danial27@castor:~$ ~cpen212/Public/lab1/task2gen
Generated your very own task2 for Lab 1
danial27@castor:~$ ls
cpen211 task1 task2
----------------------------------------------------------------------------------
danial27@castor:~$ xxd task2
00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000 .ELF............
00000010: 0200 b700 0100 0000 7800 4000 0000 0000 ........x.@.....
00000020: 4000 0000 0000 0000 1802 0000 0000 0000 @...............
00000030: 0000 0000 4000 3800 0100 4000 0300 0200 ....@.8...@.....
00000040: 0100 0000 0500 0000 0000 0000 0000 0000 ................
00000050: 0000 4000 0000 0000 0000 4000 0000 0000 ..@.......@.....
00000060: 0402 0000 0000 0000 0402 0000 0000 0000 ................
00000070: 0000 0100 0000 0000 f803 40f9 1f0b 00f1 ..........@.....
00000080: 2001 0054 4000 80d2 e102 0050 c205 80d2 ..T@......P....
00000090: 0808 80d2 0100 00d4 4000 80d2 a80b 80d2 ........@.......
000000a0: 0100 00d4 f80b 40f9 4200 0094 2000 80d2 ......@.B... ...
000000b0: 6101 0070 2201 0010 bf03 00f1 2100 829a a..p".......!...
000000c0: e200 80d2 0808 80d2 0100 00d4 0000 80d2 ................
000000d0: a80b 80d2 0100 00d4 5041 5353 4544 0a46 ........PASSED.F
000000e0: 4149 4c45 440a 4552 524f 523a 206e 6565 AILED.ERROR: nee
000000f0: 6420 6578 6163 746c 7920 6f6e 6520 636f d exactly one co
00000100: 6d6d 616e 642d 6c69 6e65 2061 7267 756d mmand-line argum
00000110: 656e 740a 1f20 03d5 3d00 80d2 1917 4038 ent.. ..=.....@8
00000120: 5901 0034 3907 0171 e400 0054 3967 0071 Y..49..q...T9g.q
00000130: 69ff ff54 391f 0071 6400 0054 396b 0071 i..T9..qd..T9k.q
00000140: e4fe ff54 fd03 1faa c003 5fd6 1d00 8092 ...T......_.....
00000150: 1917 4038 bd07 0091 d9ff ff35 c003 5fd6 ..@8.......5.._.
00000160: fe63 bfa9 faff ff97 fe63 c1a8 1c03 1d8b .c.......c......
00000170: 3d00 80d2 9f03 18eb c900 0054 1917 4038 =..........T..@8
00000180: 9aff 5f38 3f03 1a6b 60ff ff54 1d00 80d2 .._8?..k`..T....
00000190: c003 5fd6 fe63 bfa9 edff ff97 fe63 c1a8 .._..c.......c..
000001a0: 1917 4038 3d77 191b d9ff ff35 c003 5fd6 ..@8=w.....5.._.
000001b0: fe63 bfa9 f8ff ff97 bd1f 4092 bfe3 02f1 .c........@.....
000001c0: c101 0054 f807 40f9 e1ff ff97 bf5b 00f1 ...T..@......[..
000001d0: 4101 0054 f807 40f9 d0ff ff97 fd00 00b4 A..T..@.........
000001e0: f807 40f9 dfff ff97 9d00 00b4 3d00 80d2 ..@.........=...
000001f0: fe07 41f8 c003 5fd6 1d00 80d2 fe07 41f8 ..A..._.......A.
00000200: c003 5fd6 002e 7368 7374 7274 6162 002e .._...shstrtab..
00000210: 7465 7874 0000 0000 0000 0000 0000 0000 text............
00000220: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000230: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000240: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000250: 0000 0000 0000 0000 0b00 0000 0100 0000 ................
00000260: 0600 0000 0000 0000 7800 4000 0000 0000 ........x.@.....
00000270: 7800 0000 0000 0000 8c01 0000 0000 0000 x...............
00000280: 0000 0000 0000 0000 0800 0000 0000 0000 ................
00000290: 0000 0000 0000 0000 0100 0000 0300 0000 ................
000002a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000002b0: 0402 0000 0000 0000 1100 0000 0000 0000 ................
000002c0: 0000 0000 0000 0000 0100 0000 0000 0000 ................
000002d0: 0000 0000 0000 0000 ........
----------------------------------------------------------------------------------
danial27@castor:~$ objdump -d task2
task2: file format elf64-littleaarch64
Disassembly of section .text:
0000000000400078 <.text>:
400078: f94003f8 ldr x24, [sp] // _start: load command-line arg from stack to x24 (callee-saved)
40007c: f1000b1f cmp x24, #0x2 // compare to ensure 1 argument is provided with ./task2
400080: 54000120 b.eq 0x4000a4 // b.none // if true, jump to 0x4000a4 - JUMP1
400084: d2800040 mov x0, #0x2 // #2 // move number 2 into x0
400088: 500002e1 adr x1, 0x4000e6 // store address of 4000e6 into x1 - ERROR string
40008c: d28005c2 mov x2, #0x2e // #46 // mov number 46 into x2
400090: d2800808 mov x8, #0x40 // #64 // move write syscall to x8
400094: d4000001 svc #0x0 // system call to write
400098: d2800040 mov x0, #0x2 // #2 // move number 2 into x0
40009c: d2800ba8 mov x8, #0x5d // #93 // move exit system call to x8
4000a0: d4000001 svc #0x0 // system call to exit (FAILURE ENDING)
4000a4: f9400bf8 ldr x24, [sp, #16] // JUMP1: load x24 register (doesnt affect orig) from stack above two addr
4000a8: 94000042 bl 0x4001b0 // branch with link to 0x4001b0 - JUMP2
4000ac: d2800020 mov x0, #0x1 // #1 // move number 1 into x0
4000b0: 70000161 adr x1, 0x4000df // FAIL // store address of 0x4000df into x1
4000b4: 10000122 adr x2, 0x4000d8 // PASS // store address of 0x4000d8 into x2
4000b8: f10003bf cmp x29, #0x0 // compare x29 with number 0
4000bc: 9a820021 csel x1, x1, x2, eq // eq = none // If equal, then x1=x1, else x1=x2
4000c0: d28000e2 mov x2, #0x7 // #7 // move 7 into x2
4000c4: d2800808 mov x8, #0x40 // #64 // move write syscall to x8
4000c8: d4000001 svc #0x0 // system call to write
4000cc: d2800000 mov x0, #0x0 // #0 // move 0 to exit code register
4000d0: d2800ba8 mov x8, #0x5d // #93 // move exit system call to x8
4000d4: d4000001 svc #0x0 // system call to exit
4000d8: 53534150 .inst 0x53534150 ; undefined
4000dc: 460a4445 .inst 0x460a4445 ; undefined
4000e0: 454c4941 uaddwb z1.h, z10.h, z12.b
4000e4: 52450a44 .inst 0x52450a44 ; undefined
4000e8: 3a524f52 .inst 0x3a524f52 ; undefined
4000ec: 65656e20 fnmls z0.h, p3/m, z17.h, z5.h
4000f0: 78652064 ldeorlh w5, w4, [x3]
4000f4: 6c746361 ldnp d1, d24, [x27, #-192]
4000f8: 6e6f2079 usubl2 v25.4s, v3.8h, v15.8h
4000fc: 6f632065 umlal2 v5.4s, v3.8h, v3.h[2]
400100: 6e616d6d umin v13.8h, v11.8h, v1.8h
400104: 696c2d64 ldpsw x4, x11, [x11, #-160]
400108: 6120656e .inst 0x6120656e ; undefined
40010c: 6d756772 ldp d18, d25, [x27, #-176]
400110: 0a746e65 bic w5, w19, w20, lsr #27
400114: d503201f nop
400118: d280003d mov x29, #0x1 // #1 // JUMP13: move number 1 into reg x29
40011c: 38401719 ldrb w25, [x24], #1 // SKIP3: load register byte password (one letter at a time #1) to w25
400120: 34000159 cbz w25, 0x400148 // if zero, skip to SKIP1
400124: 71010739 subs w25, w25, #0x41 // subtract number 65 from loaded register byte
400128: 540000e4 b.mi 0x400144 // b.first // branch if negative to SKIP2
40012c: 71006739 subs w25, w25, #0x19 // subtract number 25 from loaded register byte
400130: 54ffff69 b.ls 0x40011c // b.plast // branch if unsigned less than or equal to SKIP3
400134: 71001f39 subs w25, w25, #0x7 // subtract number 7 from loaded register byte
400138: 54000064 b.mi 0x400144 // b.first // branch if negative to SKIP2
40013c: 71006b39 subs w25, w25, #0x1a // subtract 26 from loaded register byte
400140: 54fffee4 b.mi 0x40011c // b.first // branch if negative to SKIP3
400144: aa1f03fd mov x29, xzr // sp // SKIP2: move sp into reg x29
400148: d65f03c0 ret // SKIP1: return to JUMP13 trigger
40014c: 9280001d mov x29, #0xffffffffffffffff // #-1 // JUMP4/JUMP11/JUMP21: mov -1 into register x29, counter start
400150: 38401719 ldrb w25, [x24], #1 // load register byte password (one letter at a time #1) to w25
400154: 910007bd add x29, x29, #0x1 // increment counter by one, register x29
400158: 35ffffd9 cbnz w25, 0x400150 // keep looping through letters until zero-terminated
40015c: d65f03c0 ret // return to JUMP4/JUMP11/JUMP21 trigger
400160: a9bf63fe stp x30, x24, [sp, #-16]! // JUMP20: Store pair of reg (x30,x24) to stack below two addr (pre-index)
400164: 97fffffa bl 0x40014c // branch with link - JUMP21
400168: a8c163fe ldp x30, x24, [sp], #16 // load pair of registers back from stack
40016c: 8b1d031c add x28, x24, x29 // add x24 and x29 and store in x28
400170: d280003d mov x29, #0x1 // #1 // mov 1 into x29
400174: eb18039f cmp x28, x24 // SKIP6: compare x28 and x24
400178: 540000c9 b.ls 0x400190 // b.plast // branch if unsigned less than or equal to SKIP5
40017c: 38401719 ldrb w25, [x24], #1 // load register byte password (one letter at a time #1) to w25
400180: 385fff9a ldrb w26, [x28, #-1]! // load register byte password (one letter at a time #1) to w26 WTFFFF
400184: 6b1a033f cmp w25, w26 // compare w25 and w26
400188: 54ffff60 b.eq 0x400174 // b.none // if equal, jump to SKIP6
40018c: d280001d mov x29, #0x0 // #0 // move 0 into x29
400190: d65f03c0 ret // SKIP5: return from JUMP20 trigger
400194: a9bf63fe stp x30, x24, [sp, #-16]! // lr // JUMP3: Store pair of reg (x30,x24) to stack below two addr (pre-index)
400198: 97ffffed bl 0x40014c // branch with link to 0x40014c - JUMP4
40019c: a8c163fe ldp x30, x24, [sp], #16 // lr // load pair of registers back from stack
4001a0: 38401719 ldrb w25, [x24], #1 // load register byte password (one letter at a time #1) to w25
4001a4: 1b19773d madd w29, w25, w25, w29 // multiply w25 with w25 and add w29, save in w29
4001a8: 35ffffd9 cbnz w25, 0x4001a0 // keep looping through letters until zero-terminated
4001ac: d65f03c0 ret // return to JUMP3 trigger
4001b0: a9bf63fe stp x30, x24, [sp, #-16]! // lr // JUMP2: Store pair of reg (x30,x24) to stack below two addr (pre-index)
4001b4: 97fffff8 bl 0x400194 // branch with link to 0x400194 - JUMP3
4001b8: 92401fbd and x29, x29, #0xff // ands to mask x29 reg to keep last 8 bits
4001bc: f102e3bf cmp x29, #0xb8 // compares x29 with number 184
4001c0: 540001c1 b.ne 0x4001f8 // b.any // branch to 0x4001f8 if not equal - JUMP10
4001c4: f94007f8 ldr x24, [sp, #8] // load x24 with stack pointer above one addr
4001c8: 97ffffe1 bl 0x40014c // branch with link to 0x40014c - JUMP11
4001cc: f1005bbf cmp x29, #0x16 // compares x29 with number 22
4001d0: 54000141 b.ne 0x4001f8 // b.any // branch to 0x4001f8 if not equal - JUMP12
4001d4: f94007f8 ldr x24, [sp, #8] // load x24 with stack pointer above one addr
4001d8: 97ffffd0 bl 0x400118 // branch with link to 0x400118 - JUMP13
4001dc: b40000fd cbz x29, 0x4001f8 // if x29 is zero - JUMP14
4001e0: f94007f8 ldr x24, [sp, #8] // load x24 with stack pointer above one addr
4001e4: 97ffffdf bl 0x400160 // branch with link - JUMP20
4001e8: b400009d cbz x29, 0x4001f8 // branch if zero to - JUMP22
4001ec: d280003d mov x29, #0x1 // #1 // move 1 into x29
4001f0: f84107fe ldr x30, [sp], #16 // load lr with stack shifted up two addr
4001f4: d65f03c0 ret // return to JUMP 2 trigger
4001f8: d280001d mov x29, #0x0 // #0 // JUMP10/JUMP12/JUMP14/JUMP22: moves 0 into x29 counter register
4001fc: f84107fe ldr x30, [sp], #16 // retrieves stack pointer to return to
400200: d65f03c0 ret // return to JUMP10/JUMP12/JUMP14 trigger
----------------------------------------------------------------------------------
Setup:
- display/x {$sp, $x0, $x24, $w25, $w26, $x28, $x29, $x30}
- layout regs
- focus cmd
- RULE 1: Password is length 22
- RULE 2: No characters below hex A and above hex z and no numbers
- RULE 3: MUST BE SYMMETRICAL
- RULE 4: Must have hex square sum + length contain 0xb8 in last 8 bits
danial27@castor:~$ ./task2 ZMfijijklmnnmlkjijifMZ
PASSED