SHARE
TWEET

santacruzButInCAndCompleted

a guest Feb 18th, 2020 146 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // Login function
  2. inline asm {
  3.     push    r11
  4.     push    r4
  5.     mov     sp, r4
  6.     add     #0x4, r4
  7.     add     #0xffd8, sp
  8.     mov.b   #0x0, -0x6(r4)
  9.     mov.b   #0x8, -0x19(r4)
  10.     mov.b   #0x10, -0x18(r4)
  11. }
  12.  
  13. puts("Authentication now requires a username and password.");
  14. /* Technically this could probably be expanded to include the str being put into memory
  15. *  
  16. *  (char *)0x4484 = "Authentication now requires a username and password."
  17. *  puts((char *)0x4484)
  18. *
  19. */
  20.  
  21. puts("Remember: both are between 8 and 16 characters.");
  22. puts("Please enter your username:");
  23.  
  24. // get input from the user, up to 0x63 (dec 99) characters, and store it in adr 0x2404
  25. getsn((char *)0x2404, 0x63)
  26.  
  27. // print the user's input
  28. puts(char *)0x2404);
  29.  
  30. // copy that input to 0xffd6 using strcpy
  31. strcpy((char *)0xffd6, (char* )0x2404);
  32.  
  33. puts("Please enter your password:");
  34.  
  35. // get input from the user, up to 0x63 (dec 99) characters, and store it in adr 0x2404
  36. getsn(char *)0x2404, 0x63);
  37.  
  38. // print the user's input
  39. puts((char *)0x2404);
  40.  
  41. // copy that input to 0xffe9 using strcpy
  42. // just a note: ffe9 - ffd6 = 0x13 or dec 19 -> that's the length between where the
  43. //              username and password are stored
  44. strcpy((char *)0xffe9, (char* )0x2404);
  45.  
  46. inline asm {
  47.     mov     r11, r15
  48.     mov     r4, r14
  49.     add #0xffe8, r14    // r14 = 43b4
  50. }
  51.  
  52. // basically what I'm trying to show here is if the value at the first byte at the
  53. // address in r14 isn't null, increase the address by one and move onto the next character and
  54. // check if that's null
  55. void* register14 = 0x43b4; // this is just a placeholder variable for r14, just to visualize
  56.  
  57. label1:
  58. if ((char *)register14 != 0x00) {
  59.     register14++;
  60.     goto label1;
  61. }
  62.  
  63. inline asm {
  64.     mov     r14, r11            // r11 = r14, so r11 = the address of the null byte at the  
  65.                                 // end of the username string
  66.     sub     r15, r11            // r11 = r11 - r15 -> the difference between the addresses
  67.                                 // which gets stored in r11
  68.     mov.b   -0x18(r4), r15      // move the value at r4 - 0x18 into r15
  69.    
  70.     // I looked up the MSP430 instruction set, and sxt is "Sign extend 8 bits to 16"
  71.     // does that make more space available to be stored in r15..?
  72.     // Seems like this is for the username
  73.     sxt     r15
  74.     cmp     r15, r11                        // r11 - r15 -> if r15 < r11 then set the carry
  75.                                             // cmp in msp430 = arg2 - arg1
  76.                                             // carry can be set when the result is negative,
  77.                                             // as I found on stackoverflow -- ask me for link
  78.                                             // if needed
  79.     jnc     #0x45fa <login+0xaa>            // branch off and continue code like normal
  80.  
  81.     // if the carry flag was set, stop the program
  82.     mov     &0x2400, r15                  
  83.     call    #0x4728 <puts>
  84.     br      #0x4440 <__stop_progExec__>
  85.     mov.b   -0x19(r4), r15
  86.    
  87.     // Same thing above, but for the password
  88.     sxt     r15
  89.     cmp     r15, r11                    // maybe if the password is smaller than the username,
  90.                                         // continue like normal?
  91.     jc      #0x4610 <login+0xc0>        // jump if carry flag was set, and continue like normal
  92.  
  93.     // if the carry flag wasn't set, stop the program
  94.     mov     &0x2402, r15
  95.     call    #0x4728 <puts>
  96.     br      #0x4440 <__stop_progExec__>
  97.  
  98.  
  99.     mov.b   #0x0, -0x2c(r4)     // move a null byte into the address of r4 - 0x2c
  100.     mov     #0xffd4, r15        // set r15 to 0xffd4, which is by the username
  101.     add     r4, r15             // add the value inside r4 to r15..?
  102.     push    r15                 // push the username string onto the stack
  103.  
  104.     mov r4, r15
  105.     add #0xffe9, r15            // set r15 a little further in memory, where the password is stored
  106.     push    r15                 // push the password string onto the stack
  107.     add #0xffed, r15            // move further into memory for the next string?
  108.     push    r15                 // push the value in r15 to the stack
  109.  
  110.     push    #0x7d  
  111.     call    #0x46c4 <INT>       // INT call to test if password is correct
  112.                                 // Takes two arguments, which in this case is probably
  113.                                 // the most recent `push r15`, which is the username? and 0x7d, or
  114.                                 // the first two things on top of the stack, which is
  115.                                 // the username? and the password
  116.  
  117.     add     #0x8, sp // move the stack pointer by 0x8
  118. }
  119.  
  120. // next up is some sorta pseudocode, but it's the best way I can illustrate it in C
  121. // (this starts at 4634 in the microcorruption disassembly)
  122. char *str;
  123.  
  124. if ((r4 - 0x2c) == 0x00) {
  125.     str = "That password is not correct.";
  126. } else {
  127.     str = "Access Granted";
  128.     unlock_door();
  129. }
  130.  
  131. puts(str);
  132.  
  133. if ((r4 - 0x6) != 0) {
  134.     puts((char *)0x2400);                   // print the password
  135.  
  136.     inline asm {    
  137.         br  #0x4440 <__stop_progExec__>     // quit the program
  138.     }
  139. } else {
  140.     inline asm {
  141.         add     #0x28, sp                   // add 0x28 to the stack pointer
  142.         pop     r4                          // pop out values in r4 and r11
  143.         pop     r11
  144.     }
  145. }
  146.  
  147. return; // Done!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top