danial27@castor:~$ ~cpen212/Public/lab1/task2gen Generated your very own task2 for Lab 1 danial27@castor:~$ ls cpen211 task1 task2 ---------------------------------------------------------------------------------- danial27@castor:~$ xxd task2 00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000 .ELF............ 00000010: 0200 b700 0100 0000 7800 4000 0000 0000 ........x.@..... 00000020: 4000 0000 0000 0000 1802 0000 0000 0000 @............... 00000030: 0000 0000 4000 3800 0100 4000 0300 0200 ....@.8...@..... 00000040: 0100 0000 0500 0000 0000 0000 0000 0000 ................ 00000050: 0000 4000 0000 0000 0000 4000 0000 0000 ..@.......@..... 00000060: 0402 0000 0000 0000 0402 0000 0000 0000 ................ 00000070: 0000 0100 0000 0000 f803 40f9 1f0b 00f1 ..........@..... 00000080: 2001 0054 4000 80d2 e102 0050 c205 80d2 ..T@......P.... 00000090: 0808 80d2 0100 00d4 4000 80d2 a80b 80d2 ........@....... 000000a0: 0100 00d4 f80b 40f9 4200 0094 2000 80d2 ......@.B... ... 000000b0: 6101 0070 2201 0010 bf03 00f1 2100 829a a..p".......!... 000000c0: e200 80d2 0808 80d2 0100 00d4 0000 80d2 ................ 000000d0: a80b 80d2 0100 00d4 5041 5353 4544 0a46 ........PASSED.F 000000e0: 4149 4c45 440a 4552 524f 523a 206e 6565 AILED.ERROR: nee 000000f0: 6420 6578 6163 746c 7920 6f6e 6520 636f d exactly one co 00000100: 6d6d 616e 642d 6c69 6e65 2061 7267 756d mmand-line argum 00000110: 656e 740a 1f20 03d5 3d00 80d2 1917 4038 ent.. ..=.....@8 00000120: 5901 0034 3907 0171 e400 0054 3967 0071 Y..49..q...T9g.q 00000130: 69ff ff54 391f 0071 6400 0054 396b 0071 i..T9..qd..T9k.q 00000140: e4fe ff54 fd03 1faa c003 5fd6 1d00 8092 ...T......_..... 00000150: 1917 4038 bd07 0091 d9ff ff35 c003 5fd6 ..@8.......5.._. 00000160: fe63 bfa9 faff ff97 fe63 c1a8 1c03 1d8b .c.......c...... 00000170: 3d00 80d2 9f03 18eb c900 0054 1917 4038 =..........T..@8 00000180: 9aff 5f38 3f03 1a6b 60ff ff54 1d00 80d2 .._8?..k`..T.... 00000190: c003 5fd6 fe63 bfa9 edff ff97 fe63 c1a8 .._..c.......c.. 000001a0: 1917 4038 3d77 191b d9ff ff35 c003 5fd6 ..@8=w.....5.._. 000001b0: fe63 bfa9 f8ff ff97 bd1f 4092 bfe3 02f1 .c........@..... 000001c0: c101 0054 f807 40f9 e1ff ff97 bf5b 00f1 ...T..@......[.. 000001d0: 4101 0054 f807 40f9 d0ff ff97 fd00 00b4 A..T..@......... 000001e0: f807 40f9 dfff ff97 9d00 00b4 3d00 80d2 ..@.........=... 000001f0: fe07 41f8 c003 5fd6 1d00 80d2 fe07 41f8 ..A..._.......A. 00000200: c003 5fd6 002e 7368 7374 7274 6162 002e .._...shstrtab.. 00000210: 7465 7874 0000 0000 0000 0000 0000 0000 text............ 00000220: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000230: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000240: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000250: 0000 0000 0000 0000 0b00 0000 0100 0000 ................ 00000260: 0600 0000 0000 0000 7800 4000 0000 0000 ........x.@..... 00000270: 7800 0000 0000 0000 8c01 0000 0000 0000 x............... 00000280: 0000 0000 0000 0000 0800 0000 0000 0000 ................ 00000290: 0000 0000 0000 0000 0100 0000 0300 0000 ................ 000002a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 000002b0: 0402 0000 0000 0000 1100 0000 0000 0000 ................ 000002c0: 0000 0000 0000 0000 0100 0000 0000 0000 ................ 000002d0: 0000 0000 0000 0000 ........ ---------------------------------------------------------------------------------- danial27@castor:~$ objdump -d task2 task2: file format elf64-littleaarch64 Disassembly of section .text: 0000000000400078 <.text>: 400078: f94003f8 ldr x24, [sp] // _start: load command-line arg from stack to x24 (callee-saved) 40007c: f1000b1f cmp x24, #0x2 // compare to ensure 1 argument is provided with ./task2 400080: 54000120 b.eq 0x4000a4 // b.none // if true, jump to 0x4000a4 - JUMP1 400084: d2800040 mov x0, #0x2 // #2 // move number 2 into x0 400088: 500002e1 adr x1, 0x4000e6 // store address of 4000e6 into x1 - ERROR string 40008c: d28005c2 mov x2, #0x2e // #46 // mov number 46 into x2 400090: d2800808 mov x8, #0x40 // #64 // move write syscall to x8 400094: d4000001 svc #0x0 // system call to write 400098: d2800040 mov x0, #0x2 // #2 // move number 2 into x0 40009c: d2800ba8 mov x8, #0x5d // #93 // move exit system call to x8 4000a0: d4000001 svc #0x0 // system call to exit (FAILURE ENDING) 4000a4: f9400bf8 ldr x24, [sp, #16] // JUMP1: load x24 register (doesnt affect orig) from stack above two addr 4000a8: 94000042 bl 0x4001b0 // branch with link to 0x4001b0 - JUMP2 4000ac: d2800020 mov x0, #0x1 // #1 // move number 1 into x0 4000b0: 70000161 adr x1, 0x4000df // FAIL // store address of 0x4000df into x1 4000b4: 10000122 adr x2, 0x4000d8 // PASS // store address of 0x4000d8 into x2 4000b8: f10003bf cmp x29, #0x0 // compare x29 with number 0 4000bc: 9a820021 csel x1, x1, x2, eq // eq = none // If equal, then x1=x1, else x1=x2 4000c0: d28000e2 mov x2, #0x7 // #7 // move 7 into x2 4000c4: d2800808 mov x8, #0x40 // #64 // move write syscall to x8 4000c8: d4000001 svc #0x0 // system call to write 4000cc: d2800000 mov x0, #0x0 // #0 // move 0 to exit code register 4000d0: d2800ba8 mov x8, #0x5d // #93 // move exit system call to x8 4000d4: d4000001 svc #0x0 // system call to exit 4000d8: 53534150 .inst 0x53534150 ; undefined 4000dc: 460a4445 .inst 0x460a4445 ; undefined 4000e0: 454c4941 uaddwb z1.h, z10.h, z12.b 4000e4: 52450a44 .inst 0x52450a44 ; undefined 4000e8: 3a524f52 .inst 0x3a524f52 ; undefined 4000ec: 65656e20 fnmls z0.h, p3/m, z17.h, z5.h 4000f0: 78652064 ldeorlh w5, w4, [x3] 4000f4: 6c746361 ldnp d1, d24, [x27, #-192] 4000f8: 6e6f2079 usubl2 v25.4s, v3.8h, v15.8h 4000fc: 6f632065 umlal2 v5.4s, v3.8h, v3.h[2] 400100: 6e616d6d umin v13.8h, v11.8h, v1.8h 400104: 696c2d64 ldpsw x4, x11, [x11, #-160] 400108: 6120656e .inst 0x6120656e ; undefined 40010c: 6d756772 ldp d18, d25, [x27, #-176] 400110: 0a746e65 bic w5, w19, w20, lsr #27 400114: d503201f nop 400118: d280003d mov x29, #0x1 // #1 // JUMP13: move number 1 into reg x29 40011c: 38401719 ldrb w25, [x24], #1 // SKIP3: load register byte password (one letter at a time #1) to w25 400120: 34000159 cbz w25, 0x400148 // if zero, skip to SKIP1 400124: 71010739 subs w25, w25, #0x41 // subtract number 65 from loaded register byte 400128: 540000e4 b.mi 0x400144 // b.first // branch if negative to SKIP2 40012c: 71006739 subs w25, w25, #0x19 // subtract number 25 from loaded register byte 400130: 54ffff69 b.ls 0x40011c // b.plast // branch if unsigned less than or equal to SKIP3 400134: 71001f39 subs w25, w25, #0x7 // subtract number 7 from loaded register byte 400138: 54000064 b.mi 0x400144 // b.first // branch if negative to SKIP2 40013c: 71006b39 subs w25, w25, #0x1a // subtract 26 from loaded register byte 400140: 54fffee4 b.mi 0x40011c // b.first // branch if negative to SKIP3 400144: aa1f03fd mov x29, xzr // sp // SKIP2: move sp into reg x29 400148: d65f03c0 ret // SKIP1: return to JUMP13 trigger 40014c: 9280001d mov x29, #0xffffffffffffffff // #-1 // JUMP4/JUMP11/JUMP21: mov -1 into register x29, counter start 400150: 38401719 ldrb w25, [x24], #1 // load register byte password (one letter at a time #1) to w25 400154: 910007bd add x29, x29, #0x1 // increment counter by one, register x29 400158: 35ffffd9 cbnz w25, 0x400150 // keep looping through letters until zero-terminated 40015c: d65f03c0 ret // return to JUMP4/JUMP11/JUMP21 trigger 400160: a9bf63fe stp x30, x24, [sp, #-16]! // JUMP20: Store pair of reg (x30,x24) to stack below two addr (pre-index) 400164: 97fffffa bl 0x40014c // branch with link - JUMP21 400168: a8c163fe ldp x30, x24, [sp], #16 // load pair of registers back from stack 40016c: 8b1d031c add x28, x24, x29 // add x24 and x29 and store in x28 400170: d280003d mov x29, #0x1 // #1 // mov 1 into x29 400174: eb18039f cmp x28, x24 // SKIP6: compare x28 and x24 400178: 540000c9 b.ls 0x400190 // b.plast // branch if unsigned less than or equal to SKIP5 40017c: 38401719 ldrb w25, [x24], #1 // load register byte password (one letter at a time #1) to w25 400180: 385fff9a ldrb w26, [x28, #-1]! // load register byte password (one letter at a time #1) to w26 WTFFFF 400184: 6b1a033f cmp w25, w26 // compare w25 and w26 400188: 54ffff60 b.eq 0x400174 // b.none // if equal, jump to SKIP6 40018c: d280001d mov x29, #0x0 // #0 // move 0 into x29 400190: d65f03c0 ret // SKIP5: return from JUMP20 trigger 400194: a9bf63fe stp x30, x24, [sp, #-16]! // lr // JUMP3: Store pair of reg (x30,x24) to stack below two addr (pre-index) 400198: 97ffffed bl 0x40014c // branch with link to 0x40014c - JUMP4 40019c: a8c163fe ldp x30, x24, [sp], #16 // lr // load pair of registers back from stack 4001a0: 38401719 ldrb w25, [x24], #1 // load register byte password (one letter at a time #1) to w25 4001a4: 1b19773d madd w29, w25, w25, w29 // multiply w25 with w25 and add w29, save in w29 4001a8: 35ffffd9 cbnz w25, 0x4001a0 // keep looping through letters until zero-terminated 4001ac: d65f03c0 ret // return to JUMP3 trigger 4001b0: a9bf63fe stp x30, x24, [sp, #-16]! // lr // JUMP2: Store pair of reg (x30,x24) to stack below two addr (pre-index) 4001b4: 97fffff8 bl 0x400194 // branch with link to 0x400194 - JUMP3 4001b8: 92401fbd and x29, x29, #0xff // ands to mask x29 reg to keep last 8 bits 4001bc: f102e3bf cmp x29, #0xb8 // compares x29 with number 184 4001c0: 540001c1 b.ne 0x4001f8 // b.any // branch to 0x4001f8 if not equal - JUMP10 4001c4: f94007f8 ldr x24, [sp, #8] // load x24 with stack pointer above one addr 4001c8: 97ffffe1 bl 0x40014c // branch with link to 0x40014c - JUMP11 4001cc: f1005bbf cmp x29, #0x16 // compares x29 with number 22 4001d0: 54000141 b.ne 0x4001f8 // b.any // branch to 0x4001f8 if not equal - JUMP12 4001d4: f94007f8 ldr x24, [sp, #8] // load x24 with stack pointer above one addr 4001d8: 97ffffd0 bl 0x400118 // branch with link to 0x400118 - JUMP13 4001dc: b40000fd cbz x29, 0x4001f8 // if x29 is zero - JUMP14 4001e0: f94007f8 ldr x24, [sp, #8] // load x24 with stack pointer above one addr 4001e4: 97ffffdf bl 0x400160 // branch with link - JUMP20 4001e8: b400009d cbz x29, 0x4001f8 // branch if zero to - JUMP22 4001ec: d280003d mov x29, #0x1 // #1 // move 1 into x29 4001f0: f84107fe ldr x30, [sp], #16 // load lr with stack shifted up two addr 4001f4: d65f03c0 ret // return to JUMP 2 trigger 4001f8: d280001d mov x29, #0x0 // #0 // JUMP10/JUMP12/JUMP14/JUMP22: moves 0 into x29 counter register 4001fc: f84107fe ldr x30, [sp], #16 // retrieves stack pointer to return to 400200: d65f03c0 ret // return to JUMP10/JUMP12/JUMP14 trigger ---------------------------------------------------------------------------------- Setup: - display/x {$sp, $x0, $x24, $w25, $w26, $x28, $x29, $x30} - layout regs - focus cmd - RULE 1: Password is length 22 - RULE 2: No characters below hex A and above hex z and no numbers - RULE 3: MUST BE SYMMETRICAL - RULE 4: Must have hex square sum + length contain 0xb8 in last 8 bits danial27@castor:~$ ./task2 ZMfijijklmnnmlkjijifMZ PASSED