release woody 1.0 #6
59
assets/xor.s
59
assets/xor.s
|
@ -5,66 +5,55 @@ _start:
|
|||
push rbp
|
||||
push rsp
|
||||
push rbx
|
||||
push r13
|
||||
push rax
|
||||
push rcx
|
||||
push rdx
|
||||
push rsi
|
||||
push rdi
|
||||
push r8
|
||||
push r9
|
||||
|
||||
mov rdi, 1
|
||||
lea rsi, [rel msg]
|
||||
mov rbx, rsi
|
||||
;mov rbx, qword [rel text_section]
|
||||
sub rbx, qword [rel text_section] ;text_section address because of this and that
|
||||
mov r8, qword [rel section_size] ;text_section size
|
||||
mov r9, 0 ;increment register
|
||||
xor r13, r13
|
||||
mov r13, qword [rel private_key]
|
||||
|
||||
decrypt_whole_blocks:
|
||||
; check left to decrypt < block_size
|
||||
mov rcx, r8
|
||||
sub rcx, r9
|
||||
cmp rcx, 8
|
||||
jle decrypt_last_block
|
||||
; xor section with private_key
|
||||
mov rdx, rbx
|
||||
add rdx, r9
|
||||
xor [rdx], r13
|
||||
; increase section address
|
||||
; increase counter
|
||||
add r9, 8
|
||||
jmp decrypt_whole_blocks
|
||||
mov rdx, qword [rel private_key]
|
||||
|
||||
decrypt_last_block:
|
||||
mov rdx, 8
|
||||
sub rdx, rcx
|
||||
mov rcx, rdx
|
||||
mov rax, 8
|
||||
mul cl
|
||||
mov rcx, rax
|
||||
shl r13, cl
|
||||
shr r13, cl
|
||||
mov rdx, rbx
|
||||
add rdx, r9
|
||||
xor [rdx], r13
|
||||
; rcx = 8 * (8 - section_size % 8)
|
||||
; Then crop the private key by rcx bits
|
||||
; That's to decrypt the end of the section in case the section size
|
||||
; isn't a multiple of 64 bits
|
||||
mov rcx, r8
|
||||
not rcx
|
||||
and rcx, 7
|
||||
inc rcx
|
||||
shl rcx, 3
|
||||
mov rax, rdx
|
||||
shl rax, cl
|
||||
shr rax, cl
|
||||
; make section size a multiple of 64bits with this and
|
||||
and r8, 0xfffffffffffffff8
|
||||
xor [rbx + r8], rax
|
||||
|
||||
decrypt_whole_blocks:
|
||||
sub r8, 8
|
||||
cmp r8, -8
|
||||
je end_decrypt
|
||||
xor [rbx + r8], rdx
|
||||
jmp decrypt_whole_blocks
|
||||
|
||||
end_decrypt:
|
||||
mov rdi, 1
|
||||
mov rdx, 14
|
||||
mov rax, 1
|
||||
syscall
|
||||
|
||||
pop r9
|
||||
pop r8
|
||||
pop rdi
|
||||
pop rsi
|
||||
pop rdx
|
||||
pop rcx
|
||||
pop rax
|
||||
pop r13
|
||||
pop rbx
|
||||
pop rsp
|
||||
pop rbp
|
||||
|
|
|
@ -116,25 +116,26 @@ int encrypt_xor(t_map file, Elf64_Phdr load_segment) {
|
|||
t_payload64 get_xor_payload64(void) {
|
||||
t_payload64 payload;
|
||||
|
||||
payload.len = 191;
|
||||
payload.jump_offset = 149;
|
||||
payload.load_ptr_offset = 167;
|
||||
payload.load_size_offset = 175;
|
||||
size_t diff = 30;
|
||||
|
||||
payload.len = 191 - diff;
|
||||
payload.jump_offset = 149 - diff;
|
||||
payload.load_ptr_offset = 167 - diff;
|
||||
payload.load_size_offset = 175 - diff;
|
||||
payload.encrypt = &encrypt_xor;
|
||||
payload.data = malloc(payload.len * sizeof(unsigned char));
|
||||
ft_memcpy(payload.data,
|
||||
"\x55\x54\x53\x41\x55\x50\x51\x52\x56\x57\x41\x50\x41\x51\xbf\x01"
|
||||
"\x00\x00\x00\x48\x8d\x35\x7f\x00\x00\x00\x48\x89\xf3\x48\x2b\x1d"
|
||||
"\x83\x00\x00\x00\x4c\x8b\x05\x84\x00\x00\x00\x41\xb9\x00\x00\x00"
|
||||
"\x00\x4d\x31\xed\x4c\x8b\x2d\x7c\x00\x00\x00\x4c\x89\xc1\x4c\x29"
|
||||
"\xc9\x48\x83\xf9\x08\x7e\x0f\x48\x89\xda\x4c\x01\xca\x4c\x31\x2a"
|
||||
"\x49\x83\xc1\x08\xeb\xe5\xba\x08\x00\x00\x00\x48\x29\xca\x48\x89"
|
||||
"\xd1\xb8\x08\x00\x00\x00\xf6\xe1\x48\x89\xc1\x49\xd3\xe5\x49\xd3"
|
||||
"\xed\x48\x89\xda\x4c\x01\xca\x4c\x31\x2a\xba\x0e\x00\x00\x00\xb8"
|
||||
"\x01\x00\x00\x00\x0f\x05\x41\x59\x41\x58\x5f\x5e\x5a\x59\x58\x41"
|
||||
"\x5d\x5b\x5c\x5d\xe9\x41\xda\xda\xda\x2e\x2e\x2e\x2e\x57\x4f\x4f"
|
||||
"\x44\x59\x2e\x2e\x2e\x2e\x0a\xba\xba\xba\xba\xba\xba\xba\xba\xca"
|
||||
"\xca\xca\xca\xca\xca\xca\xca\xcd\xab\xef\xcd\xab\xef\xcd\xab",
|
||||
"\x55\x54\x53\x50\x51\x52\x56\x57\x41\x50\x48\x8d\x35\x6a\x00\x00"
|
||||
"\x00\x48\x89\xf3\x48\x2b\x1d\x6e\x00\x00\x00\x4c\x8b\x05\x6f\x00"
|
||||
"\x00\x00\x48\x8b\x15\x70\x00\x00\x00\x4c\x89\xc1\x48\xf7\xd1\x48"
|
||||
"\x83\xe1\x07\x48\xff\xc1\x48\xc1\xe1\x03\x48\x89\xd0\x48\xd3\xe0"
|
||||
"\x48\xd3\xe8\x49\x83\xe0\xf8\x4a\x31\x04\x03\x49\x83\xe8\x08\x49"
|
||||
"\x83\xf8\xf8\x74\x06\x4a\x31\x14\x03\xeb\xf0\xbf\x01\x00\x00\x00"
|
||||
"\xba\x0e\x00\x00\x00\xb8\x01\x00\x00\x00\x0f\x05\x41\x58\x5f\x5e"
|
||||
"\x5a\x59\x58\x5b\x5c\x5d\xe9\x5f\xda\xda\xda\x2e\x2e\x2e\x2e\x57"
|
||||
"\x4f\x4f\x44\x59\x2e\x2e\x2e\x2e\x0a\xba\xba\xba\xba\xba\xba\xba"
|
||||
"\xba\xca\xca\xca\xca\xca\xca\xca\xca\xcd\xab\xef\xcd\xab\xef\xcd"
|
||||
"\xab",
|
||||
payload.len);
|
||||
return payload;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue