mtb

1. class VirtualMachine:
2.     def __init__(self, ram):
3.         self.reg1 = 0
4.         self.ram = ram
5.         self.cs = 0xFF
6.         self.eip = 0
7.  
8.     def run(self):
9.         while 1:
10.             inst = self.ram[self.cs+self.eip+0]
11.             offset = self.ram[self.cs+self.eip+1]
12.             value = self.ram[self.cs+self.eip+2]
13.  
14.             if self.instruction_handler(inst, offset, value) == 1:
15.                 break
16.  
17.             self.eip += 3
18.  
19.     def instruction_handler(self, inst, offset, value):
20.         if inst == 1:
21.             self.ram[offset] = value
22.             print("moved value (0x%0.2X) to ram offset: 0x%0.2X" % (value, offset))
23.  
24.         elif inst == 2:
25.             self.reg1 = self.ram[offset]
26.             print("moved value (0x%0.2X) to reg1" % self.ram[offset])
27.  
28.         elif inst == 3:
29.             self.ram[offset] ^= self.reg1
30.             print("xor'd value at ram offset (0x%0.2X) with content of reg1 (0x%0.2X)" % (offset, self.reg1))
31.  
32.         elif inst == 4:
33.             print("got stop instruction, extracting flag...")
34.             print("%s" % self.ram.split('\0')[0])
35.             return 1
36.  
37.         return 0
38.  
39.  
40. f = open("ram.bin", "rb")
41. initial_state = bytearray(f.read())
42. f.close()
43.  
44. vm = VirtualMachine(initial_state)
45. vm.run()