computing-systems-212 / Lab 1 (P1): ARM Disassembly / lab1-notes / notes-2.txt
notes-2.txt
Raw
danial27@castor:~$ ~cpen212/Public/lab1/task2gen
Generated your very own task2 for Lab 1
danial27@castor:~$ ls
cpen211  task1  task2
----------------------------------------------------------------------------------

danial27@castor:~$ xxd task2
00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000  .ELF............
00000010: 0200 b700 0100 0000 7800 4000 0000 0000  ........x.@.....
00000020: 4000 0000 0000 0000 1802 0000 0000 0000  @...............
00000030: 0000 0000 4000 3800 0100 4000 0300 0200  ....@.8...@.....
00000040: 0100 0000 0500 0000 0000 0000 0000 0000  ................
00000050: 0000 4000 0000 0000 0000 4000 0000 0000  ..@.......@.....
00000060: 0402 0000 0000 0000 0402 0000 0000 0000  ................
00000070: 0000 0100 0000 0000 f803 40f9 1f0b 00f1  ..........@.....
00000080: 2001 0054 4000 80d2 e102 0050 c205 80d2   ..T@......P....
00000090: 0808 80d2 0100 00d4 4000 80d2 a80b 80d2  ........@.......
000000a0: 0100 00d4 f80b 40f9 4200 0094 2000 80d2  ......@.B... ...
000000b0: 6101 0070 2201 0010 bf03 00f1 2100 829a  a..p".......!...
000000c0: e200 80d2 0808 80d2 0100 00d4 0000 80d2  ................
000000d0: a80b 80d2 0100 00d4 5041 5353 4544 0a46  ........PASSED.F
000000e0: 4149 4c45 440a 4552 524f 523a 206e 6565  AILED.ERROR: nee
000000f0: 6420 6578 6163 746c 7920 6f6e 6520 636f  d exactly one co
00000100: 6d6d 616e 642d 6c69 6e65 2061 7267 756d  mmand-line argum
00000110: 656e 740a 1f20 03d5 3d00 80d2 1917 4038  ent.. ..=.....@8
00000120: 5901 0034 3907 0171 e400 0054 3967 0071  Y..49..q...T9g.q
00000130: 69ff ff54 391f 0071 6400 0054 396b 0071  i..T9..qd..T9k.q
00000140: e4fe ff54 fd03 1faa c003 5fd6 1d00 8092  ...T......_.....
00000150: 1917 4038 bd07 0091 d9ff ff35 c003 5fd6  ..@8.......5.._.
00000160: fe63 bfa9 faff ff97 fe63 c1a8 1c03 1d8b  .c.......c......
00000170: 3d00 80d2 9f03 18eb c900 0054 1917 4038  =..........T..@8
00000180: 9aff 5f38 3f03 1a6b 60ff ff54 1d00 80d2  .._8?..k`..T....
00000190: c003 5fd6 fe63 bfa9 edff ff97 fe63 c1a8  .._..c.......c..
000001a0: 1917 4038 3d77 191b d9ff ff35 c003 5fd6  ..@8=w.....5.._.
000001b0: fe63 bfa9 f8ff ff97 bd1f 4092 bfe3 02f1  .c........@.....
000001c0: c101 0054 f807 40f9 e1ff ff97 bf5b 00f1  ...T..@......[..
000001d0: 4101 0054 f807 40f9 d0ff ff97 fd00 00b4  A..T..@.........
000001e0: f807 40f9 dfff ff97 9d00 00b4 3d00 80d2  ..@.........=...
000001f0: fe07 41f8 c003 5fd6 1d00 80d2 fe07 41f8  ..A..._.......A.
00000200: c003 5fd6 002e 7368 7374 7274 6162 002e  .._...shstrtab..
00000210: 7465 7874 0000 0000 0000 0000 0000 0000  text............
00000220: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000230: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000240: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000250: 0000 0000 0000 0000 0b00 0000 0100 0000  ................
00000260: 0600 0000 0000 0000 7800 4000 0000 0000  ........x.@.....
00000270: 7800 0000 0000 0000 8c01 0000 0000 0000  x...............
00000280: 0000 0000 0000 0000 0800 0000 0000 0000  ................
00000290: 0000 0000 0000 0000 0100 0000 0300 0000  ................
000002a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000002b0: 0402 0000 0000 0000 1100 0000 0000 0000  ................
000002c0: 0000 0000 0000 0000 0100 0000 0000 0000  ................
000002d0: 0000 0000 0000 0000                      ........
----------------------------------------------------------------------------------

danial27@castor:~$ objdump -d task2

task2:     file format elf64-littleaarch64


Disassembly of section .text:

0000000000400078 <.text>:
  400078:	f94003f8 	ldr	x24, [sp]                           // _start: load command-line arg from stack to x24 (callee-saved)
  40007c:	f1000b1f 	cmp	x24, #0x2                           // compare to ensure 1 argument is provided with ./task2
  400080:	54000120 	b.eq	0x4000a4  // b.none               // if true, jump to 0x4000a4 - JUMP1
  400084:	d2800040 	mov	x0, #0x2                   	// #2   // move number 2 into x0
  400088:	500002e1 	adr	x1, 0x4000e6                        // store address of 4000e6 into x1 - ERROR string
  40008c:	d28005c2 	mov	x2, #0x2e                  	// #46  // mov number 46 into x2
  400090:	d2800808 	mov	x8, #0x40                  	// #64  // move write syscall to x8
  400094:	d4000001 	svc	#0x0                                // system call to write 
  400098:	d2800040 	mov	x0, #0x2                   	// #2   // move number 2 into x0
  40009c:	d2800ba8 	mov	x8, #0x5d                  	// #93  // move exit system call to x8
  4000a0:	d4000001 	svc	#0x0                                // system call to exit (FAILURE ENDING)
  4000a4:	f9400bf8 	ldr	x24, [sp, #16]                      // JUMP1: load x24 register (doesnt affect orig) from stack above two addr
  4000a8:	94000042 	bl	0x4001b0                            // branch with link to 0x4001b0 - JUMP2
  4000ac:	d2800020 	mov	x0, #0x1                   	// #1   // move number 1 into x0
  4000b0:	70000161 	adr	x1, 0x4000df // FAIL                // store address of 0x4000df into x1
  4000b4:	10000122 	adr	x2, 0x4000d8 // PASS                // store address of 0x4000d8 into x2
  4000b8:	f10003bf 	cmp	x29, #0x0                           // compare x29 with number 0
  4000bc:	9a820021 	csel	x1, x1, x2, eq  // eq = none      // If equal, then x1=x1, else x1=x2
  4000c0:	d28000e2 	mov	x2, #0x7                   	// #7   // move 7 into x2
  4000c4:	d2800808 	mov	x8, #0x40                  	// #64  // move write syscall to x8
  4000c8:	d4000001 	svc	#0x0                                // system call to write 
  4000cc:	d2800000 	mov	x0, #0x0                   	// #0   // move 0 to exit code register
  4000d0:	d2800ba8 	mov	x8, #0x5d                  	// #93  // move exit system call to x8
  4000d4:	d4000001 	svc	#0x0                                // system call to exit
  4000d8:	53534150 	.inst	0x53534150 ; undefined
  4000dc:	460a4445 	.inst	0x460a4445 ; undefined
  4000e0:	454c4941 	uaddwb	z1.h, z10.h, z12.b
  4000e4:	52450a44 	.inst	0x52450a44 ; undefined
  4000e8:	3a524f52 	.inst	0x3a524f52 ; undefined
  4000ec:	65656e20 	fnmls	z0.h, p3/m, z17.h, z5.h
  4000f0:	78652064 	ldeorlh	w5, w4, [x3]
  4000f4:	6c746361 	ldnp	d1, d24, [x27, #-192]
  4000f8:	6e6f2079 	usubl2	v25.4s, v3.8h, v15.8h
  4000fc:	6f632065 	umlal2	v5.4s, v3.8h, v3.h[2]
  400100:	6e616d6d 	umin	v13.8h, v11.8h, v1.8h
  400104:	696c2d64 	ldpsw	x4, x11, [x11, #-160]
  400108:	6120656e 	.inst	0x6120656e ; undefined
  40010c:	6d756772 	ldp	d18, d25, [x27, #-176]
  400110:	0a746e65 	bic	w5, w19, w20, lsr #27
  400114:	d503201f 	nop
  400118:	d280003d 	mov	x29, #0x1                   	// #1   // JUMP13: move number 1 into reg x29
  40011c:	38401719 	ldrb	w25, [x24], #1                      // SKIP3: load register byte password (one letter at a time #1) to w25
  400120:	34000159 	cbz	w25, 0x400148                         // if zero, skip to SKIP1
  400124:	71010739 	subs	w25, w25, #0x41                     // subtract number 65 from loaded register byte
  400128:	540000e4 	b.mi	0x400144  // b.first                // branch if negative to SKIP2
  40012c:	71006739 	subs	w25, w25, #0x19                     // subtract number 25 from loaded register byte
  400130:	54ffff69 	b.ls	0x40011c  // b.plast                // branch if unsigned less than or equal to SKIP3
  400134:	71001f39 	subs	w25, w25, #0x7                      // subtract number 7 from loaded register byte
  400138:	54000064 	b.mi	0x400144  // b.first                // branch if negative to SKIP2
  40013c:	71006b39 	subs	w25, w25, #0x1a                     // subtract 26 from loaded register byte
  400140:	54fffee4 	b.mi	0x40011c  // b.first                // branch if negative to SKIP3
  400144:	aa1f03fd 	mov	x29, xzr                      // sp   // SKIP2: move sp into reg x29
  400148:	d65f03c0 	ret                                       // SKIP1: return to JUMP13 trigger
  40014c:	9280001d 	mov	x29, #0xffffffffffffffff    	// #-1  // JUMP4/JUMP11/JUMP21: mov -1 into register x29, counter start
  400150:	38401719 	ldrb	w25, [x24], #1                      // load register byte password (one letter at a time #1) to w25
  400154:	910007bd 	add	x29, x29, #0x1                        // increment counter by one, register x29
  400158:	35ffffd9 	cbnz	w25, 0x400150                       // keep looping through letters until zero-terminated
  40015c:	d65f03c0 	ret                                       // return to JUMP4/JUMP11/JUMP21 trigger
  400160:	a9bf63fe 	stp	x30, x24, [sp, #-16]!                 // JUMP20: Store pair of reg (x30,x24) to stack below two addr (pre-index)
  400164:	97fffffa 	bl	0x40014c                              // branch with link - JUMP21
  400168:	a8c163fe 	ldp	x30, x24, [sp], #16                   // load pair of registers back from stack
  40016c:	8b1d031c 	add	x28, x24, x29                         // add x24 and x29 and store in x28
  400170:	d280003d 	mov	x29, #0x1                   	// #1   // mov 1 into x29
  400174:	eb18039f 	cmp	x28, x24                              // SKIP6: compare x28 and x24
  400178:	540000c9 	b.ls	0x400190  // b.plast                // branch if unsigned less than or equal to SKIP5
  40017c:	38401719 	ldrb	w25, [x24], #1                      // load register byte password (one letter at a time #1) to w25
  400180:	385fff9a 	ldrb	w26, [x28, #-1]!                    // load register byte password (one letter at a time #1) to w26 WTFFFF
  400184:	6b1a033f 	cmp	w25, w26                              // compare w25 and w26
  400188:	54ffff60 	b.eq	0x400174  // b.none                 // if equal, jump to SKIP6
  40018c:	d280001d 	mov	x29, #0x0                   	// #0   // move 0 into x29
  400190:	d65f03c0 	ret                                       // SKIP5: return from JUMP20 trigger
  400194:	a9bf63fe 	stp	x30, x24, [sp, #-16]!         // lr   // JUMP3: Store pair of reg (x30,x24) to stack below two addr (pre-index)
  400198:	97ffffed 	bl	0x40014c                              // branch with link to 0x40014c - JUMP4
  40019c:	a8c163fe 	ldp	x30, x24, [sp], #16           // lr   // load pair of registers back from stack
  4001a0:	38401719 	ldrb	w25, [x24], #1                      // load register byte password (one letter at a time #1) to w25
  4001a4:	1b19773d 	madd	w29, w25, w25, w29                  // multiply w25 with w25 and add w29, save in w29
  4001a8:	35ffffd9 	cbnz	w25, 0x4001a0                       // keep looping through letters until zero-terminated
  4001ac:	d65f03c0 	ret                                       // return to JUMP3 trigger
  4001b0:	a9bf63fe 	stp	x30, x24, [sp, #-16]!         // lr   // JUMP2: Store pair of reg (x30,x24) to stack below two addr (pre-index)
  4001b4:	97fffff8 	bl	0x400194                              // branch with link to 0x400194 - JUMP3
  4001b8:	92401fbd 	and	x29, x29, #0xff                       // ands to mask x29 reg to keep last 8 bits
  4001bc:	f102e3bf 	cmp	x29, #0xb8                            // compares x29 with number 184
  4001c0:	540001c1 	b.ne	0x4001f8  // b.any                  // branch to 0x4001f8 if not equal - JUMP10
  4001c4:	f94007f8 	ldr	x24, [sp, #8]                         // load x24 with stack pointer above one addr
  4001c8:	97ffffe1 	bl	0x40014c                              // branch with link to 0x40014c - JUMP11
  4001cc:	f1005bbf 	cmp	x29, #0x16                            // compares x29 with number 22
  4001d0:	54000141 	b.ne	0x4001f8  // b.any                  // branch to 0x4001f8 if not equal - JUMP12
  4001d4:	f94007f8 	ldr	x24, [sp, #8]                         // load x24 with stack pointer above one addr
  4001d8:	97ffffd0 	bl	0x400118                              // branch with link to 0x400118 - JUMP13
  4001dc:	b40000fd 	cbz	x29, 0x4001f8                         // if x29 is zero - JUMP14
  4001e0:	f94007f8 	ldr	x24, [sp, #8]                         // load x24 with stack pointer above one addr
  4001e4:	97ffffdf 	bl	0x400160                              // branch with link  - JUMP20
  4001e8:	b400009d 	cbz	x29, 0x4001f8                         // branch if zero to  - JUMP22
  4001ec:	d280003d 	mov	x29, #0x1                   	// #1   // move 1 into x29
  4001f0:	f84107fe 	ldr	x30, [sp], #16                        // load lr with stack shifted up two addr
  4001f4:	d65f03c0 	ret                                       // return to JUMP 2 trigger
  4001f8:	d280001d 	mov	x29, #0x0                   	// #0   // JUMP10/JUMP12/JUMP14/JUMP22: moves 0 into x29 counter register
  4001fc:	f84107fe 	ldr	x30, [sp], #16                        // retrieves stack pointer to return to
  400200:	d65f03c0 	ret                                       // return to JUMP10/JUMP12/JUMP14 trigger
  ----------------------------------------------------------------------------------

Setup: 
- display/x {$sp, $x0, $x24, $w25, $w26, $x28, $x29, $x30}
- layout regs
- focus cmd

- RULE 1: Password is length 22
- RULE 2: No characters below hex A and above hex z and no numbers
- RULE 3: MUST BE SYMMETRICAL
- RULE 4: Must have hex square sum + length contain 0xb8 in last 8 bits

danial27@castor:~$ ./task2 ZMfijijklmnnmlkjijifMZ
PASSED