SHARE
TWEET

GCHQ Stage 2 Solution VM disassembled

a guest Dec 5th, 2011 1,012 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Instructions decoded at 0x00 - decrypts second stage decrypter (below)
  2. --------------------------------------------------------------
  3. First program - decrypts 0x100->0x14F (second stage)
  4. r1 = 4
  5. r3 = 170
  6. loop
  7. r0 = [ds:r2]
  8. r0 ^= r3
  9. [ds:r2] = r0
  10. r2++
  11. r3++
  12. ?if r2=80
  13. r0 = 20
  14. jmpe next
  15. jmp loop
  16.  
  17. next
  18. jmp 16:0
  19.  
  20.  
  21. Second decrypter - at 0x100
  22. ----------------------------
  23. - on entry r=(0,4,80,240,cs=16,ds=16)
  24. r2 = 0
  25. r5 += 12
  26. r1 = 8
  27. r3 = 50
  28.  
  29. now r=(0,8,0,50,16,28) (ds=start of GET string)
  30. loop1:
  31. r0 = [ds:r2]
  32. r0 ^= r3
  33. [ds:r2] = r0
  34. r2++
  35. r3 += 3
  36. if r2=0?
  37.   jmp r3
  38. if r0 = 0
  39.   jmp end
  40. jmp loop1
  41.  
  42. end:
  43. hlt
  44.  
  45. plain text is at 0x1C0 to 0x1F1
  46.  
  47.  
RAW Paste Data
Top