-
-
Save sudhackar/3fd44806e9edc73897156c1432f777ba to your computer and use it in GitHub Desktop.
pintool bruteforce key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "pin.H" | |
#include <fstream> | |
#include <iostream> | |
using namespace std; | |
KNOB<string> KnobOutputFile(KNOB_MODE_WRITEONCE, "pintool", "o", "pin.out", | |
"specify output file name"); | |
std::ofstream outFile; | |
ADDRINT l, h; | |
AFUNPTR rename_ptr = 0; | |
AFUNPTR salsa_crypt_ptr = 0; | |
AFUNPTR srandom_ptr = 0; | |
AFUNPTR rand_ptr = 0; | |
char keyspace[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx" | |
"yz!@#$%^&<>,.*()-+=;%?"; | |
char key[0x40]; | |
const char ct[] = "\x87\x75\x41\x7d\x7c\x5f\x69\xee\xa2"; | |
const char pt[] = "Sudhakar\n"; | |
const char kkey[] = "gL5L=5f)=eOPUGFLuwjMj%cGWhrYjtF7"; | |
// samples | |
// t : 0x63a55862 | |
// p : 0x2794 | |
// s : 0xcc0e06a8 | |
// k : NubT5C<>BY=Sm=oXX%E%5=A,$u>$4RfU | |
char ctw[9]; | |
VOID foo_start(THREADID tid, CONTEXT *ctxt) { | |
fprintf(stdout, "callsetup\n"); | |
unsigned int ret; | |
int _time = 1671563042; // 2022-12-20 19:04:02.88 +0000 | |
for (unsigned delta = 0; delta < 24 * 60 * 60; delta++) { | |
int time = delta + _time; | |
fprintf(stdout, "delta : %x\n", delta); | |
for (unsigned int pid = 1; pid < 0x8000; pid++) { | |
int seed = time * pid; | |
// PIN_CallApplicationFunction(ctxt, tid, CALLINGSTD_DEFAULT, srandom_ptr, | |
// NULL, PIN_PARG(unsigned int), &ret, PIN_PARG(unsigned int), seed, | |
// PIN_PARG_END()); | |
srand(seed); | |
for (int i = 0; i < 32; i++) { | |
// PIN_CallApplicationFunction(ctxt, tid, CALLINGSTD_DEFAULT, rand_ptr, | |
// NULL, PIN_PARG(unsigned int), &ret, PIN_PARG_END()); ASSERT(rand() == | |
// (int)ret, "rand misbehaves"); key[i] = keyspace[ret % 0x52]; | |
key[i] = keyspace[rand() % 0x52]; | |
} | |
// fprintf(stdout, "key : %s\n", key); | |
if (!memcmp(key, kkey, 32)) { | |
fprintf(stdout, "seed : %x\n", seed); | |
return; | |
} else { | |
continue; | |
} | |
memcpy(ctw, ct, 9); | |
PIN_CallApplicationFunction( | |
ctxt, tid, CALLINGSTD_DEFAULT, salsa_crypt_ptr, NULL, | |
PIN_PARG(unsigned int), &ret, PIN_PARG(char *), key, PIN_PARG(int), 0, | |
PIN_PARG(char *), ctw, PIN_PARG(int), 9, PIN_PARG_END()); | |
if (!memcmp(ctw, pt, 9)) { | |
std::cout << std::hex << seed << endl; | |
return; | |
} | |
} | |
} | |
} | |
AFUNPTR rtn_addr(IMG img, const char *rtnName) { | |
RTN r = RTN_FindByName(img, rtnName); | |
ASSERT(RTN_Valid(r), "Failed to find RTN " + rtnName); | |
return (AFUNPTR)RTN_Address(r); | |
} | |
VOID img_load(IMG img, VOID *v) { | |
if (!IMG_IsMainExecutable(img)) { | |
return; | |
} | |
rename_ptr = rtn_addr(img, "_Z22salsa20_256_yes_renamePv"); | |
salsa_crypt_ptr = rtn_addr(img, "_Z14s20_crypt256_2PhjS_j"); | |
srandom_ptr = rtn_addr(img, "srandom"); | |
rand_ptr = rtn_addr(img, "rand"); | |
RTN main_rtn = RTN_FindByName(img, "main"); | |
ASSERTX(RTN_Valid(main_rtn)); | |
RTN_Open(main_rtn); | |
RTN_InsertCall(main_rtn, IPOINT_AFTER, AFUNPTR(foo_start), IARG_THREAD_ID, | |
IARG_CONTEXT, IARG_END); | |
RTN_Close(main_rtn); | |
} | |
// VOID dump(UINT64 insAddr, std::string insDis) { | |
// std::cout << std::hex << insAddr << " : " << insDis << std::endl; | |
// } | |
// VOID callback_instruction(INS ins, VOID *v) { | |
// if (INS_Address(ins) >= l && INS_Address(ins) <= h) { | |
// INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)dump, IARG_ADDRINT, | |
// INS_Address(ins), IARG_PTR, new string(INS_Disassemble(ins)), | |
// IARG_END); | |
// } | |
// } | |
// VOID fini(INT32 code, VOID *v) { outFile.close(); } | |
int main(int argc, char *argv[]) { | |
PIN_Init(argc, argv); | |
PIN_InitSymbols(); | |
IMG_AddInstrumentFunction(img_load, 0); | |
// INS_AddInstrumentFunction(callback_instruction, 0); | |
// PIN_AddFiniFunction(fini, 0); | |
PIN_StartProgram(); | |
PIN_ExitApplication(0); | |
return 0; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################################################## | |
# | |
# DO NOT EDIT THIS FILE! | |
# | |
############################################################## | |
# If the tool is built out of the kit, PIN_ROOT must be specified in the make invocation and point to the kit root. | |
ifdef PIN_ROOT | |
CONFIG_ROOT := $(PIN_ROOT)/source/tools/Config | |
else | |
CONFIG_ROOT := ../Config | |
endif | |
include $(CONFIG_ROOT)/makefile.config | |
include makefile.rules | |
include $(TOOLS_ROOT)/Config/makefile.default.rules | |
############################################################## | |
# | |
# DO NOT EDIT THIS FILE! | |
# | |
############################################################## |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################################################## | |
# | |
# This file includes all the test targets as well as all the | |
# non-default build rules and test recipes. | |
# | |
############################################################## | |
############################################################## | |
# | |
# Test targets | |
# | |
############################################################## | |
###### Place all generic definitions here ###### | |
# This defines tests which run tools of the same name. This is simply for convenience to avoid | |
# defining the test name twice (once in TOOL_ROOTS and again in TEST_ROOTS). | |
# Tests defined here should not be defined in TOOL_ROOTS and TEST_ROOTS. | |
TEST_TOOL_ROOTS := cartarget | |
# This defines the tests to be run that were not already defined in TEST_TOOL_ROOTS. | |
TEST_ROOTS := | |
# This defines a list of tests that should run in the "short" sanity. Tests in this list must also | |
# appear either in the TEST_TOOL_ROOTS or the TEST_ROOTS list. | |
# If the entire directory should be tested in sanity, assign TEST_TOOL_ROOTS and TEST_ROOTS to the | |
# SANITY_SUBSET variable in the tests section below (see example in makefile.rules.tmpl). | |
SANITY_SUBSET := | |
# This defines the tools which will be run during the the tests, and were not already defined in | |
# TEST_TOOL_ROOTS. | |
TOOL_ROOTS := | |
# This defines the static analysis tools which will be run during the the tests. They should not | |
# be defined in TEST_TOOL_ROOTS. If a test with the same name exists, it should be defined in | |
# TEST_ROOTS. | |
# Note: Static analysis tools are in fact executables linked with the Pin Static Analysis Library. | |
# This library provides a subset of the Pin APIs which allows the tool to perform static analysis | |
# of an application or dll. Pin itself is not used when this tool runs. | |
SA_TOOL_ROOTS := | |
# This defines all the applications that will be run during the tests. | |
APP_ROOTS := | |
# This defines any additional object files that need to be compiled. | |
OBJECT_ROOTS := | |
# This defines any additional dlls (shared objects), other than the pintools, that need to be compiled. | |
DLL_ROOTS := | |
# This defines any static libraries (archives), that need to be built. | |
LIB_ROOTS := | |
############################################################## | |
# | |
# Test recipes | |
# | |
############################################################## | |
# This section contains recipes for tests other than the default. | |
# See makefile.default.rules for the default test rules. | |
# All tests in this section should adhere to the naming convention: <testname>.test | |
############################################################## | |
# | |
# Build rules | |
# | |
############################################################## | |
# This section contains the build rules for all binaries that have special build rules. | |
# See makefile.default.rules for the default build rules. |
Author
sudhackar
commented
Dec 23, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment