woody-woodpacker/print.s

bits 64
global _start

_start:
		push rbp
		push rsp
		push rbx
		push r12
		push r13
		push r14
		push r15

		push rax
		push rcx
		push rdx
		push rsi
		push rdi
		push r8
		push r9
		push r10
		push r11

		mov rdi, 1
		lea     rsi, [rel msg]
		mov rbx, rsi
		sub rbx, qword [rel text_section] ;text_section address because of this and that
		mov r8, qword [rel section_size] ;text_section size
		shr r8, 2
		inc r8
		mov r9, 0 ;increment register
		mov r10, 0 ;increment register
		xor r10, r10
		xor r13, r13
		mov r13d, dword [rel private_key]
		xor r12, r12
		mov r12d, dword [rel private_key + 4]
		;shr r12, 32
		push r13 ; push rsa.d
		push r12 ; push rsa.n
		jmp decrypt_loop

	; rbx is adress of text(encrypted) section
	; r8 is section size
	; r9 is index
	; rax is cypher that needs to be converted to message
	; dword [rsp + 16] is rsa.d
	; dword [rsp + 8] is rsa.n
	; qword [rsp] is cypher backup
	decrypt_once:
		mov r11, 0x100000000
	sq_mul_bit_index:
		shr r11, 1
		mov r12, r11
		and r12, qword [rsp + 16]
		jz sq_mul_bit_index
	sq_mul_loop:
		; check if pow is zero
		shr r11, 1
		cmp r11, 0
		je decrypt_loop2
		; square ...
		mul rax,
		; modulo n ...
		mov r13, qword [rsp + 8]
		xor rdx, rdx
		div r13
		mov rax, rdx
		; ... and multiply
		mov r12, r11
		and r12, qword [rsp + 16]
		cmp r12, 0
		je sq_mul_loop
		mov r13, qword [rsp]
		mul r13
		; modulo n ...
		mov r13, qword [rsp + 8]
		xor rdx, rdx
		div r13
		mov rax, rdx
		; end of loop
		jmp sq_mul_loop

	decrypt_loop:
		cmp r8, r10
		je end_decrypt
		xor rax, rax
		mov eax, dword [rbx + r9]
		push rax
		;push r10
		jmp decrypt_once
	decrypt_loop2:
		sub rax, 42 ; remove 42 of result (avoid 0 values)
		sub rax, r10 ; remove index of result (caesar like cypher so 0/42 values are differents)
		; unpadding and write back here
		mov dword [rbx + r9], 0
		mov r15, r10
		shr r15, 5
		shl r15, 2
		mov rcx, r10
		shl rcx, 59
		shr rcx, 59
		inc rcx
		shl rax, cl
		mov r14, r9
		sub r14, r15
		add [rbx + r14], eax
		shr rax, 32
		cmp r9, 0
		je first_block_skip
		add [rbx + r14 - 4], eax

	first_block_skip:
		; unpadding and write back here
		pop rax
		add r9, 4
		inc r10
		jmp decrypt_loop

	end_decrypt:
		mov rdx, 14
		mov rax, 1
		syscall

		pop r12 ; pop rsa.n
		pop r12 ; pop rsa.d

		pop r11
		pop r10
		pop r9
		pop r8
		pop rdi
		pop rsi
		pop rdx
		pop rcx
		pop rax

		pop r15
		pop r14
		pop r13
		pop r12
		pop rbx
		pop rsp
		pop rbp

        	jmp 0xdadadada ; this needs to be just before that
		msg     db "....WOODY....",10 ; that needs to be just after this
		text_section      dq 0xbabababababababa
		section_size     dq 0xcacacacacacacaca
		private_key       dq 0xabcdefabcdefabcd
chaos 2024-02-19 10:35:40 +00:00			`bits 64`
			`global _start`

			`_start:`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`push rbp`
			`push rsp`
			`push rbx`
			`push r12`
			`push r13`
			`push r14`
			`push r15`
generate payload from file 2024-03-21 14:44:29 +00:00
			`push rax`
feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`push rcx`
generate payload from file 2024-03-21 14:44:29 +00:00			`push rdx`
feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`push rsi`
			`push rdi`
			`push r8`
			`push r9`
			`push r10`
			`push r11`
generate payload from file 2024-03-21 14:44:29 +00:00
			`mov rdi, 1`
assembly simplified 2024-02-23 13:17:23 +00:00			`lea rsi, [rel msg]`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`mov rbx, rsi`
			`sub rbx, qword [rel text_section] ;text_section address because of this and that`
Reset to help behaviour without text section 2024-07-24 14:59:27 +00:00			`mov r8, qword [rel section_size] ;text_section size`
feat(print.s): unpadding WIP 2024-06-16 14:27:37 +00:00			`shr r8, 2`
			`inc r8`
start rot 1 2024-04-17 10:14:08 +00:00			`mov r9, 0 ;increment register`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`mov r10, 0 ;increment register`
start rot 1 2024-04-17 10:14:08 +00:00			`xor r10, r10`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`xor r13, r13`
			`mov r13d, dword [rel private_key]`
			`xor r12, r12`
			`mov r12d, dword [rel private_key + 4]`
			`;shr r12, 32`
			`push r13 ; push rsa.d`
			`push r12 ; push rsa.n`
			`jmp decrypt_loop`

			`; rbx is adress of text(encrypted) section`
			`; r8 is section size`
			`; r9 is index`
			`; rax is cypher that needs to be converted to message`
			`; dword [rsp + 16] is rsa.d`
			`; dword [rsp + 8] is rsa.n`
			`; qword [rsp] is cypher backup`
			`decrypt_once:`
			`mov r11, 0x100000000`
			`sq_mul_bit_index:`
			`shr r11, 1`
			`mov r12, r11`
			`and r12, qword [rsp + 16]`
			`jz sq_mul_bit_index`
			`sq_mul_loop:`
feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`; check if pow is zero`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`shr r11, 1`
			`cmp r11, 0`
			`je decrypt_loop2`
feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`; square ...`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`mul rax,`
			`; modulo n ...`
			`mov r13, qword [rsp + 8]`
			`xor rdx, rdx`
			`div r13`
			`mov rax, rdx`
feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`; ... and multiply`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`mov r12, r11`
			`and r12, qword [rsp + 16]`
			`cmp r12, 0`
			`je sq_mul_loop`
			`mov r13, qword [rsp]`
			`mul r13`
			`; modulo n ...`
			`mov r13, qword [rsp + 8]`
			`xor rdx, rdx`
			`div r13`
			`mov rax, rdx`
feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`; end of loop`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`jmp sq_mul_loop`

			`decrypt_loop:`
			`cmp r8, r10`
			`je end_decrypt`
			`xor rax, rax`
			`mov eax, dword [rbx + r9]`
			`push rax`
			`;push r10`
			`jmp decrypt_once`
			`decrypt_loop2:`
			`sub rax, 42 ; remove 42 of result (avoid 0 values)`
			`sub rax, r10 ; remove index of result (caesar like cypher so 0/42 values are differents)`
			`; unpadding and write back here`
feat(print.s): unpadding WIP 2024-06-16 14:27:37 +00:00			`mov dword [rbx + r9], 0`
			`mov r15, r10`
			`shr r15, 5`
			`shl r15, 2`
feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`mov rcx, r10`
feat(print.s): unpadding WIP 2024-06-16 14:27:37 +00:00			`shl rcx, 59`
			`shr rcx, 59`
feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`inc rcx`
feat(print.s): unpadding WIP 2024-06-16 14:27:37 +00:00			`shl rax, cl`
			`mov r14, r9`
			`sub r14, r15`
			`add [rbx + r14], eax`
feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`shr rax, 32`
feat(print.s): unpadding WIP 2024-06-16 14:27:37 +00:00			`cmp r9, 0`
			`je first_block_skip`
feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`add [rbx + r14 - 4], eax`
feat(print.s): unpadding WIP 2024-06-16 14:27:37 +00:00
			`first_block_skip:`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`; unpadding and write back here`
			`pop rax`
			`add r9, 4`
			`inc r10`
			`jmp decrypt_loop`

			`end_decrypt:`
point point point point 2024-04-17 10:28:34 +00:00			`mov rdx, 14`
assembly simplified 2024-02-23 13:17:23 +00:00			`mov rax, 1`
			`syscall`
start rot 1 2024-04-17 10:14:08 +00:00
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`pop r12 ; pop rsa.n`
			`pop r12 ; pop rsa.d`

feat(print.s): payload should be OK 2024-06-20 06:45:15 +00:00			`pop r11`
			`pop r10`
			`pop r9`
			`pop r8`
			`pop rdi`
			`pop rsi`
			`pop rdx`
			`pop rcx`
			`pop rax`

feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`pop r15`
			`pop r14`
			`pop r13`
			`pop r12`
			`pop rbx`
			`pop rsp`
			`pop rbp`

Merge branch 'rsa-asm' 2024-08-20 14:36:54 +00:00			`jmp 0xdadadada ; this needs to be just before that`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`msg db "....WOODY....",10 ; that needs to be just after this`
Adress to sections added to asm 2024-04-15 08:16:28 +00:00			`text_section dq 0xbabababababababa`
Reset to help behaviour without text section 2024-07-24 14:59:27 +00:00			`section_size dq 0xcacacacacacacaca`
feat(print.s): decypher blocks 2024-06-15 10:43:59 +00:00			`private_key dq 0xabcdefabcdefabcd`