release woody 1.0 #6
59
assets/xor.s
59
assets/xor.s
|
@ -5,66 +5,55 @@ _start:
|
||||||
push rbp
|
push rbp
|
||||||
push rsp
|
push rsp
|
||||||
push rbx
|
push rbx
|
||||||
push r13
|
|
||||||
push rax
|
push rax
|
||||||
push rcx
|
push rcx
|
||||||
push rdx
|
push rdx
|
||||||
push rsi
|
push rsi
|
||||||
push rdi
|
push rdi
|
||||||
push r8
|
push r8
|
||||||
push r9
|
|
||||||
|
|
||||||
mov rdi, 1
|
|
||||||
lea rsi, [rel msg]
|
lea rsi, [rel msg]
|
||||||
mov rbx, rsi
|
mov rbx, rsi
|
||||||
;mov rbx, qword [rel text_section]
|
|
||||||
sub rbx, qword [rel text_section] ;text_section address because of this and that
|
sub rbx, qword [rel text_section] ;text_section address because of this and that
|
||||||
mov r8, qword [rel section_size] ;text_section size
|
mov r8, qword [rel section_size] ;text_section size
|
||||||
mov r9, 0 ;increment register
|
mov rdx, qword [rel private_key]
|
||||||
xor r13, r13
|
|
||||||
mov r13, qword [rel private_key]
|
|
||||||
|
|
||||||
decrypt_whole_blocks:
|
|
||||||
; check left to decrypt < block_size
|
|
||||||
mov rcx, r8
|
|
||||||
sub rcx, r9
|
|
||||||
cmp rcx, 8
|
|
||||||
jle decrypt_last_block
|
|
||||||
; xor section with private_key
|
|
||||||
mov rdx, rbx
|
|
||||||
add rdx, r9
|
|
||||||
xor [rdx], r13
|
|
||||||
; increase section address
|
|
||||||
; increase counter
|
|
||||||
add r9, 8
|
|
||||||
jmp decrypt_whole_blocks
|
|
||||||
|
|
||||||
decrypt_last_block:
|
decrypt_last_block:
|
||||||
mov rdx, 8
|
; rcx = 8 * (8 - section_size % 8)
|
||||||
sub rdx, rcx
|
; Then crop the private key by rcx bits
|
||||||
mov rcx, rdx
|
; That's to decrypt the end of the section in case the section size
|
||||||
mov rax, 8
|
; isn't a multiple of 64 bits
|
||||||
mul cl
|
mov rcx, r8
|
||||||
mov rcx, rax
|
not rcx
|
||||||
shl r13, cl
|
and rcx, 7
|
||||||
shr r13, cl
|
inc rcx
|
||||||
mov rdx, rbx
|
shl rcx, 3
|
||||||
add rdx, r9
|
mov rax, rdx
|
||||||
xor [rdx], r13
|
shl rax, cl
|
||||||
|
shr rax, cl
|
||||||
|
; make section size a multiple of 64bits with this and
|
||||||
|
and r8, 0xfffffffffffffff8
|
||||||
|
xor [rbx + r8], rax
|
||||||
|
|
||||||
|
decrypt_whole_blocks:
|
||||||
|
sub r8, 8
|
||||||
|
cmp r8, -8
|
||||||
|
je end_decrypt
|
||||||
|
xor [rbx + r8], rdx
|
||||||
|
jmp decrypt_whole_blocks
|
||||||
|
|
||||||
end_decrypt:
|
end_decrypt:
|
||||||
|
mov rdi, 1
|
||||||
mov rdx, 14
|
mov rdx, 14
|
||||||
mov rax, 1
|
mov rax, 1
|
||||||
syscall
|
syscall
|
||||||
|
|
||||||
pop r9
|
|
||||||
pop r8
|
pop r8
|
||||||
pop rdi
|
pop rdi
|
||||||
pop rsi
|
pop rsi
|
||||||
pop rdx
|
pop rdx
|
||||||
pop rcx
|
pop rcx
|
||||||
pop rax
|
pop rax
|
||||||
pop r13
|
|
||||||
pop rbx
|
pop rbx
|
||||||
pop rsp
|
pop rsp
|
||||||
pop rbp
|
pop rbp
|
||||||
|
|
|
@ -116,25 +116,26 @@ int encrypt_xor(t_map file, Elf64_Phdr load_segment) {
|
||||||
t_payload64 get_xor_payload64(void) {
|
t_payload64 get_xor_payload64(void) {
|
||||||
t_payload64 payload;
|
t_payload64 payload;
|
||||||
|
|
||||||
payload.len = 191;
|
size_t diff = 30;
|
||||||
payload.jump_offset = 149;
|
|
||||||
payload.load_ptr_offset = 167;
|
payload.len = 191 - diff;
|
||||||
payload.load_size_offset = 175;
|
payload.jump_offset = 149 - diff;
|
||||||
|
payload.load_ptr_offset = 167 - diff;
|
||||||
|
payload.load_size_offset = 175 - diff;
|
||||||
payload.encrypt = &encrypt_xor;
|
payload.encrypt = &encrypt_xor;
|
||||||
payload.data = malloc(payload.len * sizeof(unsigned char));
|
payload.data = malloc(payload.len * sizeof(unsigned char));
|
||||||
ft_memcpy(payload.data,
|
ft_memcpy(payload.data,
|
||||||
"\x55\x54\x53\x41\x55\x50\x51\x52\x56\x57\x41\x50\x41\x51\xbf\x01"
|
"\x55\x54\x53\x50\x51\x52\x56\x57\x41\x50\x48\x8d\x35\x6a\x00\x00"
|
||||||
"\x00\x00\x00\x48\x8d\x35\x7f\x00\x00\x00\x48\x89\xf3\x48\x2b\x1d"
|
"\x00\x48\x89\xf3\x48\x2b\x1d\x6e\x00\x00\x00\x4c\x8b\x05\x6f\x00"
|
||||||
"\x83\x00\x00\x00\x4c\x8b\x05\x84\x00\x00\x00\x41\xb9\x00\x00\x00"
|
"\x00\x00\x48\x8b\x15\x70\x00\x00\x00\x4c\x89\xc1\x48\xf7\xd1\x48"
|
||||||
"\x00\x4d\x31\xed\x4c\x8b\x2d\x7c\x00\x00\x00\x4c\x89\xc1\x4c\x29"
|
"\x83\xe1\x07\x48\xff\xc1\x48\xc1\xe1\x03\x48\x89\xd0\x48\xd3\xe0"
|
||||||
"\xc9\x48\x83\xf9\x08\x7e\x0f\x48\x89\xda\x4c\x01\xca\x4c\x31\x2a"
|
"\x48\xd3\xe8\x49\x83\xe0\xf8\x4a\x31\x04\x03\x49\x83\xe8\x08\x49"
|
||||||
"\x49\x83\xc1\x08\xeb\xe5\xba\x08\x00\x00\x00\x48\x29\xca\x48\x89"
|
"\x83\xf8\xf8\x74\x06\x4a\x31\x14\x03\xeb\xf0\xbf\x01\x00\x00\x00"
|
||||||
"\xd1\xb8\x08\x00\x00\x00\xf6\xe1\x48\x89\xc1\x49\xd3\xe5\x49\xd3"
|
"\xba\x0e\x00\x00\x00\xb8\x01\x00\x00\x00\x0f\x05\x41\x58\x5f\x5e"
|
||||||
"\xed\x48\x89\xda\x4c\x01\xca\x4c\x31\x2a\xba\x0e\x00\x00\x00\xb8"
|
"\x5a\x59\x58\x5b\x5c\x5d\xe9\x5f\xda\xda\xda\x2e\x2e\x2e\x2e\x57"
|
||||||
"\x01\x00\x00\x00\x0f\x05\x41\x59\x41\x58\x5f\x5e\x5a\x59\x58\x41"
|
"\x4f\x4f\x44\x59\x2e\x2e\x2e\x2e\x0a\xba\xba\xba\xba\xba\xba\xba"
|
||||||
"\x5d\x5b\x5c\x5d\xe9\x41\xda\xda\xda\x2e\x2e\x2e\x2e\x57\x4f\x4f"
|
"\xba\xca\xca\xca\xca\xca\xca\xca\xca\xcd\xab\xef\xcd\xab\xef\xcd"
|
||||||
"\x44\x59\x2e\x2e\x2e\x2e\x0a\xba\xba\xba\xba\xba\xba\xba\xba\xca"
|
"\xab",
|
||||||
"\xca\xca\xca\xca\xca\xca\xca\xcd\xab\xef\xcd\xab\xef\xcd\xab",
|
|
||||||
payload.len);
|
payload.len);
|
||||||
return payload;
|
return payload;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue