From 41fb358473e52233b99225597be23265311d0f09 Mon Sep 17 00:00:00 2001 From: pbonilla Date: Wed, 17 Apr 2024 12:14:08 +0200 Subject: [PATCH] start rot 1 --- includes/woody.h | 2 ++ print.s | 18 ++++++++++++++++-- srcs/encrypt.c | 2 +- srcs/woody.c | 18 ++++++++++-------- 4 files changed, 29 insertions(+), 11 deletions(-) diff --git a/includes/woody.h b/includes/woody.h index 2807779..459e691 100644 --- a/includes/woody.h +++ b/includes/woody.h @@ -14,7 +14,9 @@ #include #include + #define JUMP "\xe9" +#define WOODY "..WOODY.." #define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba" #define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca" diff --git a/print.s b/print.s index 519afa7..51adbe6 100644 --- a/print.s +++ b/print.s @@ -9,7 +9,20 @@ _start: mov rdi, 1 lea rsi, [rel msg] - mov byte[rsi - 317], 0x90 + mov rax, rsi + sub rax, qword [rel text_section] ;text_section address + mov r8, qword [rel section_sisze] ;text_section size + mov r9, 0 ;increment register + xor r10, r10 + ; encrypt: + ; cmp r8, r9 + ; je end_encrypt + ; mov r10b, byte[rax + r9] + ; inc r10b ;rot + 1 + ; mov byte[rax + r9], r10b + ; inc r9 + ; jmp encrypt + ; end_encrypt: mov rdx, 10 mov rax, 1 syscall @@ -17,7 +30,8 @@ _start: pop rsi pop rdi pop rax - jmp 0x00000000 + + jmp 0x00000000 ;for now it needs to be the first jmp msg db "..WOODY..",10 text_section dq 0xbabababababababa section_sisze dq 0xcacacacacacacaca \ No newline at end of file diff --git a/srcs/encrypt.c b/srcs/encrypt.c index 833b63a..f7866d7 100644 --- a/srcs/encrypt.c +++ b/srcs/encrypt.c @@ -5,7 +5,7 @@ void encrypt(char *file, unsigned long int offset, unsigned long int size) size_t i = 0; while (i < size) { - file[offset + i] = file[offset + i] + 1; + file[offset + i] = file[offset + i] - 1; ++i; } } \ No newline at end of file diff --git a/srcs/woody.c b/srcs/woody.c index 21176da..37b3ecd 100644 --- a/srcs/woody.c +++ b/srcs/woody.c @@ -101,29 +101,31 @@ t_payload *get_payload() int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_position) { char *ptr_jmp = ft_strnstr_nullterminated(payload->payload, JUMP, payload->len); + char *ptr_woody = ft_strnstr_nullterminated(payload->payload, WOODY, payload->len); char *ptr_text_section = ft_strnstr_nullterminated(payload->payload, TEXT_OFFSET, payload->len); char *ptr_section_size = ft_strnstr_nullterminated(payload->payload, SECTION_SIZE, payload->len); - if (ptr_jmp && ptr_text_section && ptr_section_size) + if (ptr_jmp && ptr_woody && ptr_text_section && ptr_section_size) { - printf("test a jumo = %ld\n", ptr_jmp - payload->payload); - printf("test a jumo = %ld\n", ptr_jmp - payload->payload + sizeof(JUMP)); - printf("jump base = %ld\n", payload->len); - printf("the jump = %ld\n", payload->len - 16); + int32_t woody_index = ptr_woody - payload->payload; int32_t jmp_index = ptr_jmp - payload->payload; int32_t jump_value = (payload_position - woody->Ehdr->e_entry + jmp_index - 1) * -1; ft_memcpy(&payload->payload[jmp_index + 1], &jump_value, sizeof(jump_value)); int64_t text_index = ptr_text_section - payload->payload; - int64_t text_value = (payload_position - woody->text_section->sh_offset + text_index - 1) * -1; - text_value = 0; + int64_t text_value = payload_position - woody->Ehdr->e_entry + woody_index; ft_memcpy(&payload->payload[text_index], &text_value, sizeof(text_value)); int64_t section_index = ptr_section_size - payload->payload; - int64_t section_value = (payload_position - woody->text_section->sh_size + section_index - 1) * -1; + int64_t section_value = woody->text_section->sh_size; ft_memcpy(&payload->payload[section_index], §ion_value, sizeof(section_value)); ft_memcpy(woody->file + payload_position, payload->payload, payload->len); + + printf("jmp_index : %d (%x)\n", jmp_index, jmp_index); + printf("woody index :%d (%x)\n", woody_index, woody_index); + printf("jmp_index++ : %ld (%lx)\n", jmp_index + sizeof(JUMP) + sizeof(jump_value), jmp_index + sizeof(JUMP) + sizeof(jump_value) - 1); + printf("text_value : %ld (%lx)\n", text_value, text_value); printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry); printf("Code cave start = %ld (%lx)\n", payload_position, payload_position); printf("Payload size = %ld (%lx)\n", payload->len, payload->len);