SHOW:
|
|
- or go back to the newest paste.
| 1 | class VirtualMachine: | |
| 2 | def __init__(self, ram): | |
| 3 | self.reg1 = 0 | |
| 4 | self.ram = ram | |
| 5 | self.cs = 0xFF | |
| 6 | self.eip = 0 | |
| 7 | ||
| 8 | def run(self): | |
| 9 | while 1: | |
| 10 | inst = self.ram[self.cs+self.eip+0] | |
| 11 | offset = self.ram[self.cs+self.eip+1] | |
| 12 | value = self.ram[self.cs+self.eip+2] | |
| 13 | ||
| 14 | if self.instruction_handler(inst, offset, value) == 1: | |
| 15 | break | |
| 16 | ||
| 17 | self.eip += 3 | |
| 18 | ||
| 19 | def instruction_handler(self, inst, offset, value): | |
| 20 | if inst == 1: | |
| 21 | self.ram[offset] = value | |
| 22 | print("moved value (0x%0.2X) to ram offset: 0x%0.2X" % (value, offset))
| |
| 23 | ||
| 24 | elif inst == 2: | |
| 25 | self.reg1 = self.ram[offset] | |
| 26 | print("moved value (0x%0.2X) to reg1" % self.ram[offset])
| |
| 27 | ||
| 28 | elif inst == 3: | |
| 29 | self.ram[offset] ^= self.reg1 | |
| 30 | print("xor'd value at ram offset (0x%0.2X) with content of reg1 (0x%0.2X)" % (offset, self.reg1))
| |
| 31 | ||
| 32 | elif inst == 4: | |
| 33 | print("got stop instruction, extracting flag...")
| |
| 34 | print("%s" % self.ram.split('\0')[0])
| |
| 35 | return 1 | |
| 36 | ||
| 37 | return 0 | |
| 38 | ||
| 39 | ||
| 40 | f = open("ram.bin", "rb")
| |
| 41 | initial_state = bytearray(f.read()) | |
| 42 | f.close() | |
| 43 | ||
| 44 | vm = VirtualMachine(initial_state) | |
| 45 | vm.run() |
