Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- from unicorn import *
- from unicorn.x86_const import *
- import sys
- key = ['\r','Z','B','E']
- def hook_mem_invalid(uc,access,address,size,value,user_data):
- if access == UC_MEM_WRITE_UNMAPPED:
- print "Missing memory at %08x is being written at %08x" % (address,uc.reg_read(UC_X86_REG_EIP))
- elif access == UC_MEM_READ_UNMAPPED:
- print "Missing memory at %08x is being read at %08x" % (address,uc.reg_read(UC_X86_REG_EIP))
- else:
- print "Missing memory at %08x is being fetched at %08x" % (address,uc.reg_read(UC_X86_REG_EIP))
- # print "BYE"
- uc.emu_stop()
- def hook_interrupt(uc,intr,userdata):
- global key
- if intr == 0x80:
- ftype = uc.reg_read(UC_X86_REG_AL)
- if ftype == 0x4:
- fdata_ptr = uc.reg_read(UC_X86_REG_CX)
- try:
- fdata = uc.mem_read(fdata_ptr,0x10)
- except:
- fdata = None
- print "(SYS_OPEN:%s)" % fdata,
- else:
- print "(INT80H:OP:%x)" % ftype,
- uc.emu_stop()
- elif intr == 0x10:
- data = uc.reg_read(UC_X86_REG_AL)
- sys.stdout.write("%c" % chr(data))
- elif intr == 0x16: # WHAT IS THE KEY?
- if len(key) == 0:
- print "WAITING FOR INPUT AGAIN"
- uc.emu_stop()
- return
- # sys.exit(0)
- uc.reg_write(UC_X86_REG_AL,ord(key.pop()))
- else:
- print "UNHANDLED INTERRUPT %x at %x" % (intr,uc.reg_read(UC_X86_REG_EIP))
- uc.emu_stop()
- return
- # uc.emu_reset()
- # print "BYE"
- # sys.exit(0)
- f = open("small","rb")
- data = f.read()
- f.close()
- for key_1 in "ABCDEFGHIJKLMNOPQRSTUVWXYZ":
- for key_2 in "ABCDEFGHIJKLMNOPQRSTUVWXYZ":
- for key_3 in "ABCDEFGHIJKLMNOPQRSTUVWXYZ":
- key = list("%c%c%c\r" % (key_1,key_2,key_3))[::-1]
- print "%s :" % key,
- mu = Uc(UC_ARCH_X86,UC_MODE_16)
- mu.hook_add(UC_HOOK_MEM_UNMAPPED, hook_mem_invalid)
- mu.hook_add(UC_HOOK_INTR, hook_interrupt)
- mu.mem_map(0x7000,0x2000)
- mu.mem_write(0x7C00,data)
- try:
- mu.emu_start(0x7C00,0x7C00 + len(data),timeout=10)
- except:
- print "fucking fail"
- pass
Add Comment
Please, Sign In to add comment