Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 160
- 0000 0a push 0
- 0001 05 69 BUF[ $0x69 ] = pop
- 0003 03 69 push BUF[ $0x69 ]
- 0005 06 02 push $0x2 ; start at offset 2 (first char of input)
- 0007 08 pop A; pop B; push A + B
- 0008 04 push *PEEK
- 0009 0b pop INDEX; push BUF[INDEX] ; push BUF[2+counter]
- 0010 04 push *PEEK
- 0011 0a push 0
- 0012 09 pop A; pop B; push A ^ B ; if character ^ 0 == 0 :: goto 13+2+14=29
- 0013 02 0e branch + $14 if *PEEK=0
- 0015 06 aa push $0xaa ; INDEX = 2+counter
- 0017 09 pop A; pop B; push A ^ B ; VALUE = 0xaa ^ buf[2+counter] ;-----> sploit here??
- 0018 0c pop VALUE; pop INDEX; BUF[INDEX] = VALUE
- 0019 03 69 push BUF[ $0x69 ]
- 0021 06 01 push $0x1
- 0023 08 pop A; pop B; push A + B
- 0024 05 69 BUF[ $0x69 ] = pop ;;;;;; LEN = len + 1
- 0026 0a push 0
- 0027 02 e6 branch + $-26 if *PEEK=0
- 0029 03 69 push BUF[ $0x69 ]
- 0031 06 09 push $0x9
- 0033 06 09 push $0x9
- 0035 08 pop A; pop B; push A + B
- 0036 09 pop A; pop B; push A ^ B
- 0037 02 02 branch + $2 if *PEEK=0 ;;; LEN of argv[1] must be 9+9 = 18 (0x12)
- 0039 0a push 0
- 0040 01 WIN CONDITION if *PEEK != 0
- ;;;; ~roughly 18 characters here. xor ^ 0xaa = win :-)
- 0041 06 cf push $0xcf
- 0043 06 c7 push $0xc7
- 0045 06 df push $0xdf
- 0047 06 c6 push $0xc6
- 0049 06 cb push $0xcb
- 0051 06 de push $0xde
- 0053 06 c5 push $0xc5
- 0055 06 d8 push $0xd8
- 0057 06 d9 push $0xd9
- 0059 06 cb push $0xcb
- 0061 06 d8 push $0xd8
- 0063 06 cf push $0xcf
- 0065 06 64 push $0x64
- 0067 06 64 push $0x64
- 0069 08 pop A; pop B; push A + B ;; compress into c8
- 0070 06 cb push $0xcb
- 0072 06 ce push $0xce
- 0074 06 cb push $0xcb
- 0076 06 d9 push $0xd9
- 0078 06 d9 push $0xd9
- 0080 0a push 0
- 0081 05 69 BUF[ $0x69 ] = pop ; counter = 0
- ;;; this looks like a crypto loop right here
- 0083 05 6a BUF[ $0x6a ] = pop ; BUF[6A] = 0xd9
- 0085 03 69 push BUF[ $0x69 ]
- 0087 06 32 push $0x32
- 0089 08 pop A; pop B; push A + B ; INDEX = 50+counter
- 0090 03 6a push BUF[ $0x6a ] ; VALUE = BUF[6A]
- 0092 0c pop VALUE; pop INDEX; BUF[INDEX] = VALUE ;;; BUF[ 50+counter ] = BUF[6A]
- ---
- 0093 03 69 push BUF[ $0x69 ]
- 0095 06 ff push $0xff
- 0097 08 pop A; pop B; push A + B ; counter = counter - 1
- 0098 04 push *PEEK ; duplicate counter
- 0099 05 69 BUF[ $0x69 ] = pop
- ---
- 0101 06 ee push $0xee
- 0103 09 pop A; pop B; push A ^ B ; 0xee ^ counter
- 0104 02 03 branch + $3 if *PEEK=0
- 0106 0a push 0
- 0107 02 e6 branch + $-26 if *PEEK=0
- ;;;;; done with loop
- 0109 0a push 0
- 0110 05 69 BUF[ $0x69 ] = pop ; counter = 0
- 0112 03 69 push BUF[ $0x69 ]
- 0114 06 02 push $0x2
- 0116 08 pop A; pop B; push A + B ;
- 0117 0b pop INDEX; push BUF[INDEX] ; buf[ counter + 2]
- 0118 03 69 push BUF[ $0x69 ]
- 0120 06 21 push $0x21
- 0122 08 pop A; pop B; push A + B ;
- 0123 0b pop INDEX; push BUF[INDEX] ; buf[counter + 0x21]
- 0124 09 pop A; pop B; push A ^ B
- 0125 02 02 branch + $2 if *PEEK=0 ; condition -> buf[counter+0x2] must equal buf[counter+0x21]
- 0127 0a push 0
- 0128 01 WIN CONDITION if *PEEK != 0
- 0129 03 69 push BUF[ $0x69 ]
- 0131 07 push 1
- 0132 08 pop A; pop B; push A + B ; counter = counter + 1
- 0133 04 push *PEEK
- 0134 05 69 BUF[ $0x69 ] = pop
- 0136 06 12 push $0x12
- 0138 09 pop A; pop B; push A ^ B ;
- 0139 02 03 branch + $3 if *PEEK=0 ; if counter gets to 18 --- win
- 0141 0a push 0
- 0142 02 e0 branch + $-32 if *PEEK=0
- 0144 07 push 1
- 0145 01 WIN CONDITION if *PEEK != 0
- 0146 00 UNDEFINED
- 0147 00 UNDEFINED
- 0148 00 UNDEFINED
- 0149 9a ???
- 0150 04 push *PEEK
- 0151 08 pop A; pop B; push A + B
- 0152 00 UNDEFINED
- 0153 00 UNDEFINED
- 0154 00 UNDEFINED
- 0155 00 UNDEFINED
- 0156 00 UNDEFINED
- 0157 00 UNDEFINED
- 0158 00 UNDEFINED
- 0159 00 UNDEFINED
Add Comment
Please, Sign In to add comment
