woody-woodpacker/assets/xor.s

77 lines
1.3 KiB
ArmAsm

bits 64
global _start
_start:
push rbp
push rsp
push rbx
push r13
push rax
push rcx
push rdx
push rsi
push rdi
push r8
push r9
mov rdi, 1
lea rsi, [rel msg]
mov rbx, rsi
;mov rbx, qword [rel text_section]
sub rbx, qword [rel text_section] ;text_section address because of this and that
mov r8, qword [rel section_size] ;text_section size
mov r9, 0 ;increment register
xor r13, r13
mov r13, qword [rel private_key]
decrypt_whole_blocks:
; check left to decrypt < block_size
mov rcx, r8
sub rcx, r9
cmp rcx, 8
jle decrypt_last_block
; xor section with private_key
mov rdx, rbx
add rdx, r9
xor [rdx], r13
; increase section address
; increase counter
add r9, 8
jmp decrypt_whole_blocks
decrypt_last_block:
mov rdx, 8
sub rdx, rcx
mov rcx, rdx
mov rax, 8
mul cl
mov rcx, rax
shl r13, cl
shr r13, cl
mov rdx, rbx
add rdx, r9
xor [rdx], r13
end_decrypt:
mov rdx, 14
mov rax, 1
syscall
pop r9
pop r8
pop rdi
pop rsi
pop rdx
pop rcx
pop rax
pop r13
pop rbx
pop rsp
pop rbp
jmp 0xdadadada ; this needs to be just before that
msg db "....WOODY....",10 ; that needs to be just after this
text_section dq 0xbabababababababa
section_size dq 0xcacacacacacacaca
private_key dq 0xabcdefabcdefabcd