OSDev.org

The Place to Start for Operating System Developers
https://f.osdev.org/

Just for the H@CK of it

https://f.osdev.org/viewtopic.php?t=31196

Page 1 of 1

Just for the H@CK of it

Posted: Tue Jan 10, 2017 5:39 pm
by mikegonta
Just for the H@CK of it here is an x86 (but not x64) executable signature which is essentially a nop in that it only modifies the flags
(but not the carry flag). An executable signature can be easily located and also run as code without ill effect.

Code: Select all

  db "H@CK"
disassembles as:

Code: Select all

  dec ax ; 'H'
  inc ax ; '@'
  inc bx ; 'C'
  dec bx ; 'K'
The interesting thing is that the same register pair of inc / dec in close proximity to each other (they don't necessarily have to follow
each other, or be any particular order) will not normally be found in working code. Because of this, really only the first two (or 4 in
32 bit) need to be located and the rest of the "word" makes a nice "Easter Egg" for H@CKers disassembling the code.

Re: Just for the H@CK of it

Posted: Tue Jan 10, 2017 6:01 pm
by bzt
Wow, nice finding!

Re: Just for the H@CK of it

Posted: Thu Jan 12, 2017 6:03 am
by mikegonta
bzt wrote:Wow, nice finding!

Code: Select all

  inc esi  ; 'F'
  inc ecx  ; 'A'
  push ebx ; 'S'
  dec ebp  ; 'M'
  dec esi
  dec ecx
  pop ebx
  inc ebp

Code: Select all

  dec esi  ; 'N'
  inc ecx  ; 'A'
  push ebx ; 'S'
  dec ebp  ; 'M'
  inc esi
  dec ecx
  pop ebx
  inc ebp

Code: Select all

  inc edx  ; 'B'
  inc ecx  ; 'A'
  push ebx ; 'S'
  dec ebp  ; 'M'
  dec edx
  dec ecx
  pop ebx
  inc ebp

Code: Select all

  jns .1   ; 'y'
           ; 'A'
  push ebx ; 'S'
  dec ebp  ; 'M'
  inc ebp
  pop ebx
  times 61 nop
.1:

Code: Select all

  dec ebp  ; 'M'
  inc ecx  ; 'A'
  push ebx ; 'S'
  dec ebp  ; 'M'
  inc ebp
  dec ecx
  pop ebx
  inc ebp

Code: Select all

  push esp ; 'T'
  inc ecx  ; 'A'
  push ebx ; 'S'
  dec ebp  ; 'M'
  inc ebp
  pop ebx
  dec ecx
  pop esp

Re: Just for the H@CK of it

Posted: Thu Jan 12, 2017 7:35 am
by dozniak

Code: Select all

push bp  'U'
push bx  'S'
inc bp   'E'
dec sp   'L'
inc bp   'E'
push bx  'S'
push bx  'S'

Re: Just for the H@CK of it

Posted: Thu Jan 12, 2017 8:39 am
by mikegonta
dozniak wrote:

Code: Select all

push bp  'U'
push bx  'S'
inc bp   'E'
dec sp   'L'
inc bp   'E'
push bx  'S'
push bx  'S'

Code: Select all

  push ebp     ; 'U'
  push ebx     ; 'S'
  inc ebp      ; 'E'
  dec ebp      ; 'M'
  dec edi      ; 'O'
  push edx     ; 'R'
  inc ebp      ; 'E'
  and eax, eax ; '!'

  pop edx
  inc edi
  pop ebx
  pop ebp

Re: Just for the H@CK of it

Posted: Thu Jan 12, 2017 8:47 am
by BrightLight
:roll: [-X

Code: Select all

use16

dec sp	; 'L'
inc cx	; 'A'
dec bp	; 'M'
inc bp	; 'E'

inc sp
dec cx

Re: Just for the H@CK of it

Posted: Thu Jan 12, 2017 9:25 am
by mikegonta
omarrx024 wrote:

Code: Select all

use16
dec sp	; 'L'
inc cx	; 'A'
dec bp	; 'M'
inc bp	; 'E'

inc sp
dec cx

Code: Select all

use16

  dec sp     ; 'L'
  inc cx     ; 'A'

  push sp    ; 'T'
  push cx    ; 'Q'
  
  pop cx     ; 'Y'
  dec di     ; 'O'
  push bp    ; 'U'
  and ax, ax ; '!'

  pop bp
  inc di
  pop sp
  dec cx
  inc sp

Re: Just for the H@CK of it

Posted: Thu Jan 12, 2017 9:33 am
by glauxosdever
Hi,


Maybe it would be better if a moderator moved it to "General Ramblings" or even "Auto Delete"?


Regards,
glauxosdever

Re: Just for the H@CK of it

Posted: Thu Jan 12, 2017 9:55 am
by mikegonta
glauxosdever wrote:Maybe it would be better ...

Code: Select all

use16
  inc di  ; 'G'
  dec sp  ; 'L'
  inc cx  ; 'A'
  jne .1  ; 'u'
          ; 'X'
  dec di  ; 'O'
  push bx ; 'S'
  pop bx
  inc di
  times 84 nop
.1:
  dec cx
  inc sp
  dec di

Re: Just for the H@CK of it

Posted: Fri Jan 13, 2017 2:28 am
by Antti

Code: Select all

/*
 * input.txt
 *   hello, world
 *
 * output.asm
 *   align 16
 *   hello_world:
 *          test al, 'h'
 *          test al, 'e'
 *          test al, 'l'
 *          test al, 'l'
 *          test al, 'o'
 *          test al, ','
 *          test al, ' '
 *          test al, 'w'
 *          test al, 'o'
 *          test al, 'r'
 *          test al, 'l'
 *          test al, 'd'
 *          test al, 0x00
 *          test al, 0x00
 *          test al, 0x00
 *          nop
 *          ret
 *
 * Example:
 *   txt2asm.exe hello_world < input.txt > output.asm
 */

#include <stdio.h>

int main(int argc, char *argv[])
{
        unsigned i;
        int c;

        if (argc != 2) {
                (void)fprintf(stderr, "Usage: %s <function>\n", argv[0]);
                return 1;
        }

        (void)fprintf(stdout, "align 16\n%s:\n", argv[1]);
        for (i = 0u; (c = getchar()) != EOF || !feof(stdin); i++)
                if (c >= 0x20 && c < 0x7F)
                        (void)fprintf(stdout, "\ttest al, '%c'\n", c);
                else if (c == 0x09 || c == 0x0A || c >= 0x7F && c <= 0xFF)
                        (void)fprintf(stdout, "\ttest al, 0x%02X\n", c);

        while (i++ % 8u != 7u)
                (void)fprintf(stdout, "\ttest al, 0x00\n");

        (void)fprintf(stdout, "\tnop\n\tret\n");

        return 0;
}
EDIT: Escape sequences are not handled properly. Not for production use.

Re: Just for the H@CK of it

Posted: Fri Jan 13, 2017 3:49 am
by mikegonta
Antti wrote:

Code: Select all

 *   hello, world

Code: Select all

  dec ax     ; 'H'
  inc bp     ; 'E'
  dec sp     ; 'L'
  dec sp     ; 'L'
  dec di     ; 'O'

  push di    ; 'W'
  dec di     ; 'O'
  push dx    ; 'R'
  dec sp     ; 'L'
  inc sp     ; 'D'
  and ax, ax ; '!'

  pop dx
  pop di
  inc di
  inc sp
  inc sp
  dec bp
  inc ax

Re: Just for the H@CK of it

Posted: Fri Jan 13, 2017 3:51 am
by dchapiesky
So this is the obfuscated assembly thread....

Re: Just for the H@CK of it

Posted: Fri Jan 13, 2017 4:36 am
by DixiumOS
Never knew

Code: Select all

test.bin:     file format binary


Disassembly of section .data:

00000000 <.data>:
   0:	4e                   	dec    %si
   1:	6b 6f 73 69          	imul   $0x69,0x73(%bx),%bp
   5:	20 73 69             	and    %dh,0x69(%bp,%di)
   8:	6b 65 6c 65          	imul   $0x65,0x6c(%di),%sp
   c:	6c                   	insb   (%dx),%es:(%di)
   d:	27                   	daa    
   e:	20 69 41             	and    %ch,0x41(%bx,%di)
  11:	66 72 69             	data32 jb 0x7d
  14:	6b 61 4d 61          	imul   $0x61,0x4d(%bx,%di),%sp
  18:	6c                   	insb   (%dx),%es:(%di)
  19:	75 70                	jne    0x8b
  1b:	68 61 6b             	push   $0x6b61
  1e:	61                   	popa   
  1f:	6e                   	outsb  %ds:(%si),(%dx)
  20:	79 69                	jns    0x8b
  22:	73 77                	jae    0x9b
  24:	20 75 70             	and    %dh,0x70(%di)
  27:	68 6f 6e             	push   $0x6e6f
  2a:	64 6f                	outsw  %fs:(%si),(%dx)
  2c:	20 49 77             	and    %cl,0x77(%bx,%di)
  2f:	61                   	popa   
  30:	79 6f                	jns    0xa1
  32:	59                   	pop    %cx
  33:	69 7a 77 61 20       	imul   $0x2061,0x77(%bp,%si),%di
  38:	69 6d 69 74 68       	imul   $0x6874,0x69(%di),%bp
  3d:	61                   	popa   
  3e:	6e                   	outsb  %ds:(%si),(%dx)
  3f:	64 61                	fs popa 
  41:	7a 6f                	jp     0xb2
  43:	20 79 65             	and    %bh,0x65(%bx,%di)
  46:	74 68                	je     0xb0
  48:	75 2c                	jne    0x76
  4a:	4e                   	dec    %si
  4b:	6b 6f 73 69          	imul   $0x69,0x73(%bx),%bp
  4f:	20 73 69             	and    %dh,0x69(%bp,%di)
  52:	6b 65 6c 65          	imul   $0x65,0x6c(%di),%sp
  56:	6c                   	insb   (%dx),%es:(%di)
  57:	61                   	popa   
  58:	2c 20                	sub    $0x20,%al
  5a:	74 68                	je     0xc4
  5c:	69 6e 61 20 6c       	imul   $0x6c20,0x61(%bp),%bp
  61:	75 73                	jne    0xd6
  63:	61                   	popa   
  64:	70 68                	jo     0xce
  66:	6f                   	outsw  %ds:(%si),(%dx)
  67:	20 49 77             	and    %cl,0x77(%bx,%di)
  6a:	61                   	popa   
  6b:	79 6f                	jns    0xdc
  6d:	2e 4d                	cs dec %bp
  6f:	6f                   	outsw  %ds:(%si),(%dx)
  70:	72 65                	jb     0xd7
  72:	6e                   	outsb  %ds:(%si),(%dx)
  73:	61                   	popa   
  74:	20 62 6f             	and    %ah,0x6f(%bp,%si)
  77:	6c                   	insb   (%dx),%es:(%di)
  78:	6f                   	outsw  %ds:(%si),(%dx)
  79:	6b 61 20 73          	imul   $0x73,0x20(%bx,%di),%sp
  7d:	65 74 6a             	gs je  0xea
  80:	68 61 62             	push   $0x6261
  83:	61                   	popa   
  84:	20 73 61             	and    %dh,0x61(%bp,%di)
  87:	20 68 65             	and    %ch,0x65(%bx,%si)
  8a:	73 6f                	jae    0xfb
  8c:	2c 4f                	sub    $0x4f,%al
  8e:	20 66 65             	and    %ah,0x65(%bp)
  91:	64 69 73 65 20 64    	imul   $0x6420,%fs:0x65(%bp,%di),%si
  97:	69 6e 74 77 61       	imul   $0x6177,0x74(%bp),%bp
  9c:	20 6c 65             	and    %ch,0x65(%si)
  9f:	20 6d 61             	and    %ch,0x61(%di)
  a2:	74 73                	je     0x117
  a4:	68 77 65             	push   $0x6577
  a7:	6e                   	outsb  %ds:(%si),(%dx)
  a8:	79 65                	jns    0x10f
  aa:	68 6f 2c             	push   $0x2c6f
  ad:	4f                   	dec    %di
  ae:	20 73 65             	and    %dh,0x65(%bp,%di)
  b1:	20 62 6f             	and    %ah,0x6f(%bp,%si)
  b4:	6c                   	insb   (%dx),%es:(%di)
  b5:	6f                   	outsw  %ds:(%si),(%dx)
  b6:	6b 65 2c 20          	imul   $0x20,0x2c(%di),%sp
  ba:	4f                   	dec    %di
  bb:	20 73 65             	and    %dh,0x65(%bp,%di)
  be:	20 62 6f             	and    %ah,0x6f(%bp,%si)
  c1:	6c                   	insb   (%dx),%es:(%di)
  c2:	6f                   	outsw  %ds:(%si),(%dx)
  c3:	6b 65 20 73          	imul   $0x73,0x20(%di),%sp
  c7:	65 74 6a             	gs je  0x134
  ca:	68 61 62             	push   $0x6261
  cd:	61                   	popa   
  ce:	20 73 61             	and    %dh,0x61(%bp,%di)
  d1:	20 68 65             	and    %ch,0x65(%bx,%si)
  d4:	73 6f                	jae    0x145
  d6:	2c 53                	sub    $0x53,%al
  d8:	65 74 6a             	gs je  0x145
  db:	68 61 62             	push   $0x6261
  de:	61                   	popa   
  df:	20 73 61             	and    %dh,0x61(%bp,%di)
  e2:	2c 20                	sub    $0x20,%al
  e4:	53                   	push   %bx
  e5:	6f                   	outsw  %ds:(%si),(%dx)
  e6:	75 74                	jne    0x15c
  e8:	68 20 41             	push   $0x4120
  eb:	66 72 69             	data32 jb 0x157
  ee:	6b 61 2c 20          	imul   $0x20,0x2c(%bx,%di),%sp
  f2:	53                   	push   %bx
  f3:	6f                   	outsw  %ds:(%si),(%dx)
  f4:	75 74                	jne    0x16a
  f6:	68 20 41             	push   $0x4120
  f9:	66 72 69             	data32 jb 0x165
  fc:	6b 61 2e 55          	imul   $0x55,0x2e(%bx,%di),%sp
 100:	69 74 20 64 69       	imul   $0x6964,0x20(%si),%si
 105:	65 20 62 6c          	and    %ah,%gs:0x6c(%bp,%si)
 109:	6f                   	outsw  %ds:(%si),(%dx)
 10a:	75 20                	jne    0x12c
 10c:	76 61                	jbe    0x16f
 10e:	6e                   	outsb  %ds:(%si),(%dx)
 10f:	20 6f 6e             	and    %ch,0x6e(%bx)
 112:	73 65                	jae    0x179
 114:	20 68 65             	and    %ch,0x65(%bx,%si)
 117:	6d                   	insw   (%dx),%es:(%di)
 118:	65 6c                	gs insb (%dx),%es:(%di)
 11a:	2c 55                	sub    $0x55,%al
 11c:	69 74 20 64 69       	imul   $0x6964,0x20(%si),%si
 121:	65 20 64 69          	and    %ah,%gs:0x69(%si)
 125:	65 70 74             	gs jo  0x19c
 128:	65 20 76 61          	and    %dh,%gs:0x61(%bp)
 12c:	6e                   	outsb  %ds:(%si),(%dx)
 12d:	20 6f 6e             	and    %ch,0x6e(%bx)
 130:	73 20                	jae    0x152
 132:	73 65                	jae    0x199
 134:	65 2c 4f             	gs sub $0x4f,%al
 137:	6f                   	outsw  %ds:(%si),(%dx)
 138:	72 20                	jb     0x15a
 13a:	6f                   	outsw  %ds:(%si),(%dx)
 13b:	6e                   	outsb  %ds:(%si),(%dx)
 13c:	73 20                	jae    0x15e
 13e:	65 77 69             	gs ja  0x1aa
 141:	67 65 20 67 65       	and    %ah,%gs:0x65(%edi)
 146:	62 65 72             	bound  %sp,0x72(%di)
 149:	67 74 65             	addr32 je 0x1b1
 14c:	73 2c                	jae    0x17a
 14e:	57                   	push   %di
 14f:	61                   	popa   
 150:	61                   	popa   
 151:	72 20                	jb     0x173
 153:	64 69 65 20 6b 72    	imul   $0x726b,%fs:0x20(%di),%sp
 159:	61                   	popa   
 15a:	6e                   	outsb  %ds:(%si),(%dx)
 15b:	73 65                	jae    0x1c2
 15d:	20 61 6e             	and    %ah,0x6e(%bx,%di)
 160:	74 77                	je     0x1d9
 162:	6f                   	outsw  %ds:(%si),(%dx)
 163:	6f                   	outsw  %ds:(%si),(%dx)
 164:	72 64                	jb     0x1ca
 166:	20 67 65             	and    %ah,0x65(%bx)
 169:	65 2c 53             	gs sub $0x53,%al
 16c:	6f                   	outsw  %ds:(%si),(%dx)
 16d:	75 6e                	jne    0x1dd
 16f:	64 73 20             	fs jae 0x192
 172:	74 68                	je     0x1dc
 174:	65 20 63 61          	and    %ah,%gs:0x61(%bp,%di)
 178:	6c                   	insb   (%dx),%es:(%di)
 179:	6c                   	insb   (%dx),%es:(%di)
 17a:	20 74 6f             	and    %dh,0x6f(%si)
 17d:	20 63 6f             	and    %ah,0x6f(%bp,%di)
 180:	6d                   	insw   (%dx),%es:(%di)
 181:	65 20 74 6f          	and    %dh,%gs:0x6f(%si)
 185:	67 65 74 68          	addr32 gs je 0x1f1
 189:	65 72 2c             	gs jb  0x1b8
 18c:	41                   	inc    %cx
 18d:	6e                   	outsb  %ds:(%si),(%dx)
 18e:	64 20 75 6e          	and    %dh,%fs:0x6e(%di)
 192:	69 74 65 64 20       	imul   $0x2064,0x65(%si),%si
 197:	77 65                	ja     0x1fe
 199:	20 73 68             	and    %dh,0x68(%bp,%di)
 19c:	61                   	popa   
 19d:	6c                   	insb   (%dx),%es:(%di)
 19e:	6c                   	insb   (%dx),%es:(%di)
 19f:	20 73 74             	and    %dh,0x74(%bp,%di)
 1a2:	61                   	popa   
 1a3:	6e                   	outsb  %ds:(%si),(%dx)
 1a4:	64 2c 4c             	fs sub $0x4c,%al
 1a7:	65 74 20             	gs je  0x1ca
 1aa:	75 73                	jne    0x21f
 1ac:	20 6c 69             	and    %ch,0x69(%si)
 1af:	76 65                	jbe    0x216
 1b1:	20 61 6e             	and    %ah,0x6e(%bx,%di)
 1b4:	64 20 73 74          	and    %dh,%fs:0x74(%bp,%di)
 1b8:	72 69                	jb     0x223
 1ba:	76 65                	jbe    0x221
 1bc:	20 66 6f             	and    %ah,0x6f(%bp)
 1bf:	72 20                	jb     0x1e1
 1c1:	66 72 65             	data32 jb 0x229
 1c4:	65 64 6f             	gs outsw %fs:(%si),(%dx)
 1c7:	6d                   	insw   (%dx),%es:(%di)
 1c8:	49                   	dec    %cx
 1c9:	6e                   	outsb  %ds:(%si),(%dx)
 1ca:	20 53 6f             	and    %dl,0x6f(%bp,%di)
 1cd:	75 74                	jne    0x243
 1cf:	68 20 41             	push   $0x4120
 1d2:	66 72 69             	data32 jb 0x23e
 1d5:	63 61 20             	arpl   %sp,0x20(%bx,%di)
 1d8:	6f                   	outsw  %ds:(%si),(%dx)
 1d9:	75 72                	jne    0x24d
 1db:	20 6c 61             	and    %ch,0x61(%si)
 1de:	6e                   	outsb  %ds:(%si),(%dx)
 1df:	64                   	fs
 1e0:	21                   	.byte 0x21
was the same as

Code: Select all

db "Nkosi sikelel' iAfrika"
db "Maluphakanyisw uphondo Iwayo"
db "Yizwa imithandazo yethu,"
db "Nkosi sikelela, thina lusapho Iwayo."
db "Morena boloka setjhaba sa heso,"
db "O fedise dintwa le matshwenyeho,"
db "O se boloke, O se boloke setjhaba sa heso,"
db "Setjhaba sa, South Afrika, South Afrika."
db "Uit die blou van onse hemel,"
db "Uit die diepte van ons see,"
db "Oor ons ewige gebergtes,"
db "Waar die kranse antwoord gee,"
db "Sounds the call to come together,"
db "And united we shall stand,"
db "Let us live and strive for freedom"
db "In South Africa our land!"
sorry for using the south african anthem yet again
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited