Created
December 22, 2019 14:04
-
-
Save hikalium/c084c706be79938d0c26beb7c2864e3b to your computer and use it in GitHub Desktop.
Parser for SECCON 2019 final q4 box4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // box4 | |
| const fs = require('fs'); | |
| const filename = process.argv[2]; | |
| const parseTrace = | |
| (fileName) => { | |
| const trace = JSON.parse(fs.readFileSync(fileName, 'utf-8')); | |
| const base_addr = parseInt(trace[0].base_addr, 16); | |
| const branches = trace.filter(e => (e.inst_addr != undefined)).map(e => { | |
| if (e.event === 'call') { | |
| return { | |
| 'addr': (parseInt(e.inst_addr, 16) - base_addr).toString(16), | |
| 'target': (parseInt(e.target_addr, 16) - base_addr).toString(16) | |
| }; | |
| } | |
| return { | |
| 'addr': (parseInt(e.inst_addr, 16) - base_addr).toString(16), | |
| 'taken': e.branch_taken | |
| }; | |
| }); | |
| return branches; | |
| } | |
| const print = | |
| (branches) => { | |
| for (var i = 0; i < branches.length;) { | |
| const b = branches[i]; | |
| var count = 0; | |
| if (b.target === '1ead') { | |
| console.log('ADD Ev,Gv'); | |
| i += 17; | |
| continue; | |
| } | |
| if (b.target === '2159') { | |
| var zf = false; | |
| for (;;) { | |
| const c = branches[i]; | |
| if (c.addr == '21f8') break; | |
| if (c.addr == '1d06') zf = true; | |
| i++; | |
| } | |
| i++; | |
| console.log(`CMP Ev,Gv ZF=${zf}`); | |
| continue; | |
| } | |
| if (b.target === '2389') { | |
| console.log('INC r32'); | |
| i += 5; | |
| continue; | |
| } | |
| if (b.target === '28fd') { | |
| console.log('JNLE / JG'); | |
| i += 3; | |
| continue; | |
| } | |
| if (b.addr === '2949') { | |
| console.log('JNLE / JG taken'); | |
| i += 1; | |
| continue; | |
| } | |
| if (b.target === '2ebd') { | |
| console.log('mov r32, imm32'); | |
| i += 8; | |
| continue; | |
| } | |
| if (b.target === '317d') { | |
| console.log('short Jb'); | |
| i += 5; | |
| continue; | |
| } | |
| if (b.target === '3269') { | |
| console.log('HLT->END'); | |
| i += 33; | |
| continue; | |
| } | |
| if (b.addr === '97e') { | |
| console.log('PROLOGUE'); | |
| i += 79; | |
| continue; | |
| } | |
| if (b.target === '2645') { | |
| console.log('JZ/JE'); | |
| i += 2; | |
| continue; | |
| } | |
| if (b.addr === '2672') { | |
| console.log('JZ/JE taken'); | |
| i += 1; | |
| continue; | |
| } | |
| if (b.target === '2695') { | |
| console.log('JNZ/JNE'); | |
| i += 2; | |
| continue; | |
| } | |
| if (b.addr === '26c2') { | |
| console.log('JNZ/JNE taken?'); | |
| i += 1; | |
| continue; | |
| } | |
| if (b.target === '23e7') { | |
| var zf = false; | |
| var of = false; | |
| for (;;) { | |
| const c = branches[i]; | |
| if (c.addr === '1d67') break; | |
| if (c.addr === '1d41') of = true; | |
| if (c.addr === '1d06') zf = true; | |
| i++; | |
| } | |
| i++; | |
| console.log(`DEC r32 ZF=${zf} OF=${of}`); | |
| // console.log(`DEC r32`); | |
| // i++; | |
| continue; | |
| } | |
| if (b.target === '251a') { | |
| console.log('PUSH imm32'); | |
| i += 13; | |
| continue; | |
| } | |
| if (b.target === '24c3') { | |
| console.log('POP r32'); | |
| i += 7; | |
| continue; | |
| } | |
| if (b.target === '2c33') { | |
| console.log('MOV r/m32,r32'); | |
| i += 11; | |
| continue; | |
| } | |
| if (b.target === '3144') { | |
| console.log('JMP near Jz'); | |
| i += 7; | |
| continue; | |
| } | |
| if (parseInt(b.addr, 16) >= 0x39e7 && parseInt(b.addr, 16) < 0x3b86) { | |
| i += 1; | |
| continue; | |
| } | |
| while (i < branches.length && branches[i].addr == b.addr && | |
| branches[i].taken == b.taken) { | |
| count++; | |
| i++; | |
| } | |
| console.log(`${JSON.stringify(b)} * ${count}`); | |
| } | |
| console.log(branches.length); | |
| } | |
| const branches = parseTrace(filename); | |
| print(branches); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment