Skip to content

Instantly share code, notes, and snippets.

@volpino volpino/disas.py
Created Apr 20, 2015

Embed
What would you like to do?
pctf cryptoserv disas
import struct
def d(word):
return struct.unpack("<I", word)[0]
def chunks(l, n):
""" Yield successive n-sized chunks from l.
"""
for i in xrange(0, len(l), n):
yield l[i:i+n]
content = open("./client_data.txt").read()
bytecode_size = d(content[:4]) * 8
msg_size = d(content[4:8])
print "BYTECODE LEN =", bytecode_size
print "MSG LEN =", msg_size
magic1 = d(content[8:12])
magic2 = d(content[12:16])
print "MAGIC1 =", hex(magic1)
print "MAGIC2 =", hex(magic2)
bytecode = content[16:16+bytecode_size]
msg = content[16+bytecode_size:16+bytecode_size+msg_size]
for i, ins in enumerate(list(chunks(bytecode, 8))):
print "{}:".format(i),
if ins[0] == '\x00':
print "mov reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2]))
elif ins[0] == '\x01':
print "mov reg[{}], {}".format(ord(ins[1]), d(ins[4:]))
elif ins[0] == '\x02':
print "add reg[{}], reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2]), ord(ins[3]))
elif ins[0] == '\x03':
print "and reg[{}], reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2]), ord(ins[3]))
elif ins[0] == '\x04':
print "or reg[{}], reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2]), ord(ins[3]))
elif ins[0] == '\x05':
print "xor reg[{}], reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2]), ord(ins[3]))
elif ins[0] == '\x06':
print "not reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2]))
elif ins[0] == '\x07':
print "rshift reg[{}], reg[{}], {}".format(ord(ins[1]), ord(ins[2]), d(ins[4:]))
elif ins[0] == '\x08':
print "lshift reg[{}], reg[{}], {}".format(ord(ins[1]), ord(ins[2]), d(ins[4:]))
elif ins[0] == '\x09':
print "reg[{}] = reg[{} + reg[{}]]".format(ord(ins[1]), ord(ins[2]), ord(ins[3]))
elif ins[0] == '\x0a':
print "if reg[{}] == reg[{}]: goto {}".format(ord(ins[2]), ord(ins[3]), d(ins[4:]))
elif ins[0] == '\x0b':
print "if reg[{}] < reg[{}]: goto {}".format(ord(ins[2]), ord(ins[3]), d(ins[4:]))
elif ins[0] == '\x0c':
print "END"
with open("bytecode.bin", "w") as f:
f.write(bytecode)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.