Created
April 20, 2015 18:25
-
-
Save volpino/551550018fa2ab6d2930 to your computer and use it in GitHub Desktop.
pctf cryptoserv disas
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| def d(word): | |
| return struct.unpack("<I", word)[0] | |
| def chunks(l, n): | |
| """ Yield successive n-sized chunks from l. | |
| """ | |
| for i in xrange(0, len(l), n): | |
| yield l[i:i+n] | |
| content = open("./client_data.txt").read() | |
| bytecode_size = d(content[:4]) * 8 | |
| msg_size = d(content[4:8]) | |
| print "BYTECODE LEN =", bytecode_size | |
| print "MSG LEN =", msg_size | |
| magic1 = d(content[8:12]) | |
| magic2 = d(content[12:16]) | |
| print "MAGIC1 =", hex(magic1) | |
| print "MAGIC2 =", hex(magic2) | |
| bytecode = content[16:16+bytecode_size] | |
| msg = content[16+bytecode_size:16+bytecode_size+msg_size] | |
| for i, ins in enumerate(list(chunks(bytecode, 8))): | |
| print "{}:".format(i), | |
| if ins[0] == '\x00': | |
| print "mov reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2])) | |
| elif ins[0] == '\x01': | |
| print "mov reg[{}], {}".format(ord(ins[1]), d(ins[4:])) | |
| elif ins[0] == '\x02': | |
| print "add reg[{}], reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2]), ord(ins[3])) | |
| elif ins[0] == '\x03': | |
| print "and reg[{}], reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2]), ord(ins[3])) | |
| elif ins[0] == '\x04': | |
| print "or reg[{}], reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2]), ord(ins[3])) | |
| elif ins[0] == '\x05': | |
| print "xor reg[{}], reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2]), ord(ins[3])) | |
| elif ins[0] == '\x06': | |
| print "not reg[{}], reg[{}]".format(ord(ins[1]), ord(ins[2])) | |
| elif ins[0] == '\x07': | |
| print "rshift reg[{}], reg[{}], {}".format(ord(ins[1]), ord(ins[2]), d(ins[4:])) | |
| elif ins[0] == '\x08': | |
| print "lshift reg[{}], reg[{}], {}".format(ord(ins[1]), ord(ins[2]), d(ins[4:])) | |
| elif ins[0] == '\x09': | |
| print "reg[{}] = reg[{} + reg[{}]]".format(ord(ins[1]), ord(ins[2]), ord(ins[3])) | |
| elif ins[0] == '\x0a': | |
| print "if reg[{}] == reg[{}]: goto {}".format(ord(ins[2]), ord(ins[3]), d(ins[4:])) | |
| elif ins[0] == '\x0b': | |
| print "if reg[{}] < reg[{}]: goto {}".format(ord(ins[2]), ord(ins[3]), d(ins[4:])) | |
| elif ins[0] == '\x0c': | |
| print "END" | |
| with open("bytecode.bin", "w") as f: | |
| f.write(bytecode) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment