splitlines() if line != '' and not line.startswith('#'))
result = ''
table = {}
for linenum, line in enumerate(prog.splitlines()):
if ':' in line:
label, temp = line.strip().split(':')
table[label] = linenum
result += temp.strip()
else:
result += line
result += '\n'
for label, linenum in table.items():
result = result.replace(label, str(START_LINE_NUM + linenum))
SIZE = 746 # size of bp[0], please modify manually
result = result.replace('SIZE', str(SIZE))
pos_payload = result.find('PAYLOAD')
payload = result[pos_payload+7:]
print 'len:', len(payload)
result = result.replace('PAYLOAD', str_to_list(payload))
with open('output.y', 'w') as f:
f.write(result)
Raw
output.y
add sp sp 8
makelist bp[0] [93,10,109,111,118,32,98,112,91,50,93,32,48,10,103,101,116,32,98,112,91,51,93,32,98,112,91,48,93,32,98,112,91,50,93,10,109,97,107,101,108,105,115,116,32,98,112,91,53,93,32,91,57,55,44,49,48,48,44,49,48,48,44,51,50,44,49,49,53,44,49,49,50,44,51,50,44,49,49,53,44,49,49,50,44,51,50,44,53,54,44,49,48,44,49,48,57,44,57,55,44,49,48,55,44,49,48,49,44,49,48,56,44,49,48,53,44,49,49,53,44,49,49,54,44,51,50,44,57,56,44,49,49,50,44,57,49,44,52,56,44,57,51,44,51,50,44,57,49,93,10,112,117,115,104,32,98,112,91,53,93,10,112,117,115,104,32,48,10,119,114,105,116,101,10,112,111,112,32,98,112,91,55,93,10,101,113,32,98,112,91,52,93,32,98,112,91,50,93,32,48,10,101,113,32,98,112,91,52,93,32,98,112,91,52,93,32,48,10,106,122,32,98,112,91,52,93,32,49,55,10,109,97,107,101,108,105,115,116,32,98,112,91,52,93,32,91,52,52,93,10,112,117,115,104,32,98,112,91,52,93,10,112,117,115,104,32,48,10,119,114,105,116,101,10,112,111,112,32,98,112,91,55,93,10,112,117,115,104,32,98,112,91,51,93,10,112,117,115,104,32,48,10,99,97,108,108,32,51,50,10,112,111,112,32,98,112,91,55,93,10,97,100,100,32,98,112,91,50,93,32,98,112,91,50,93,32,49,10,101,113,32,98,112,91,52,93,32,98,112,91,50,93,32,55,52,54,10,101,113,32,98,112,91,52,93,32,98,112,91,52,93,32,48,10,106,122,32,98,112,91,52,93,32,50,55,10,103,101,116,32,98,112,91,51,93,32,98,112,91,48,93,32,98,112,91,50,93,10,106,122,32,48,32,57,10,112,117,115,104,32,98,112,91,48,93,10,112,117,115,104,32,48,10,119,114,105,116,101,10,112,111,112,32,98,112,91,55,93,10,104,108,116,10,112,117,115,104,32,98,112,10,109,111,118,32,98,112,32,115,112,10,97,100,100,32,115,112,32,115,112,32,56,10,109,111,118,32,98,112,91,49,93,32,98,112,91,45,51,93,10,109,97,107,101,108,105,115,116,32,98,112,91,50,93,32,91,93,10,100,105,118,32,98,112,91,52,93,32,98,112,91,49,93,32,49,48,10,109,117,108,32,98,112,91,52,93,32,98,112,91,52,93,32,49,48,10,115,117,98,32,98,112,91,52,93,32,98,112,91,49,93,32,98,112,91,52,93,10,97,100,100,32,98,112,91,52,93,32,98,112,91,52,93,32,52,56,10,109,97,107,101,108,105,115,116,32,98,112,91,51,93,32,91,98,112,91,52,93,93,10,97,100,100,32,98,112,91,50,93,32,98,112,91,51,93,32,98,112,91,50,93,10,100,105,118,32,98,112,91,49,93,32,98,112,91,49,93,32,49,48,10,108,116,32,98,112,91,52,93,32,98,112,91,49,93,32,49,10,106,122,32,98,112,91,52,93,32,51,55,10,112,117,115,104,32,98,112,91,50,93,10,112,117,115,104,32,48,10,119,114,105,116,101,10,112,111,112,32,98,112,91,55,93,10,109,111,118,32,115,112,32,98,112,10,112,111,112,32,98,112,10,114,101,116,10]
mov bp[2] 0
get bp[3] bp[0] bp[2]
makelist bp[5] [97,100,100,32,115,112,32,115,112,32,56,10,109,97,107,101,108,105,115,116,32,98,112,91,48,93,32,91]
push bp[5]
push 0
write
pop bp[7]
eq bp[4] bp[2] 0
eq bp[4] bp[4] 0
jz bp[4] 17
makelist bp[4] [44]
push bp[4]
push 0
write
pop bp[7]
push bp[3]
push 0
call 32
pop bp[7]
add bp[2] bp[2] 1
eq bp[4] bp[2] 746
eq bp[4] bp[4] 0
jz bp[4] 27
get bp[3] bp[0] bp[2]
jz 0 9
push bp[0]
push 0
write
pop bp[7]
hlt
push bp
mov bp sp
add sp sp 8
mov bp[1] bp[-3]
makelist bp[2] []
div bp[4] bp[1] 10
mul bp[4] bp[4] 10
sub bp[4] bp[1] bp[4]
add bp[4] bp[4] 48
makelist bp[3] [bp[4]]
add bp[2] bp[3] bp[2]
div bp[1] bp[1] 10
lt bp[4] bp[1] 1
jz bp[4] 37
push bp[2]
push 0
write
pop bp[7]
mov sp bp
pop bp
ret
Raw
template.y
add sp sp 8
makelist bp[0] [PAYLOAD]
mov bp[2] 0
get bp[3] bp[0] bp[2]
makelist bp[5] [97,100,100,32,115,112,32,115,112,32,56,10,109,97,107,101,108,105,115,116,32,98,112,91,48,93,32,91]
push bp[5]
push 0
write
pop bp[7]
# print comma
LOOP1: eq bp[4] bp[2] 0
eq bp[4] bp[4] 0
jz bp[4] JUMP_IF_FIRST_NUM
makelist bp[4] [44]
push bp[4]
push 0
write
pop bp[7]
# print each number
JUMP_IF_FIRST_NUM: push bp[3]
push 0
call PRINT_INT
pop bp[7]
# fetch next number
add bp[2] bp[2] 1
eq bp[4] bp[2] SIZE
eq bp[4] bp[4] 0
jz bp[4] END
get bp[3] bp[0] bp[2]
jz 0 LOOP1
# print bp[0]
END: push bp[0]
push 0
write
pop bp[7]
hlt
####################
### print given integer as string
####################
PRINT_INT: push bp
mov bp sp
add sp sp 8
# bp[-3] is 1st arg
mov bp[1] bp[-3]
# result
makelist bp[2] []
LOOP2: div bp[4] bp[1] 10
mul bp[4] bp[4] 10
sub bp[4] bp[1] bp[4]
add bp[4] bp[4] 48
makelist bp[3] [bp[4]]
add bp[2] bp[3] bp[2]
div bp[1] bp[1] 10
lt bp[4] bp[1] 1
jz bp[4] LOOP2
# print result
push bp[2]
push 0
write
pop bp[7]
mov sp bp
pop bp
ret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment