diff --git a/.gitignore b/.gitignore index cec544a..81214c3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ *.gipu *.out *.elf +*.pasticciotto .vscode/ diff --git a/vm/emulator.cpp b/emulator/emulator.cpp similarity index 93% rename from vm/emulator.cpp rename to emulator/emulator.cpp index c70fa2e..5ab072f 100644 --- a/vm/emulator.cpp +++ b/emulator/emulator.cpp @@ -1,5 +1,5 @@ -#include "debug.h" -#include "vm.h" +#include "../vm/debug.h" +#include "../vm/vm.h" #include #include #include diff --git a/polictf/asms/decrypt.pstc b/polictf/asms/decrypt.pstc index 3f5d96e..59e8af0 100644 --- a/polictf/asms/decrypt.pstc +++ b/polictf/asms/decrypt.pstc @@ -89,14 +89,6 @@ poop r1 retn def main: -movi r0, 0x93af -movi r1, 0x9ea9 -stri 0, r0 -stri 2, r1 -movi r0, 0x2008 -movi r1, 0xc917 -stri 0x4, r0 -stri 0x6, r1 movi r0, 0 call datastrlen movr r2, r0 @@ -110,12 +102,10 @@ addr r1, s0 call round poop s0 addi s0, 4 -debg cmpr s0, r2 jpbi decrypt lodi r0, 0 lodi r1, 2 lodi r2, 4 lodi r3, 6 -debg shit \ No newline at end of file diff --git a/polictf/res/compiled.pstc b/polictf/res/compiled.pstc deleted file mode 100644 index 8500d12..0000000 Binary files a/polictf/res/compiled.pstc and /dev/null differ diff --git a/polictf/res/decrypteddatasection.txt b/polictf/res/decrypteddatasection.txt index d0512bf..9d6cea0 100644 --- a/polictf/res/decrypteddatasection.txt +++ b/polictf/res/decrypteddatasection.txt @@ -1 +1 @@ -TheDataSectionHasBeenEncrypted \ No newline at end of file +TheDataSectionHasBeenEncrypted!WhoAreYouGonnaCall?TheRuNasss! \ No newline at end of file diff --git a/polictf/res/encrypteddatasection b/polictf/res/encrypteddatasection new file mode 100644 index 0000000..6b06b68 --- /dev/null +++ b/polictf/res/encrypteddatasection @@ -0,0 +1 @@ +꾪kR%z~*g2E$LdYxѼ:n\RXFUXE! \ No newline at end of file diff --git a/polictf/server/pasticciotto_server.cpp b/polictf/server/pasticciotto_server.cpp index 70bc1d7..5431e5e 100644 --- a/polictf/server/pasticciotto_server.cpp +++ b/polictf/server/pasticciotto_server.cpp @@ -25,13 +25,18 @@ void gen_random(uint8_t *s, const int len) { } unsigned char encrypted_data[] = { - 0xcc, 0x8d, 0x5a, 0xcc, 0x73, 0xb5, 0xf2, 0xa3, 0xf3, 0x92, - 0xa8, 0x8f, 0x2f, 0xf1, 0x3e, 0xf4, 0x69, 0x00, 0x4a, 0xcb, - 0xed, 0xc4, 0x57, 0x9b, 0xf6, 0x9a, 0x78, 0x46, 0x83, 0xe9}; -unsigned int encrypted_data_len = 30; + 0x8c, 0xea, 0xbe, 0xaa, 0xed, 0xa0, 0xd0, 0x6b, 0x99, 0x1c, 0x52, 0x25, + 0xb9, 0xe6, 0xd8, 0xff, 0xf9, 0xe9, 0x92, 0x7a, 0x1c, 0xc5, 0xc4, 0x7e, + 0x2a, 0xec, 0x67, 0x32, 0x1f, 0x45, 0x24, 0xd0, 0x4c, 0x7f, 0x15, 0x64, + 0x59, 0xed, 0xa6, 0x78, 0xfe, 0xad, 0xd1, 0xbc, 0xe0, 0xd8, 0x3a, 0xf9, + 0xfb, 0xf9, 0xf9, 0x6e, 0x5c, 0x52, 0x58, 0x46, 0x8d, 0x55, 0x58, 0x45, + 0x21 +}; +unsigned int encrypted_data_len = 61; + int main(int argc, char *argv[]) { - uint8_t *key = new uint8_t[KEYLEN], *decdatasec = new uint8_t[DATAKEYLEN], + uint8_t *key = new uint8_t[KEYLEN], *decdatasec = new uint8_t[encrypted_data_len], *flag = new uint8_t[DATAKEYLEN]; uint8_t *clientcode; uint8_t i; @@ -55,6 +60,10 @@ int main(int argc, char *argv[]) { } VM vm(key, clientcode, clientcodesize); vm.as.insData(encrypted_data, encrypted_data_len); + printf("BEFORE:\n"); + for (i = 0; i < DATAKEYLEN; i++) { + fprintf(stdout, "buf[%d] = 0x%02x\n", i, vm.as.data[i]); + } vm.run(); datap = fopen("../res/decrypteddatasection.txt", "r"); @@ -66,9 +75,12 @@ int main(int argc, char *argv[]) { fscanf(datap, "%s", decdatasec); fclose(datap); + for (i = 0; i < DATAKEYLEN; i++) { + fprintf(stdout, "buf[%d] = 0x%02x\n", i, vm.as.data[i]); + } for (i = 0; i < DATAKEYLEN; i++) { if (vm.as.data[i] != decdatasec[i]) { - DBG_INFO(("Checking data[%d]..\n", i)); + printf("Checking data[%d]..\n", i); fflush(stdout); printf("Nope!\n"); fflush(stdout); diff --git a/polictf/server/test.py b/polictf/server/test.py new file mode 100644 index 0000000..0099371 --- /dev/null +++ b/polictf/server/test.py @@ -0,0 +1,16 @@ +from pwn import * +import subprocess + +key_re = re.compile(".*\"(.*)\".*") +r = remote("127.0.0.1", 8888) + +first = r.recv() +key = key_re.match(first).group(1) +print("Using key: {}".format(key)) +subprocess.check_call(["python3", "../../assembler/assembler.py", "{}".format(key), "../asms/decrypt.pstc", "./out.pasticciotto"]) +with open("./out.pasticciotto") as f: + data = f.read() +r.send("{}\n".format(len(data))) +print(r.recv()) +r.send("{}\n".format(data)) +print(r.recv(100000)) \ No newline at end of file diff --git a/polictf/tea_cversion/decrypt_test b/polictf/tea_cversion/decrypt_test deleted file mode 100644 index 4892903..0000000 --- a/polictf/tea_cversion/decrypt_test +++ /dev/null @@ -1 +0,0 @@ -4 test diff --git a/polictf/tea_cversion/encrypted b/polictf/tea_cversion/encrypted deleted file mode 100644 index b5d327a..0000000 --- a/polictf/tea_cversion/encrypted +++ /dev/null @@ -1 +0,0 @@ -  \ No newline at end of file diff --git a/polictf/tea_cversion/tea-decrypt.c b/polictf/tea_cversion/tea-decrypt.c index 35667bf..79c6c2e 100644 --- a/polictf/tea_cversion/tea-decrypt.c +++ b/polictf/tea_cversion/tea-decrypt.c @@ -5,19 +5,15 @@ #include void decrypt(uint16_t *v) { - uint16_t v0 = v[0], v1 = v[1], sum = 0x3780, i; /* set up */ - uint16_t delta = 0x626f; /* a key schedule constant */ + uint16_t v0 = v[0], v1 = v[1], i; uint16_t k0 = 0x7065; // "pe" uint16_t k1 = 0x7065; // "pe" uint16_t k2 = 0x7275; // "ru" uint16_t k3 = 0x6e73; // "ns" for (i = 0; i < 128; i++) { - //printf("Intermediate v0: 0x%x | v1: 0x%x\n", v0, v1); /* basic cycle - // start */ v1 -= ((v0 << 4) + k2) ^ (v0) ^ ((v0 >> 5) + k3); v0 -= ((v1 << 4) + k0) ^ (v1) ^ ((v1 >> 5) + k1); - sum -= delta; - } /* end cycle */ + } v[0] = v0; v[1] = v1; } diff --git a/polictf/tea_cversion/tea-encrypt.c b/polictf/tea_cversion/tea-encrypt.c index 7227f07..3395365 100644 --- a/polictf/tea_cversion/tea-encrypt.c +++ b/polictf/tea_cversion/tea-encrypt.c @@ -5,21 +5,15 @@ #include void encrypt(uint16_t *v) { - uint16_t v0 = v[0], v1 = v[1], sum = 0, i; /* set up */ - uint16_t delta = 0x626f; + uint16_t v0 = v[0], v1 = v[1], i; uint16_t k0 = 0x7065; // "pe" uint16_t k1 = 0x7065; // "pe" uint16_t k2 = 0x7275; // "ru" uint16_t k3 = 0x6e73; // "ns" - // printf("v0: 0x%x, v1: 0x%x\n", v0, v1); for (i = 0; i < 128; i++) { - sum += delta; v0 += ((v1 << 4) + k0) ^ (v1) ^ ((v1 >> 5) + k1); v1 += ((v0 << 4) + k2) ^ (v0) ^ ((v0 >> 5) + k3); - // printf("Intermediate v0: 0x%x | v1: 0x%x\n", v0, v1); } - // printf("SUM: 0x%x\n", sum); - // printf("v0: 0x%x, v1: 0x%x\n", v0, v1); v[0] = v0; v[1] = v1; } diff --git a/polictf/tea_cversion/test.py b/polictf/tea_cversion/test.py deleted file mode 100644 index cd58135..0000000 --- a/polictf/tea_cversion/test.py +++ /dev/null @@ -1,12 +0,0 @@ -from pwn import * - -r = remote("127.0.0.1", 8888) - - -with open("./encrypted") as f: - data = f.read() - -print(r.recv()) -r.send("{}\n".format(len(data))) -r.send("{}\n".format(data)) -print(r.recv()) \ No newline at end of file