Last active
October 24, 2022 17:44
-
-
Save AmunRha/2396f09357bb5ef102af9ad48fb58cb7 to your computer and use it in GitHub Desktop.
Disassembler for hell86 crackme by ttlhacker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include<stdio.h> | |
#include<stdint.h> | |
#include<stdlib.h> | |
#include<string.h> | |
uint8_t bytecode[] = | |
{ | |
0x0F, 0x0B, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x08, 0x09, 0x00, 0x0F, 0x0B, 0xE4, 0xA1, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x0A, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0A, 0x0F, 0x00, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x0F, 0x0F, 0x00, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x14, 0x00, 0x0A, 0x08, 0x0F, 0x0B, 0xDA, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x0D, 0x0D, 0x00, 0x0F, 0x0B, 0xCE, 0xA3, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x27, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0xCD, 0xB0, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0xDA, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0xF8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x14, 0x00, 0x0A, 0x0D, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x10, 0x08, 0x0A, 0x00, 0x0F, 0x0B, 0xCD, 0xB0, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0C, 0x0D, 0x00, 0x0F, 0x0B, 0x2E, 0xA8, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0xCE, 0xA3, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x27, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x10, 0x08, 0x0A, 0x00, 0x0F, 0x0B, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x09, 0x08, 0x00, 0x0F, 0x0B, 0x7D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0xCE, 0xA3, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x27, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0xF8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x10, 0x09, 0x0A, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x08, 0x09, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x06, 0xA4, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0xCE, 0xA3, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x26, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x08, 0x0D, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0xFE, 0xA5, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0xC0, 0xC8, 0x35, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0xDC, 0xA3, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0F, 0x0A, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x0A, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2E, 0x08, 0x09, 0x00, 0x0F, 0x0B, 0x98, 0xC8, 0x35, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x01, 0x0D, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x01, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x09, 0x08, 0x00, 0x0F, 0x0B, 0xA0, 0xB0, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0xC8, 0xA8, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x00, 0x00, 0x0F, 0x0B, 0xC6, 0xA5, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x26, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0xA0, 0xB0, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x02, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x0D, 0x0D, 0x02, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x01, 0x0D, 0x0F, 0x0B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x01, 0x01, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x08, 0x08, 0x00, 0x0F, 0x0B, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0xA0, 0xA4, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x27, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0xC0, 0xC8, 0x35, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x24, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2E, 0x0C, 0x09, 0x00, 0x0F, 0x0B, 0xA0, 0xAF, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x09, 0x00, 0x00, 0x0F, 0x0B, 0x2E, 0xA8, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x08, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B, 0x00, 0x00, 0x09, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x01, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x08, 0x08, 0x00, 0x0F, 0x0B, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x40, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x02, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x02, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x08, 0x08, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x0D, 0x0D, 0x00, 0x0F, 0x0B, 0xE8, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2B, 0x00, 0x0C, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x01, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B, 0x00, 0x00, 0x01, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x19, 0x0D, 0x0D, 0x00, 0x0F, 0x0B, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x0C, 0x0C, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x08, 0x08, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x4A, 0xA8, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x27, 0x00, 0x0C, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0D, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x0D, 0x00, 0x0F, 0x0B, 0x2A, 0xA9, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x21, 0x00, 0x00, 0x09, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x0D, 0x0D, 0x00, 0x0F, 0x0B, 0xD6, 0xA8, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00 | |
}; | |
#define LEN_BYTECODE 1973 | |
#define CHECK 0x1010101 | |
#define BBL_BASE_OFF 0x190 | |
#define BYTECODE_BASE_ADDR 0x5591cf150000 | |
#define LIBC_MALLOC 0x5591cf35c898 | |
#define LIBC_FREE 0x5591cf35c8c0 | |
#define FLAG_FORMAT_ADDR 0x5591cf15b0cd | |
#define ASCII_BYTES_ADDR 0x5591cf15b0a0 | |
#define OFFSET_CHK 0x5591cf15afa0 | |
#define STACK_START 0 | |
#define STK_SZ 20 | |
typedef struct vm_struct{ | |
uint64_t reg0; | |
uint8_t opcode; | |
uint8_t reg1; | |
uint8_t reg2; | |
uint8_t reg3; | |
} vm_struct; | |
typedef struct bcode_struct | |
{ | |
uint64_t mem[15]; | |
uint64_t res; | |
uint64_t vm_bbl; | |
} bcode_struct; | |
typedef struct data_struct | |
{ | |
uint64_t unknown[5]; | |
struct bcode_struct bcode; | |
} data_struct; | |
vm_struct vm; | |
bcode_struct bcode; | |
char inp[] = "FLAG{x86-1s-s0-fund4m3nt4lly-br0k3n}"; | |
char ascii_bytes[] = "abdfgehikmanoqrstucvwlxyz-01h23p456u78j9-_.+"; | |
uint64_t offset_chk[] = { | |
0x16C8, 0x0FFFFFFFFFFFF8BA1, 0x0FFFFFFFFFFFFE0C0, 0x3600, 0x0FFFFFFFFFFFFE535, 0x16C8, 0x0FFFFFFFFFFFF8BA1, 0x5F45, 0x0FFFFFFFFFFFFD668, 0x0FFFFFFFFFFFFFFF8, 0x5F45, 0x0FFFFFFFFFFFFCA00, 0x0FFFFFFFFFFFFBB58, 0x0AB8, 0x0FFFFFFFFFFFFBB58, 0x4CE3, 0x0FFFFFFFFFFFF8000, 0x2D9, 0x4CE3, 0x0FFFFFFFFFFFFFFFF, 0x2D9, 0x3E8, 0x7D, 0x0FFFFFFFFFFFFE938, 0x200, 0x200, 0x0FFFFFFFFFFFFE535, 0x1F40, 0x0FFFFFFFFFFFFE0C0, 0x0}; | |
char flag_fmt[] = "FLAG{"; | |
uint64_t mheap[31]={0}; | |
uint64_t *inp_ptr = (uint64_t *)&inp; | |
uint64_t stack[STK_SZ] = {0}; | |
int stack_ctr=0, k=(STK_SZ/2)+3; | |
char disasm_ins[][42] = { | |
"add mem[0x%lx], mem[0x%lx] + mem[0x%lx]", | |
"sub mem[0x%lx], mem[0x%lx] - mem[0x%lx]", | |
"mul mem[0x%lx], mem[0x%lx] * mem[0x%lx]", | |
"mov mem[0x%lx], -mem[0x%lx]", | |
"mov mem[0x%lx], 0x%lx", | |
"mov mem[0x%lx], _BYTE[mem[0x%lx]+0x%lx]", | |
"mov mem[0x%lx], _QWORD[mem[0x%lx]+0x%lx]", | |
"mov _QWORD[mem[0x%lx]+0x%lx], mem[0x%lx]", | |
"push mem[0x%lx]", | |
"pop mem[0x%lx]", | |
"mov mem[0x%lx], mem[0x%lx]", | |
"or mem[0x%lx], mem[0x%lx] | mem[0x%lx]", | |
"xor mem[0x%lx], mem[0x%lx] ^ mem[0x%lx]", | |
"mov mem[0x%lx], mem[0x%lx] == mem[0x%lx]", | |
"mov mem[0x%lx], mem[0x%lx] != 0x%lx", | |
"cmp mem[0x%lx], 0\njz 0x%lx", | |
"cmp mem[0x%lx], 0\njnz 0x%lx", | |
"call 0x%lx", | |
"ret", | |
"ret if mem[0x%lx] != 0", | |
"ret if mem[0x%lx] == 0", | |
"mov mem[0x%lx], mem[0x%lx] + 0x%lx", | |
"mov mem[0x%lx], mem[0x%lx] << 0x%lx"}; | |
void init_vm_struct(uint8_t *bytecode){ | |
memcpy(&vm, bytecode, sizeof(vm)); | |
} | |
void init_bcode_struct(int malloc_flag){ | |
if(malloc_flag == 0){ | |
bcode.res = (uint64_t)&stack[k]; | |
bcode.mem[9] = bcode.mem[10] = (uint64_t)&inp_ptr - 8; | |
bcode.mem[8] = 2; | |
} | |
else if(malloc_flag == 1){ | |
bcode.mem[0] = bcode.mem[8] = bcode.mem[13] = (uint64_t)&mheap[0]; | |
} | |
else if(malloc_flag == 2){ | |
bcode.mem[0] = (uint64_t)&mheap[0]; | |
} | |
} | |
void init_stack(int f){ | |
if(f == 0) | |
stack[k] = CHECK; | |
stack_ctr = ((uint64_t)bcode.res - (int64_t)&stack[STACK_START])/sizeof(uint64_t); | |
k = stack_ctr; | |
} | |
void print_reg(){ | |
printf("--------- REG VALS ---------\n"); | |
printf("[*] reg0 - 0x%lx", vm.reg0); | |
printf("\n[*] reg1 - 0x%lx", vm.reg1); | |
printf("\n[*] reg2 - 0x%lx", vm.reg2); | |
printf("\n[*] reg3 - 0x%lx\n", vm.reg3); | |
} | |
void print_bcode(){ | |
printf("--------- BCODE STRUCT ---------\n"); | |
printf("mem {\n"); | |
for(int i=0;i<15;i++){ | |
printf("[0x%x] - 0x%lx\n", i, bcode.mem[i]); | |
} | |
printf("}\n"); | |
printf("res - 0x%lx (stack[0x%x])\n", bcode.res, stack_ctr); | |
printf("vm_bbl - 0x%lx\n", bcode.vm_bbl); | |
} | |
void print_stack(){ | |
printf("--------- STACK ---------\n"); | |
printf("stack { "); | |
for(int i=0;i<k;++i){ | |
stack[i] = 0; | |
} | |
for(int i=0;i<STK_SZ;++i){ | |
printf("0x%lx, ", stack[i]); | |
} | |
printf("}\n"); | |
} | |
void print_heap(){ | |
printf("--------- HEAP ---------\n"); | |
printf("heap { "); | |
for(int i=0;i<30;i++){ | |
printf("0x%lx, ", mheap[i]); | |
} | |
printf("}\n"); | |
} | |
void print_metadata(){ | |
printf("---------- META DATA -----------\n"); | |
printf("[+] Addr of inp: 0x%lx\n", &inp); | |
printf("[+] Addr of ptr to inp: 0x%lx\n", &inp_ptr); | |
printf("[+] Addr of stack: 0x%lx\n", &stack[STACK_START]); | |
printf("[+] Addr of heap: 0x%lx\n", &mheap[0]); | |
printf("[+] Addr of offset check: 0x%lx\n", &offset_chk[0]); | |
printf("[+] Addr of ascii chars: 0x%lx\n", &ascii_bytes[0]); | |
printf("---------------------------------\n\n"); | |
} | |
void check(uint64_t res){ | |
if(res == 1){ | |
printf("\n-------------------------"); | |
printf("\n[!] WRONG!\n"); | |
printf("-------------------------\n"); | |
exit(0); | |
} | |
else if(res == 0){ | |
printf("\n-------------------------"); | |
printf("\n[+] OK!\n"); | |
printf("-------------------------\n"); | |
exit(0); | |
} | |
} | |
int main(){ | |
print_metadata(); | |
int i=0, flag=0, ctr=-1, malloc_flag=0; | |
init_bcode_struct(malloc_flag); | |
init_stack(0); | |
while(i<LEN_BYTECODE) | |
{ | |
ctr++; | |
if(flag != 1){ | |
bcode.vm_bbl = i; | |
} | |
flag = 0; | |
if(malloc_flag != 0){ | |
init_bcode_struct(malloc_flag); | |
malloc_flag = 0; | |
} | |
init_vm_struct(&bytecode[i+2]); | |
// printf("\n[0x%x] [%d] OPCODE - 0x%lx ---------\n",i, ctr, vm.// opcode); | |
// print_reg(); | |
init_stack(1); | |
// print_bcode(); | |
// print_stack(); | |
// print_heap(); | |
// printf("--------------------------------------\n"); | |
switch (vm.opcode) | |
{ | |
case 0x1 : | |
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] + bcode.mem[vm.reg3]; | |
printf(disasm_ins[0], vm.reg1, vm.reg2, vm.reg3); | |
break; | |
case 0x2 : | |
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] - bcode.mem[vm.reg3]; | |
printf(disasm_ins[1], vm.reg1, vm.reg2, vm.reg3); | |
break; | |
case 0x3 : | |
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] * bcode.mem[vm.reg3]; | |
printf(disasm_ins[2], vm.reg1, vm.reg2, vm.reg3); | |
break; | |
case 0x8 : | |
bcode.mem[vm.reg1] = -bcode.mem[vm.reg2]; | |
printf(disasm_ins[3], vm.reg1, vm.reg2); | |
break; | |
case 0x9 : | |
if(vm.reg0 == FLAG_FORMAT_ADDR){ | |
vm.reg0 = (uint64_t)&flag_fmt[0]; | |
bcode.mem[vm.reg1] = vm.reg0; | |
} | |
else if(vm.reg0 == ASCII_BYTES_ADDR){ | |
vm.reg0 = (uint64_t)&ascii_bytes[0]; | |
bcode.mem[vm.reg1] = vm.reg0; | |
} | |
else if(vm.reg0 == OFFSET_CHK){ | |
vm.reg0 = (uint64_t)&offset_chk[0]; | |
bcode.mem[vm.reg1] = vm.reg0; | |
} | |
else if(vm.reg0 >= BYTECODE_BASE_ADDR){ | |
i = (int)(vm.reg0 & 0xfff) - (int)BBL_BASE_OFF; | |
bcode.mem[vm.reg1] = i; | |
flag = 1; | |
} | |
else{ | |
bcode.mem[vm.reg1] = vm.reg0; | |
} | |
printf(disasm_ins[4], vm.reg1, vm.reg0); | |
break; | |
case 0xa : | |
bcode.mem[vm.reg1] = *(uint8_t *)(bcode.mem[vm.reg2] + vm.reg0); | |
printf(disasm_ins[5], vm.reg1, vm.reg2, vm.reg0); | |
break; | |
case 0x10: | |
bcode.mem[vm.reg1] = *(uint64_t *)(bcode.mem[vm.reg2] + vm.reg0); | |
printf(disasm_ins[6], vm.reg1, vm.reg2, vm.reg0); | |
break; | |
case 0x14: | |
*(uint64_t *)(bcode.mem[vm.reg2] + vm.reg0) = bcode.mem[vm.reg3]; | |
printf(disasm_ins[7], vm.reg2, vm.reg0, vm.reg3); | |
break; | |
case 0x15: | |
stack[--k] = bcode.mem[vm.reg2]; | |
bcode.res = (uint64_t)&stack[k]; | |
printf(disasm_ins[8], vm.reg2); | |
break; | |
case 0x17: | |
bcode.mem[vm.reg1] = *(uint64_t *)(bcode.res); | |
bcode.res = (uint64_t)&stack[++k]; | |
printf(disasm_ins[9], vm.reg1); | |
break; | |
case 0x18: | |
if(vm.reg2 == 0xa && vm.reg1 == 0xf){ | |
bcode.mem[vm.reg2] = bcode.res + 0x10; | |
} | |
bcode.mem[vm.reg1] = bcode.mem[vm.reg2]; | |
printf(disasm_ins[10], vm.reg1, vm.reg2); | |
break; | |
case 0x19: | |
bcode.mem[vm.reg1] = bcode.mem[vm.reg3] | bcode.mem[vm.reg2]; | |
printf(disasm_ins[11], vm.reg1, vm.reg3, vm.reg2); | |
break; | |
case 0x1b: | |
bcode.mem[vm.reg1] = bcode.mem[vm.reg3] ^ bcode.mem[vm.reg2]; | |
printf(disasm_ins[12], vm.reg1, vm.reg3, vm.reg2); | |
break; | |
case 0x21: | |
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] == bcode.mem[vm.reg3]; | |
printf(disasm_ins[13], vm.reg1, vm.reg2, vm.reg3); | |
break; | |
case 0x24: | |
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] != vm.reg0; | |
printf(disasm_ins[14], vm.reg1, vm.reg2, vm.reg0); | |
break; | |
case 0x26: | |
if(bcode.mem[vm.reg2] == 0){ | |
i = (int)(vm.reg0 & 0xfff) - (int)BBL_BASE_OFF; | |
bcode.vm_bbl = i; | |
flag = 1; | |
} | |
printf(disasm_ins[15], vm.reg2, vm.reg0); | |
break; | |
case 0x27: | |
if(bcode.mem[vm.reg2] != 0){ | |
i = (int)(vm.reg0 & 0xfff) - (int)BBL_BASE_OFF; | |
bcode.vm_bbl = i; | |
flag = 1; | |
} | |
printf(disasm_ins[16], vm.reg2, vm.reg0); | |
break; | |
case 0x28: | |
if(vm.reg0 == LIBC_MALLOC){ | |
printf("malloc(0x%lx)", bcode.mem[0x8]); | |
malloc_flag = 1; | |
break; | |
} | |
else if(vm.reg0 == LIBC_FREE){ | |
printf("free(0x%lx)", bcode.mem[0x8]); | |
malloc_flag = 2; | |
break; | |
} | |
else{ | |
stack[--k] = i+14; | |
bcode.res = (uint64_t)&stack[k]; | |
i = (int)(vm.reg0 & 0xfff) - (int)BBL_BASE_OFF; | |
bcode.vm_bbl = i; | |
flag = 1; | |
} | |
printf(disasm_ins[17], vm.reg0); | |
break; | |
case 0x29: | |
if(stack[k] == CHECK){ | |
printf("ret\n"); | |
uint64_t res = bcode.mem[0xd]; | |
check(res); | |
} | |
i = stack[k]; | |
bcode.vm_bbl = i; | |
bcode.res = (uint64_t)&stack[++k]; | |
flag = 1; | |
printf(disasm_ins[18]); | |
break; | |
case 0x2a: | |
if(bcode.mem[vm.reg2] != 0){ | |
i = stack[k]; | |
bcode.vm_bbl = i; | |
bcode.res = (uint64_t)&stack[++k]; | |
flag = 1; | |
} | |
printf(disasm_ins[19], vm.reg2); | |
break; | |
case 0x2b: | |
if(bcode.mem[vm.reg2] == 0){ | |
i = stack[k]; | |
bcode.vm_bbl = i; | |
bcode.res = (uint64_t)&stack[++k]; | |
flag = 1; | |
} | |
printf(disasm_ins[20], vm.reg2); | |
break; | |
case 0x2c: | |
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] + vm.reg0; | |
printf(disasm_ins[21], vm.reg1, vm.reg2, vm.reg0); | |
break; | |
case 0x2e: | |
bcode.mem[vm.reg1] = bcode.mem[vm.reg2] << vm.reg0; | |
printf(disasm_ins[22], vm.reg1, vm.reg2, vm.reg0); | |
break; | |
default: | |
printf("[!] UNKNOWN OPCODE: 0x%x\n", vm.opcode); | |
break; | |
} | |
puts(""); | |
if(flag != 1) | |
i+=14; | |
} | |
return 0; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include<stdio.h> | |
#include<stdint.h> | |
int64_t enc[] = {0x16C8, 0x0FFFFFFFFFFFF8BA1, 0x0FFFFFFFFFFFFE0C0, 0x3600, 0x0FFFFFFFFFFFFE535, 0x16C8, 0x0FFFFFFFFFFFF8BA1, 0x5F45, 0x0FFFFFFFFFFFFD668, 0x0FFFFFFFFFFFFFFF8, 0x5F45, 0x0FFFFFFFFFFFFCA00, 0x0FFFFFFFFFFFFBB58, 0x0AB8, 0x0FFFFFFFFFFFFBB58, 0x4CE3, 0x0FFFFFFFFFFFF8000, 0x2D9, 0x4CE3, 0x0FFFFFFFFFFFFFFFF, 0x2D9, 0x3E8, 0x7D, 0x0FFFFFFFFFFFFE938, 0x200, 0x200, 0x0FFFFFFFFFFFFE535, 0x1F40, 0x0FFFFFFFFFFFFE0C0, 0x0}; | |
int64_t loff[30] = {0}; | |
int64_t lenc[30] = {0}; | |
char inp[] = "x86defghijklmnopqrstuvwxyz01234"; | |
char ascii[] = "abdfgehikmanoqrstucvwlxyz-01h23p456u78j9-_.+"; | |
void encrypt(){ | |
int k = 0x1e; | |
for(int i=0;i<30;i++){ | |
int a = (loff[i+1] - loff[i]) ^ --k; | |
a = a * a * a; | |
lenc[i] = a; | |
} | |
} | |
void find_off(char *inp){ | |
loff[29] = 0x1e; | |
for(int i=0;i<30;i++) | |
for(int j=0;j<44;j++) | |
if(inp[i] == ascii[j]){ | |
loff[i] = j; | |
break; | |
} | |
} | |
int main(){ | |
int k = 1; | |
printf("FLAG{x"); | |
for(int i=0;i<44;i++){ | |
if(k == 30) | |
break; | |
inp[k] = ascii[i]; | |
find_off(inp); | |
encrypt(loff); | |
if(lenc[k-1] == enc[k-1]){ | |
k+=1; | |
printf("%c", ascii[i]); | |
i=0; | |
} | |
} | |
printf("}\n"); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment