添付ファイル 'as.s'
ダウンロード 1 passcheck-arm: ファイル形式 elf32-littlearm
2
3
4 セクション .text の逆アセンブル:
5
6 00004000 <.text>:
7 4000: e59fd008 ldr sp, [pc, #8] ; 0x4010 // sp = 0x1fff000
8 4004: eb0000c2 bl 0x4314
9 4008: eb00001a bl 0x4078
10 400c: e1a00000 nop ; (mov r0, r0)
11 4010: 1ffff000 svcne 0x00fff000
12 4014: ef0000ff svc 0x000000ff
13 4018: e1a0f00e mov pc, lr
14 // exit?
15 401c: e92d4000 stmfd sp!, {lr}
16 4020: e1a01000 mov r1, r0
17 4024: e3a00001 mov r0, #1
18 4028: ebfffff9 bl 0x4014
19 402c: e8bd8000 ldmfd sp!, {pc} // exit?
20 // read
21 4030: e52de004 push {lr} ; (str lr, [sp, #-4]!)
22 4034: e1a0c000 mov ip, r0
23 4038: e1a0e001 mov lr, r1
24 403c: e1a03002 mov r3, r2
25 4040: e3a00003 mov r0, #3
26 4044: e1a0100c mov r1, ip
27 4048: e1a0200e mov r2, lr
28 404c: ebfffff0 bl 0x4014
29 4050: e49df004 pop {pc} ; (ldr pc, [sp], #4)
30
31 // 文字列を表示する(たぶん)
32 // func_4054
33 4054: e52de004 push {lr} ; (str lr, [sp, #-4]!)
34 4058: e1a0c000 mov ip, r0 // r12 = r0
35 405c: e1a0e001 mov lr, r1 // lr = r1
36 4060: e1a03002 mov r3, r2 // r3 = r2
37 4064: e3a00004 mov r0, #4 // r0 = 4
38 4068: e1a0100c mov r1, ip // r1 = r12
39 406c: e1a0200e mov r2, lr // r2 = lr
40 4070: ebffffe7 bl 0x4014
41 4074: e49df004 pop {pc} ; (ldr pc, [sp], #4)
42 // exit?
43 4078: e52de004 push {lr} ; (str lr, [sp, #-4]!)
44 407c: ebffffe6 bl 0x401c
45 4080: e49df004 pop {pc} ; (ldr pc, [sp], #4)
46
47 // func_4084(strlen)
48 4084: e1a02000 mov r2, r0 // r2 = arg0
49 4088: e3a00000 mov r0, #0 // r0 = 0
50 408c: e7d23000 ldrb r3, [r2, r0] // r3 = *r2
51 4090: e1530000 cmp r3, r0 // r3 == 0
52 4094: 01a0f00e moveq pc, lr // return 0 if r3 == 0
53 4098: e2800001 add r0, r0, #1 // r0 = 1
54 409c: e7d23000 ldrb r3, [r2, r0] // *(r2 + 1)
55 40a0: e3530000 cmp r3, #0
56 40a4: 1afffffb bne 0x4098 // loop
57 40a8: e1a0f00e mov pc, lr // return
58
59
60 40ac: e1a02000 mov r2, r0
61 40b0: e5d13000 ldrb r3, [r1]
62 40b4: e3530000 cmp r3, #0
63 40b8: 0a000004 beq 0x40d0
64 40bc: e5d13000 ldrb r3, [r1]
65 40c0: e4c03001 strb r3, [r0], #1
66 40c4: e5f13001 ldrb r3, [r1, #1]!
67 40c8: e3530000 cmp r3, #0
68 40cc: 1afffffa bne 0x40bc
69 40d0: e3a03000 mov r3, #0
70 40d4: e5c03000 strb r3, [r0]
71 40d8: e1a00002 mov r0, r2
72 40dc: e1a0f00e mov pc, lr
73
74 // func_40e0 compare
75 int compare(char *s1, char *s2, int len) {
76 if(*s1 == 0 && *s2 == 0) return 0;
77 while(len-- && len >= 0) {
78 if(*s1++ != *s2++)return 1;
79 if(*s1==0||*s2==0)break;
80 }
81 return 0;
82 }
83 40e0: e1a0c002 mov ip, r2 ; ip = r2
84 40e4: e5d03000 ldrb r3, [r0] ;
85 40e8: e3530000 cmp r3, #0
86 40ec: 1a000002 bne 0x40fc
87 40f0: e5d13000 ldrb r3, [r1]
88 40f4: e3530000 cmp r3, #0
89 40f8: 0a00000e beq 0x4138
90 40fc: e24cc001 sub ip, ip, #1
91 4100: e37c0001 cmn ip, #1
92 4104: 0a00000b beq 0x4138
93 4108: e4d02001 ldrb r2, [r0], #1 //
94 410c: e4d13001 ldrb r3, [r1], #1
95 4110: e1520003 cmp r2, r3
96 4114: 0a000001 beq 0x4120
97 4118: e3a00001 mov r0, #1
98 411c: e1a0f00e mov pc, lr
99 4120: e5d03000 ldrb r3, [r0]
100 4124: e3530000 cmp r3, #0
101 4128: 1afffff3 bne 0x40fc
102 412c: e5d13000 ldrb r3, [r1]
103 4130: e3530000 cmp r3, #0
104 4134: 1afffff0 bne 0x40fc
105 4138: e3a00000 mov r0, #0
106 413c: e1a0f00e mov pc, lr
107 //
108
109 4140: e52de004 push {lr} ; (str lr, [sp, #-4]!)
110 4144: e3e02000 mvn r2, #0
111 4148: ebffffe4 bl 0x40e0
112 414c: e49df004 pop {pc} ; (ldr pc, [sp], #4)
113
114
115 4150: e2403061 sub r3, r0, #97 ; 0x61
116 4154: e3530019 cmp r3, #25
117 4158: 92400020 subls r0, r0, #32
118 415c: e1a0f00e mov pc, lr
119
120 char getchar(int fd) {
121 char buf;
122 read(fd, &buf, 1);
123 return buf;
124 }
125 4160: e52de004 push {lr} ; (str lr, [sp, #-4]!)
126 4164: e24dd004 sub sp, sp, #4
127 4168: e28d1003 add r1, sp, #3
128 416c: e3a02001 mov r2, #1
129 4170: ebffffae bl 0x4030
130 4174: e5dd0003 ldrb r0, [sp, #3]
131 4178: e28dd004 add sp, sp, #4
132 417c: e8bd8000 ldmfd sp!, {pc}
133
134 int putchar2(int fd, char c) {
135
136 }
137 4180: e52de004 push {lr} ; (str lr, [sp, #-4]!)
138 4184: e24dd004 sub sp, sp, #4
139 4188: e28d3004 add r3, sp, #4
140 418c: e5631001 strb r1, [r3, #-1]!
141 4190: e1a01003 mov r1, r3
142 4194: e3a02001 mov r2, #1
143 4198: ebffffad bl 0x4054
144 419c: e3a00000 mov r0, #0
145 41a0: e28dd004 add sp, sp, #4
146 41a4: e8bd8000 ldmfd sp!, {pc}
147
148 // getchar(0);
149 void readchar2() {
150 return getchar(0);
151 }
152 41a8: e52de004 push {lr} ; (str lr, [sp, #-4]!)
153 41ac: e3a00000 mov r0, #0
154 41b0: ebffffea bl 0x4160
155 41b4: e49df004 pop {pc} ; (ldr pc, [sp], #4)
156
157 //
158 int putchar(char s) {
159 // 内容分かるよね?
160
161 }
162 41b8: e52de004 push {lr} ; (str lr, [sp, #-4]!)
163 41bc: e1a01000 mov r1, r0
164 41c0: e3a00001 mov r0, #1
165 41c4: ebffffed bl 0x4180
166 41c8: e49df004 pop {pc} ; (ldr pc, [sp], #4)
167
168
169 //
170 char filter_enter(char s) {
171 if(s == 13) s = 10;
172 return s;
173 }
174 41cc: e350000d cmp r0, #13
175 41d0: 03a0000a moveq r0, #10
176 41d4: e1a0f00e mov pc, lr
177 // readchar?
178 char readchar(int fd) {
179 return filter_enter(getchar(fd));
180 }
181 41d8: e52de004 push {lr} ; (str lr, [sp, #-4]!)
182 41dc: ebffffdf bl 0x4160
183 41e0: ebfffff9 bl 0x41cc
184 41e4: e49df004 pop {pc} ; (ldr pc, [sp], #4)
185
186
187 // func_41e8 input
188 int input2(int fd, char *s) {
189 int i = 0;
190 for(int i = 0; ; i++) {
191 s[i] = readchar(fd);
192 if(s[i] == '\n') {
193 s[i] = 0;
194 break;
195 }
196 }
197 return i;
198 }
199 41e8: e92d4070 push {r4, r5, r6, lr}
200 41ec: e1a06000 mov r6, r0 // r6 = fd
201 41f0: e1a05001 mov r5, r1 // r5 = s
202 41f4: e3a04000 mov r4, #0 // 4 = 0
203 41f8: e1a00006 mov r0, r6 // fd
204 41fc: ebfffff5 bl 0x41d8 // 41d8(fd)
205 4200: e20000ff and r0, r0, #255 ; 0xff
206 4204: e7c40005 strb r0, [r4, r5]
207 4208: e2844001 add r4, r4, #1
208 420c: e350000a cmp r0, #10
209 4210: 1afffff8 bne 0x41f8
210 4214: e3a03000 mov r3, #0
211 4218: e7c53004 strb r3, [r5, r4]
212 421c: e1a00004 mov r0, r4
213 4220: e8bd8070 pop {r4, r5, r6, pc}
214
215 int func_4224(arg1, arg2)
216 void print2(int fd, char *s) {
217 write(fd, s, strlen(s));
218 return strlen(s);
219 }
220 4224: e92d4070 push {r4, r5, r6, lr}
221 4228: e1a04000 mov r4, r0 // r4 = arg1
222 422c: e1a05001 mov r5, r1 // r5 = arg2
223 4230: e1a00001 mov r0, r1 // func_4084(arg2)
224 4234: ebffff92 bl 0x4084
225 4238: e1a06000 mov r6, r0
226 423c: e1a00004 mov r0, r4
227 4240: e1a01005 mov r1, r5
228 4244: e1a02006 mov r2, r6 // func_4054(arg1, arg2, func_4084(arg2))
229 4248: ebffff81 bl 0x4054
230 424c: e1a00006 mov r0, r6 // return func_4084(arg2)
231 4250: e8bd8070 pop {r4, r5, r6, pc}
232
233 // func_4254(arg1)
234 int readline(char *s) {
235 return input2(0, s); // stdin
236 }
237 4254: e52de004 push {lr} ; (str lr, [sp, #-4]!)
238 4258: e1a01000 mov r1, r0
239 425c: e3a00000 mov r0, #0
240 4260: ebffffe0 bl 0x41e8 // func_41e8(0,arg1)
241 4264: e49df004 pop {pc} ; (ldr pc, [sp], #4)
242
243 // func_4268 print
244 int print(char *s) {
245 return print2(1, s); // stdout
246 }
247 4268: e52de004 push {lr} ; (str lr, [sp, #-4]!)
248 426c: e1a01000 mov r1, r0 // r1 = arg1
249 4270: e3a00001 mov r0, #1 // r0 = 1 // STDOUT
250 4274: ebffffea bl 0x4224 // func_4224(1,arg1)
251 4278: e49df004 pop {pc} ; (ldr pc, [sp], #4)
252 //return
253
254 char *password = "holiday";
255 // check_paswsord
256 // !important
257 int check_password() {
258 // sp size:32
259 // pushed r1,r2,r3,r4,r5,r6,fp,lr
260 char buf[32]; // r1 - fp
261 readline(buf);
262 return compare(buf, password, strlen(password)); // with pop r1-r6, fp, lr
263 }
264
265 427c: e1a0c00d mov ip, sp
266 4280: e92d487e push {r1, r2, r3, r4, r5, r6, fp, lr} // -40
267 4284: e24cb004 sub fp, ip, #4
268 4288: e24b501c sub r5, fp, #28
269 428c: e1a00005 mov r0, r5 // r5(28byte)
270 4290: ebffffef bl 0x4254 // たぶんinput
271 4294: e59f4018 ldr r4, [pc, #24] ; 0x42b4
272 4298: e5940000 ldr r0, [r4] // 1fff0000 stack first
273 429c: ebffff78 bl 0x4084 // strlen
274 42a0: e1a02000 mov r2, r0 // r2 = strlen
275 42a4: e1a00005 mov r0, r5 // buf
276 42a8: e5941000 ldr r1, [r4] // size
277 42ac: ebffff8b bl 0x40e0
278 42b0: e8bd887e pop {r1, r2, r3, r4, r5, r6, fp, pc}
279 42b4: 1fff0000 svcne 0x00ff0000
280
281 // 42b8:puts
282 int puts(char *s) {
283 print(s);
284 print("\n");
285 return 0;
286 }
287 42b8: e52de004 push {lr} ; (str lr, [sp, #-4]!)
288 42bc: ebffffe9 bl 0x4268
289 42c0: e59f0008 ldr r0, [pc, #8] ; 0x42d0
290 42c4: ebffffe7 bl 0x4268 // print('\n')
291 42c8: e3a00000 mov r0, #0
292 42cc: e49df004 pop {pc} ; (ldr pc, [sp], #4)
293 42d0: 00004334 andeq r4, r0, r4, lsr r3
294
295 // func_42d4
296 int run() {
297 // sp - 4
298 print("Input password: ");
299 if(check_password()) {
300 puts("OK. Read flag.txt");
301 }else{
302 puts("Invalid password");
303 }
304 return 0;
305 }
306 42d4: e52de004 push {lr} ; (str lr, [sp, #-4]!) // -8
307 42d8: e59f0028 ldr r0, [pc, #40] ; 0x4308 "Input: password: "
308 42dc: ebffffe1 bl 0x4268 // func_4268(0x4308)
309 42e0: ebffffe5 bl 0x427c
310 42e4: e3500000 cmp r0, #0
311 42e8: 1a000002 bne 0x42f8
312 42ec: e59f0018 ldr r0, [pc, #24] ; 0x430c
313 42f0: ebfffff0 bl 0x42b8
314 42f4: ea000001 b 0x4300
315 42f8: e59f0010 ldr r0, [pc, #16] ; 0x4310
316 42fc: ebffffed bl 0x42b8
317 4300: e3a00000 mov r0, #0
318 4304: e49df004 pop {pc} ; (ldr pc, [sp], #4)
319 4308: 00004338 andeq r4, r0, r8, lsr r3
320 430c: 0000434c andeq r4, r0, ip, asr #6
321 4310: 00004360 andeq r4, r0, r0, ror #6
322
323 // func_4314 main();
324 int main() {
325 // sp - 4
326 run();
327 exit(0);
328 return 0;
329 }
330 4314: e52de004 push {lr} ; (str lr, [sp, #-4]!) // sp = -4
331 4318: ebffffed bl 0x42d4 // fund_42d4
332 431c: e3a00000 mov r0, #0
333 4320: ebffff54 bl 0x4078
334 4324: e3a00000 mov r0, #0
335 4328: e49df004 pop {pc} ; (ldr pc, [sp], #4)
添付ファイル
添付ファイルを参照するには、(下のファイル一覧にあるように)attachment:filenameと記述します。 [get]リンクのURLは変更される可能性が高いので、利用しないでください。ファイルを添付する権限がありません。