Search for jump value instead of E9

Decrypt rot1 ~OK

Makefile

@@ -16,7 +16,7 @@ RM			= rm -f
 
 LIBFT_FLAGS	= ft_printf/libftprintf.a
 
-CFLAGS		= -Wall -Wextra -Werror
+CFLAGS		= -Wall -Wextra -Werror -g3
 
 all:	${NAME}
 

includes/woody.h

@@ -16,7 +16,9 @@
 
 
 #define JUMP "\xe9"
-#define WOODY "..WOODY.."
+#define WOODY "....WOODY...."
+#define JUMP_VALUE "\xda\xda\xda"
+
 #define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba"
 #define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca"
 

print.s

@@ -14,15 +14,15 @@ _start:
 		mov r8, qword [rel section_sisze] ;text_section size
 		mov r9, 0 ;increment register
 		xor r10, r10
-	; encrypt:
-	; 	cmp r8, r9
-	; 	je end_encrypt
-	; 	mov r10b, byte[rax + r9]
-	; 	inc r10b ;rot + 1
-	; 	mov byte[rax + r9], r10b
-	; 	inc r9
-	; 	jmp encrypt
-	; end_encrypt:
+	encrypt:
+		cmp r8, r9
+		je end_encrypt
+		movzx r10, byte[rax + r9]
+		inc r10b ;rot + 1
+		mov byte[rax + r9], r10b
+		inc r9
+		jmp encrypt
+	end_encrypt:
 		mov rdx, 14
 		mov rax, 1
 		syscall
@@ -31,7 +31,7 @@ _start:
         pop rdi
         pop rax
 
-        jmp 0x00000000 ;for now it needs to be the first jmp
+        jmp 0xdadadada
 		msg     db "....WOODY....",10
 		text_section      dq 0xbabababababababa
 		section_sisze     dq 0xcacacacacacacaca

srcs/woody.c

@@ -99,15 +99,14 @@ t_payload *get_payload()
 
 int	insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_position)
 {
-	char *ptr_jmp = ft_strnstr_nullterminated(payload->payload, JUMP, payload->len);
+	char *ptr_jmp_value = ft_strnstr_nullterminated(payload->payload, JUMP_VALUE, payload->len);
 	char *ptr_woody = ft_strnstr_nullterminated(payload->payload, WOODY, payload->len);
 	char *ptr_text_section = ft_strnstr_nullterminated(payload->payload, TEXT_OFFSET, payload->len);
 	char *ptr_section_size = ft_strnstr_nullterminated(payload->payload, SECTION_SIZE, payload->len);
-	if (ptr_jmp && ptr_woody && ptr_text_section && ptr_section_size)
+	if (ptr_jmp_value && ptr_woody && ptr_text_section && ptr_section_size)
 	{
 		int32_t woody_index = ptr_woody - payload->payload;
-
-		int32_t jmp_index = ptr_jmp - payload->payload;
+		int32_t jmp_index = ptr_jmp_value - sizeof(JUMP) - payload->payload;
 		int32_t jump_value = ((payload_position + jmp_index + 5) - woody->Ehdr->e_entry) * -1; // 5 = JUMP SIZE (OPCODE + 4 bytes operand)
 		ft_memcpy(&payload->payload[jmp_index + 1], &jump_value, sizeof(jump_value));
 
@@ -121,10 +120,6 @@ int	insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi
 
 		ft_memcpy(woody->file + payload_position, payload->payload, payload->len);
 		
-		printf("jmp_index : %d (%x)\n", jmp_index, jmp_index);
-		printf("woody index :%d (%x)\n", woody_index, woody_index);
-		printf("jmp_index++ : %ld (%lx)\n", jmp_index + sizeof(JUMP) + sizeof(jump_value), jmp_index + sizeof(JUMP) + sizeof(jump_value) - 1);
-		printf("text_value : %ld (%lx)\n", text_value, text_value);
 		printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
 		printf("Code cave start = %ld (%lx)\n", payload_position, payload_position);
 		printf("Payload size = %ld (%lx)\n", payload->len, payload->len);
@@ -159,7 +154,7 @@ void	inject(t_elf_content *woody)
 	woody->Phdr[i].p_filesz += payload->len;
 	woody->Phdr[i].p_memsz += payload->len;
 	woody->Phdr[i].p_flags = PF_X | PF_W | PF_R;
-	woody->text_section->sh_size += payload->len;
+	// woody->text_section->sh_size += payload->len;
 	printf("New entry = %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
 }
 
@@ -216,7 +211,7 @@ int prepare_injection(t_elf_content *woody)
 	if (elf_statut)
 		return elf_statut;
 	inject(woody);
-	// encrypt(woody->file, woody->text_section->sh_offset, woody->text_section->sh_size);
+	encrypt(woody->file, woody->text_section->sh_offset, woody->text_section->sh_size);
 	char *woody_file;
 	if (!(woody_file = malloc(woody->file_size)))
 		return ft_put_error("Allocation error");