refacto(xor): opti payload size

2024-09-03 23:57:33 +02:00 · 2024-09-03 23:57:33 +02:00 · 18358ce36c
parent 77b90650b1
commit 18358ce36c
2 changed files with 41 additions and 51 deletions
--- a/assets/xor.s
+++ b/assets/xor.s
@ -5,66 +5,55 @@ _start:
 	push rbp
 	push rsp
 	push rbx
-	push r13
 	push rax
 	push rcx
 	push rdx
 	push rsi
 	push rdi
 	push r8
-	push r9

-	mov rdi, 1
 	lea rsi, [rel msg]
 	mov rbx, rsi
-	;mov rbx, qword [rel text_section]
 	sub rbx, qword [rel text_section] ;text_section address because of this and that
 	mov r8, qword [rel section_size] ;text_section size
-	mov r9, 0 ;increment register
-	xor r13, r13
-	mov r13, qword [rel private_key]
-
-	decrypt_whole_blocks:
-		; check left to decrypt < block_size
-		mov rcx, r8
-		sub rcx, r9
-		cmp rcx, 8
-		jle decrypt_last_block
-		; xor section with private_key
-		mov rdx, rbx
-		add rdx, r9
-		xor [rdx], r13
-		; increase section address
-		; increase counter
-		add r9, 8
-		jmp decrypt_whole_blocks
+	mov rdx, qword [rel private_key]

 	decrypt_last_block:
-		mov rdx, 8
-		sub rdx, rcx
-		mov rcx, rdx
-		mov rax, 8
-		mul cl
-		mov rcx, rax
-		shl r13, cl
-		shr r13, cl
-		mov rdx, rbx
-		add rdx, r9
-		xor [rdx], r13
+		; rcx = 8 * (8 - section_size % 8)
+		; Then crop the private key by rcx bits
+		; That's to decrypt the end of the section in case the section size
+		; isn't a multiple of 64 bits
+		mov rcx, r8
+		not rcx
+		and rcx, 7
+		inc rcx
+		shl rcx, 3
+		mov rax, rdx
+		shl rax, cl
+		shr rax, cl
+		; make section size a multiple of 64bits with this and
+		and r8, 0xfffffffffffffff8
+		xor [rbx + r8], rax
+
+	decrypt_whole_blocks:
+		sub r8, 8
+		cmp r8, -8
+		je end_decrypt
+		xor [rbx + r8], rdx
+		jmp decrypt_whole_blocks

 	end_decrypt:
+		mov rdi, 1
 		mov rdx, 14
 		mov rax, 1
 		syscall

-		pop r9
 		pop r8
 		pop rdi
 		pop rsi
 		pop rdx
 		pop rcx
 		pop rax
-		pop r13
 		pop rbx
 		pop rsp
 		pop rbp
--- a/src/woody_woodpacker.c
+++ b/src/woody_woodpacker.c
@ -116,25 +116,26 @@ int encrypt_xor(t_map file, Elf64_Phdr load_segment) {
 t_payload64 get_xor_payload64(void) {
 	t_payload64 payload;

-	payload.len = 191;
-	payload.jump_offset = 149;
-	payload.load_ptr_offset = 167;
-	payload.load_size_offset = 175;
+	size_t diff = 30;
+
+	payload.len = 191 - diff;
+	payload.jump_offset = 149 - diff;
+	payload.load_ptr_offset = 167 - diff;
+	payload.load_size_offset = 175 - diff;
 	payload.encrypt = &encrypt_xor;
 	payload.data = malloc(payload.len * sizeof(unsigned char));
 	ft_memcpy(payload.data,
-			"\x55\x54\x53\x41\x55\x50\x51\x52\x56\x57\x41\x50\x41\x51\xbf\x01"
-			"\x00\x00\x00\x48\x8d\x35\x7f\x00\x00\x00\x48\x89\xf3\x48\x2b\x1d"
-			"\x83\x00\x00\x00\x4c\x8b\x05\x84\x00\x00\x00\x41\xb9\x00\x00\x00"
-			"\x00\x4d\x31\xed\x4c\x8b\x2d\x7c\x00\x00\x00\x4c\x89\xc1\x4c\x29"
-			"\xc9\x48\x83\xf9\x08\x7e\x0f\x48\x89\xda\x4c\x01\xca\x4c\x31\x2a"
-			"\x49\x83\xc1\x08\xeb\xe5\xba\x08\x00\x00\x00\x48\x29\xca\x48\x89"
-			"\xd1\xb8\x08\x00\x00\x00\xf6\xe1\x48\x89\xc1\x49\xd3\xe5\x49\xd3"
-			"\xed\x48\x89\xda\x4c\x01\xca\x4c\x31\x2a\xba\x0e\x00\x00\x00\xb8"
-			"\x01\x00\x00\x00\x0f\x05\x41\x59\x41\x58\x5f\x5e\x5a\x59\x58\x41"
-			"\x5d\x5b\x5c\x5d\xe9\x41\xda\xda\xda\x2e\x2e\x2e\x2e\x57\x4f\x4f"
-			"\x44\x59\x2e\x2e\x2e\x2e\x0a\xba\xba\xba\xba\xba\xba\xba\xba\xca"
-			"\xca\xca\xca\xca\xca\xca\xca\xcd\xab\xef\xcd\xab\xef\xcd\xab",
+			"\x55\x54\x53\x50\x51\x52\x56\x57\x41\x50\x48\x8d\x35\x6a\x00\x00"
+			"\x00\x48\x89\xf3\x48\x2b\x1d\x6e\x00\x00\x00\x4c\x8b\x05\x6f\x00"
+			"\x00\x00\x48\x8b\x15\x70\x00\x00\x00\x4c\x89\xc1\x48\xf7\xd1\x48"
+			"\x83\xe1\x07\x48\xff\xc1\x48\xc1\xe1\x03\x48\x89\xd0\x48\xd3\xe0"
+			"\x48\xd3\xe8\x49\x83\xe0\xf8\x4a\x31\x04\x03\x49\x83\xe8\x08\x49"
+			"\x83\xf8\xf8\x74\x06\x4a\x31\x14\x03\xeb\xf0\xbf\x01\x00\x00\x00"
+			"\xba\x0e\x00\x00\x00\xb8\x01\x00\x00\x00\x0f\x05\x41\x58\x5f\x5e"
+			"\x5a\x59\x58\x5b\x5c\x5d\xe9\x5f\xda\xda\xda\x2e\x2e\x2e\x2e\x57"
+			"\x4f\x4f\x44\x59\x2e\x2e\x2e\x2e\x0a\xba\xba\xba\xba\xba\xba\xba"
+			"\xba\xca\xca\xca\xca\xca\xca\xca\xca\xcd\xab\xef\xcd\xab\xef\xcd"
+			"\xab",
 			payload.len);
 	return payload;
 }