# ructf2010 histograph disassembler # http://smokedchicken.org import array, struct import sys filename = sys.argv[1] f = file(filename, 'rb') action = f.read() f.close() action_len = len(action) action = action + "\x00"*(32768 - action_len) data = bytearray(action) count = 0 ip = 0 while count < 10000: cmd = data[ip] print "%04x" % ip, if cmd == 0: ip += 1 var = data[ip] + data[ip + 1]*256 ip += 2 value = data[ip] + data[ip + 1]*256 ip += 2 print "mov [0x%04x],0x%04x" % (var, value) elif cmd == 1: ip += 1 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "mov [0x%04x],[0x%04x]" % (var1, var2) elif cmd == 2: ip += 1 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "add [0x%04x],[0x%04x]" % (var1, var2) elif cmd == 3: ip += 1 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "sub [0x%04x],[0x%04x]" % (var1, var2) elif cmd == 4: ip += 1 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "mul [0x%04x],[0x%04x]" % (var1, var2) elif cmd == 0x0B: ip += 1 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "div [0x%04x],[0x%04x]" % (var1, var2) elif cmd == 5: ip += 1 dest = data[ip] + data[ip + 1]*256 ip += 2 print "jmp 0x%04x" % dest elif cmd == 6: ip += 1 dest = data[ip] + data[ip + 1]*256 ip += 2 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "je 0x%04x,[0x%04x],[0x%04x]" % (dest, var1, var2) elif cmd == 7: ip += 1 dest = data[ip] + data[ip + 1]*256 ip += 2 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "jg 0x%04x,[0x%04x],[0x%04x]" % (dest, var1, var2) elif cmd == 8: ip += 1 dest = data[ip] + data[ip + 1]*256 ip += 2 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "jl 0x%04x,[0x%04x],[0x%04x]" % (dest, var1, var2) elif cmd == 9: ip += 1 dest = data[ip] + data[ip + 1]*256 ip += 2 print "call 0x%04x" % dest elif cmd == 0x0A: ip += 1 bytes = data[ip] + data[ip + 1]*256 ip += 2 print "retn 0x%04x" % bytes elif cmd == 0x10: ip += 1 var = data[ip] + data[ip + 1]*256 ip += 2 print "fgetc [0x%04x], infile" % var elif cmd == 0x11: ip += 1 var = data[ip] + data[ip + 1]*256 ip += 2 print "fputc *[0x%04x], outfile" % var elif cmd == 0x12: ip += 1 var = data[ip] + data[ip + 1]*256 ip += 2 print "putchar *[0x%04x]" % var elif cmd == 0x13: ip += 1 var = data[ip] + data[ip + 1]*256 ip += 2 print "system *[0x%04x]" % var elif cmd == 0x20: ip += 1 var = data[ip] + data[ip + 1]*256 ip += 2 print "push [0x%04x]" % var elif cmd == 0x21: ip += 1 var = data[ip] + data[ip + 1]*256 ip += 2 print "pop [0x%04x]" % var elif cmd == 0x22: ip += 1 size = data[ip] + data[ip + 1]*256 ip += 2 print "enter 0x%04x" % size elif cmd == 0x23: ip += 1 print "leave" elif cmd == 0x24: ip += 1 var = data[ip] + data[ip + 1]*256 ip += 2 print "mov [0x%04x],bp" % var elif cmd == 0x25: ip += 1 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "mov [0x%04x],*[0x%04x]" % (var1, var2) elif cmd == 0x26: ip += 1 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "mov *[0x%04x],[0x%04x]" % (var1, var2) elif cmd == 0x40: ip += 1 print "debug instruction" elif cmd == 0x41: ip += 1 print "head content-length" elif cmd == 0x42: ip += 1 var = data[ip] + data[ip + 1]*256 ip += 2 print "prnt [0x%04x]" % var elif cmd == 0x43: ip += 1 var1 = data[ip] + data[ip + 1]*256 ip += 2 var2 = data[ip] + data[ip + 1]*256 ip += 2 print "itoa [0x%04x],*[0x%04x]" % (var1, var2) elif cmd == 0x30: ip += 1 print "exit" else: print "Undef command" break count = count + 1