API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 22nd, 2019
121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.05 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [bits 64]
  3.  
  4. section .data align=32
  5.  
  6. fail:
  7. db "NO"
  8. db 0x0d,0x0a
  9. fail_len equ $ - fail
  10. confirm_1:
  11. db "HTB{"
  12. confirm_1_len equ $ - confirm_1
  13. confirm_2:
  14. db "}"
  15. db 0x0d,0x0a
  16. confirm_2_len equ $ - confirm_2
  17. colon: db ':'
  18.  
  19. matrix_expected:
  20. ; 8x8 column order matrix_result for verification
  21. dw 11115,10925,9595,10830,10450,9215,10355,9595
  22. dw 5265,5175,4545,5130,4950,4365,4905,4545
  23. dw 7137,7015,6161,6954,6710,5917,6649,6161
  24. dw 3744,3680,3232,3648,3520,3104,3488,3232
  25. dw 3744,3680,3232,3648,3520,3104,3488,3232
  26. dw 7137,7015,6161,6954,6710,5917,6649,6161
  27. dw 5265,5175,4545,5130,4950,4365,4905,4545
  28. dw 11115,10925,9595,10830,10450,9215,10355,9595
  29.  
  30. username_hash:
  31. db 'username'
  32. username_hash_len equ $ - username_hash
  33. db 'src @ p-bin '
  34. ;===============================================================
  35. section .bss align=32
  36. matrix_l:
  37. ; 8x8 column order matrix_result for password
  38. resb 64
  39.  
  40. matrix_u:
  41. ; 8x8 row order matrix_result for username
  42. resb 64
  43.  
  44. matrix_result:
  45. ; 8x8 row order matrix_result for username
  46. resb 64
  47. ;===============================================================
  48. section .text align=32
  49. global _start
  50. ;--------------------------------------------------------
  51. ;
  52. ; Count the number of bytes in RDI up to a NUL terminator
  53. ;
  54. ; Result in ecx
  55. ;
  56. lenstr:
  57. xor ecx,ecx
  58. not ecx ; counter = maxint
  59. xor eax,eax ; search for 0
  60. cld
  61. repne scasb ; scan edi for al
  62. not ecx
  63. dec ecx ; ecx is length of [rdi]
  64. ret
  65.  
  66. _start:
  67. cld ; always fwd scans
  68.  
  69. mov eax,[rsp] ; argc
  70. cmp eax, 3 ; 3 args ?
  71. jl exit_bad
  72. ;.................................
  73. lea rsi,[rsp+8] ; argv
  74. ;.................................
  75. mov rdi,[rsi+8] ; argv[1]
  76. push rdi
  77. call lenstr ; [rdi].length => ecx
  78. ;................................
  79. cmp rcx, username_hash_len ; bad username length ?
  80. jne exit_bad
  81. pop rdi
  82. push rcx ; need length later
  83. ;................................
  84. push rdi
  85. mov rsi, dword username_hash
  86. repe cmpsb
  87. pop rsi ; argv[1]
  88. pop rcx ; not affect flags
  89. jnz exit_bad ; username no match
  90. ;................................
  91. mov rdi, dword matrix_l
  92. rep movsb
  93. ;................................
  94. lea rsi,[rsp+8] ; argv
  95.  
  96. mov rdi,[rsi+16] ; argv[2]
  97. push rdi
  98. call lenstr ; [rdi].length => ecx
  99.  
  100. pop rsi
  101. mov rdi, dword matrix_u
  102. rep movsb
  103. ;................................
  104. call matmul
  105.  
  106. mov rsi, dword matrix_result
  107. mov rdi, dword matrix_expected
  108. mov ecx,64
  109. repe cmpsw
  110. jnz exit_bad ; username no match
  111. ;-------------------------------------------
  112. exit_ok:
  113. xor rdi,rdi
  114. inc rdi
  115. mov rsi, dword confirm_1 ; msg to print
  116. mov rdx, confirm_1_len ; num chars
  117. xor eax,eax
  118. inc eax ; print (opcode = 1)
  119. syscall
  120.  
  121. mov rsi, dword matrix_l ; msg to print
  122. mov rdx, 8 ; num chars
  123. xor eax,eax
  124. inc eax ; print (opcode = 1)
  125. syscall
  126.  
  127. mov rsi, dword colon ; msg to print
  128. xor eax,eax
  129. inc eax
  130. mov rdx,rax ; print (opcode = 1)
  131. syscall
  132.  
  133. mov rsi, dword matrix_u ; msg to print
  134. mov rdx, 8 ; num chars
  135. xor eax,eax
  136. inc eax ; print (opcode = 1)
  137. syscall
  138.  
  139. mov rsi, dword confirm_2 ; msg to print
  140. mov rdx, confirm_2_len ; num chars
  141. xor eax,eax
  142. inc eax ; print (opcode = 1)
  143. syscall
  144.  
  145. xor rdi,rdi ; return code = 0
  146. exit_code:
  147. mov eax,0x3c ; exit
  148. syscall
  149.  
  150. exit_bad:
  151. xor rdi,rdi
  152. inc rdi
  153. inc rdi ; stderr
  154. mov rsi, dword fail ; msg
  155. mov rdx, fail_len ; num chars
  156. xor eax,eax
  157. inc eax ; print (opcode = 1)
  158. syscall
  159.  
  160. xor rdi,rdi
  161. not rdi
  162. jmp exit_code
  163.  
  164.  
  165. ;--------------------------------------------------------
  166. ;
  167. ; Matrix multiply of matrix 8x8 bytes
  168. ; to matrix of 8x8 words
  169. ;
  170. ; Result in matrix L
  171. ;
  172. matmul:
  173. mov r10, dword matrix_result + 64*2
  174.  
  175. xor eax,eax ; for mul make sure hiwords are zero
  176.  
  177. mov r8, 7
  178. matmul_loop_1:
  179. mov r9, 7
  180. matmul_loop_2:
  181. xor edx,edx
  182.  
  183. lea rsi, [matrix_l-1 + r9 ]
  184. lea rdi, [matrix_u-8 + r8 ]
  185. mov ecx, 8
  186. matmul_loop_3:
  187. mov al, [rsi+rcx] ; row start + col num
  188. mul byte [rdi+rcx*8] ; col start + row num x 8
  189. add edx,eax
  190. loop matmul_loop_3
  191.  
  192. dec r10
  193. dec r10
  194. mov [r10], dx
  195. dec r9
  196. jns matmul_loop_2
  197.  
  198. dec r8
  199. jns matmul_loop_1
  200.  
  201. ret
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!