Ni kẹhin PHDays 9 a waye a idije lati gige a gaasi fifa ọgbin – idije . Awọn iduro mẹta wa lori aaye naa pẹlu awọn aye aabo oriṣiriṣi (Ko si Aabo, Aabo kekere, Aabo giga), ṣiṣe apẹẹrẹ ilana ile-iṣẹ kanna: afẹfẹ labẹ titẹ ti fa sinu balloon kan (ati lẹhinna tu silẹ).
Pelu awọn ipilẹ aabo ti o yatọ, akopọ ohun elo ti awọn iduro jẹ kanna: Siemens Simatic PLC S7-300 jara; Bọtini deflation pajawiri ati ẹrọ wiwọn titẹ (ti sopọ si awọn igbewọle oni nọmba PLC (DI)); falifu ti n ṣiṣẹ fun afikun ati deflation ti afẹfẹ (ti a ti sopọ si awọn abajade oni-nọmba ti PLC (DO)) - wo nọmba ni isalẹ.
PLC, ti o da lori awọn kika titẹ ati ni ibamu pẹlu eto rẹ, ṣe ipinnu lati deflate tabi fifẹ bọọlu (ṣii ati pipade awọn falifu ti o baamu). Sibẹsibẹ, gbogbo awọn iduro ni ipo iṣakoso afọwọṣe, eyiti o jẹ ki o ṣee ṣe lati ṣakoso awọn ipinlẹ ti awọn falifu laisi awọn ihamọ eyikeyi.
Awọn iduro yatọ ni idiju ti mimu ipo yii ṣiṣẹ: ni iduro ti ko ni aabo o rọrun julọ lati ṣe eyi, ati ni iduro Aabo giga o jẹ ibaramu nira sii.
Marun ninu awọn iṣoro mẹfa ni a yanju ni ọjọ meji; Alabaṣe akọkọ ti o gba awọn aaye 233 (o lo ọsẹ kan ngbaradi fun idije naa). Mẹta bori: Mo gbe - a1exdandy, II - Rubikoid, III - Ze.
Sibẹsibẹ, lakoko PHDays, ko si ọkan ninu awọn olukopa ti o le bori gbogbo awọn iduro mẹta, nitorinaa a pinnu lati ṣe idije ori ayelujara ati ṣe atẹjade iṣẹ ṣiṣe ti o nira julọ ni ibẹrẹ Oṣu Karun. Awọn olukopa ni lati pari iṣẹ naa laarin oṣu kan, wa asia, ati ṣe apejuwe ojutu ni awọn alaye ati ni ọna ti o nifẹ.
Ni isalẹ gige a ṣe agbejade itupalẹ ti ojutu ti o dara julọ si iṣẹ-ṣiṣe lati ọdọ awọn ti a firanṣẹ ni oṣu, o rii nipasẹ Alexey Kovrizhnykh (a1exdandy) lati ile-iṣẹ Aabo Digital, ti o gba ipo XNUMXst ni idije lakoko PHDays. Ni isalẹ a ṣafihan ọrọ rẹ pẹlu awọn asọye wa.
Ipilẹṣẹ akọkọ
Nitorinaa, iṣẹ-ṣiṣe naa ni ile-ipamọ pẹlu awọn faili atẹle wọnyi:
- block_upload_traffic.pcapng
- DB100.bin
- awọn imọran.txt
Faili hints.txt ni alaye pataki ati awọn italologo lati yanju iṣẹ-ṣiṣe naa. Eyi ni awọn akoonu inu rẹ:
- Petrovich sọ fun mi ni ana pe o le gbe awọn bulọọki lati PlcSim sinu Step7.
- Siemens Simatic S7-300 jara PLC ni a lo ni imurasilẹ.
- PlcSim jẹ emulator PLC ti o fun ọ laaye lati ṣiṣẹ ati ṣatunṣe awọn eto fun Siemens S7 PLCs.
Faili DB100.bin naa han lati ni idinamọ data DB100 PLC: 00000000: 0100 0102 6e02 0401 0206 0100 0101 0102 ....n......... 00000010: 1002 0501. ......... 0202: 2002 0501 0206 0100 0102 00000020 0102 7702a0401 ..w............. 0206: 0100 0103 0102 0 02 ................ 00000030: 0501 0202 1602 0501 0206 0100 0104a0102 00000040 u............... 7502 0401..........0206. 0100: 0105 0102 0 02 0501 00000050 0202 1602 0501 0206 L0100 L0106 : 0102 3402 4 00000060 0401a0206 0100 0107 0102................. 2602a0501: 0202 00000070b 4 02 0501 0206 0100 0108.......F... 0102b3302: 0401 3 00000080c 0206 0100 0109 0102 .. 0c02: 0501d 0202 1602a00000090 0501 0206 0100 010 0102 ................ 3702d0401: 0206 7e 000000 0d0100 010 0102 . .... 2202e0501: 0202 4602 0501 000000 0 0206 0100 010 ........#...... 0102f3302: 0401 0206 0100 3 000000 0 .... ..... 010: 0102 0 02 0501 0202 1602 0501 0206 ....................... ......& 000000: 0 0100 010c0102 6 02 0401 ....L......
Gẹgẹbi orukọ ṣe daba, faili block_upload_traffic.pcapng ni idalẹnu awọn gbigbe gbigbe bulọki si PLC.
O ṣe akiyesi pe idalẹnu ijabọ yii ni aaye idije lakoko apejọ naa jẹ diẹ sii nira lati gba. Lati ṣe eyi, o jẹ dandan lati ni oye iwe afọwọkọ lati faili ise agbese fun TeslaSCADA2. Lati inu rẹ o ṣee ṣe lati ni oye ibiti idalẹnu ti paroko nipa lilo RC4 wa ati bọtini wo ni o nilo lati lo lati kọ. Awọn idalẹnu ti awọn bulọọki data lori aaye le ṣee gba ni lilo alabara Ilana S7. Fun eyi Mo lo alabara demo lati package Snap7.
Yiyọ awọn bulọọki sisẹ ifihan agbara lati idalẹnu ijabọ kan
Wiwo awọn akoonu ti idalẹnu naa, o le loye pe o ni awọn bulọọki sisẹ ifihan agbara OB1, FC1, FC2 ati FC3:
Awọn bulọọki wọnyi gbọdọ yọkuro. Eyi le ṣee ṣe, fun apẹẹrẹ, pẹlu iwe afọwọkọ atẹle, ti yi iyipada ijabọ tẹlẹ lati ọna kika pcapng si pcap:
#!/usr/bin/env python2
import struct
from scapy.all import *
packets = rdpcap('block_upload_traffic.pcap')
s7_hdr_struct = '>BBHHHHBB'
s7_hdr_sz = struct.calcsize(s7_hdr_struct)
tpkt_cotp_sz = 7
names = iter(['OB1.bin', 'FC1.bin', 'FC2.bin', 'FC3.bin'])
buf = ''
for packet in packets:
if packet.getlayer(IP).src == '10.0.102.11':
tpkt_cotp_s7 = str(packet.getlayer(TCP).payload)
if len(tpkt_cotp_s7) < tpkt_cotp_sz + s7_hdr_sz:
continue
s7 = tpkt_cotp_s7[tpkt_cotp_sz:]
s7_hdr = s7[:s7_hdr_sz]
param_sz = struct.unpack(s7_hdr_struct, s7_hdr)[4]
s7_param = s7[12:12+param_sz]
s7_data = s7[12+param_sz:]
if s7_param in ('x1ex00', 'x1ex01'): # upload
buf += s7_data[4:]
elif s7_param == 'x1f':
with open(next(names), 'wb') as f:
f.write(buf)
buf = ''Lẹhin ti ṣayẹwo awọn bulọọki abajade, iwọ yoo ṣe akiyesi pe wọn nigbagbogbo bẹrẹ pẹlu awọn baiti 70 70 (pp). Bayi o nilo lati kọ ẹkọ bi o ṣe le ṣe itupalẹ wọn. Itoju iṣẹ iyansilẹ ni imọran pe o nilo lati lo PlcSim fun eyi.
Ngba awọn ilana ti eniyan le ṣee ṣe lati awọn bulọọki
Ni akọkọ, jẹ ki a gbiyanju lati ṣe eto S7-PlcSim nipa gbigbe ọpọlọpọ awọn bulọọki pẹlu awọn ilana atunwi (= Q 0.0) sinu rẹ nipa lilo sọfitiwia Oluṣakoso Simatic, ati fifipamọ PLC ti o gba ninu emulator si faili example.plc. Nipa wiwo awọn akoonu ti faili naa, o le ni rọọrun pinnu ibẹrẹ ti awọn bulọọki ti a ṣe igbasilẹ nipasẹ Ibuwọlu 70 70, eyiti a ṣe awari tẹlẹ. Ṣaaju awọn ohun amorindun, nkqwe, iwọn idina ti kọ bi iye 4-baiti kekere-endian.
Lẹhin ti a gba alaye nipa eto ti awọn faili plc, ero iṣe atẹle yii han fun kika awọn eto PLC S7:
- Lilo Simatic Manager, a ṣẹda kan Àkọsílẹ be ni S7-PlcSim iru si awọn ọkan ti a gba lati awọn idalenu. Awọn iwọn bulọọki gbọdọ baramu (eyi jẹ aṣeyọri nipasẹ kikun awọn bulọọki pẹlu nọmba ti o nilo fun awọn ilana) ati awọn idamọ wọn (OB1, FC1, FC2, FC3).
- Fi PLC pamọ si faili kan.
- A rọpo awọn akoonu ti awọn bulọọki ninu faili abajade pẹlu awọn bulọọki lati idalẹnu ijabọ. Ibẹrẹ ti awọn bulọọki jẹ ipinnu nipasẹ ibuwọlu.
- A kojọpọ faili abajade sinu S7-PlcSim ati wo awọn akoonu ti awọn bulọọki ni Simatic Manager.
Awọn bulọọki le paarọ rẹ, fun apẹẹrẹ, pẹlu koodu atẹle:
with open('original.plc', 'rb') as f:
plc = f.read()
blocks = []
for fname in ['OB1.bin', 'FC1.bin', 'FC2.bin', 'FC3.bin']:
with open(fname, 'rb') as f:
blocks.append(f.read())
i = plc.find(b'pp')
for block in blocks:
plc = plc[:i] + block + plc[i+len(block):]
i = plc.find(b'pp', i + 1)
with open('target.plc', 'wb') as f:
f.write(plc)Alexey mu boya o nira diẹ sii, ṣugbọn tun tọ ọna. A ro pe awọn olukopa yoo lo eto NetToPlcSim ki PlcSim le ṣe ibaraẹnisọrọ lori nẹtiwọọki, gbe awọn bulọọki si PlcSim nipasẹ Snap7, ati lẹhinna ṣe igbasilẹ awọn bulọọki wọnyi gẹgẹbi iṣẹ akanṣe lati PlcSim nipa lilo agbegbe idagbasoke.
Nipa ṣiṣi faili ti o yọrisi ni S7-PlcSim, o le ka awọn bulọọki ti a kọwe ni lilo Simatic Manager. Awọn iṣẹ iṣakoso ẹrọ akọkọ ti wa ni igbasilẹ ni Àkọsílẹ FC1. Ti akọsilẹ pataki ni iyipada #TEMP0, eyiti nigbati o ba wa ni titan yoo han lati ṣeto iṣakoso PLC si ipo afọwọṣe ti o da lori awọn iye iranti M2.2 ati M2.3 bit. Iye #TEMP0 ti ṣeto nipasẹ iṣẹ FC3.
Lati yanju iṣoro naa, o nilo lati ṣe itupalẹ iṣẹ FC3 ki o loye ohun ti o nilo lati ṣe ki o ba pada ọgbọn kan.
Awọn bulọọki sisẹ ifihan agbara PLC ni iduro Aabo Kekere ni aaye idije ni a ṣeto ni ọna kanna, ṣugbọn lati ṣeto iye ti oniyipada #TEMP0, o to lati kọ laini ninja mi sinu bulọọki DB1. Ṣiṣayẹwo iye ti o wa ninu bulọki jẹ taara ati pe ko nilo imọ jinlẹ ti ede siseto Àkọsílẹ. O han ni, ni ipele Aabo giga, iyọrisi iṣakoso afọwọṣe yoo nira pupọ ati pe o jẹ dandan lati ni oye awọn intricacies ti ede STL (ọkan ninu awọn ọna lati ṣe eto S7 PLC).
Yiyipada Àkọsílẹ FC3
Awọn akoonu ti bulọọki FC3 ni aṣoju STL:
L B#16#0
T #TEMP13
T #TEMP15
L P#DBX 0.0
T #TEMP4
CLR
= #TEMP14
M015: L #TEMP4
LAR1
OPN DB 100
L DBLG
TAR1
<=D
JC M016
L DW#16#0
T #TEMP0
L #TEMP6
L W#16#0
<>I
JC M00d
L P#DBX 0.0
LAR1
M00d: L B [AR1,P#0.0]
T #TEMP5
L W#16#1
==I
JC M007
L #TEMP5
L W#16#2
==I
JC M008
L #TEMP5
L W#16#3
==I
JC M00f
L #TEMP5
L W#16#4
==I
JC M00e
L #TEMP5
L W#16#5
==I
JC M011
L #TEMP5
L W#16#6
==I
JC M012
JU M010
M007: +AR1 P#1.0
L P#DBX 0.0
LAR2
L B [AR1,P#0.0]
L C#8
*I
+AR2
+AR1 P#1.0
L B [AR1,P#0.0]
JL M003
JU M001
JU M002
JU M004
M003: JU M005
M001: OPN DB 101
L B [AR2,P#0.0]
T #TEMP0
JU M006
M002: OPN DB 101
L B [AR2,P#0.0]
T #TEMP1
JU M006
M004: OPN DB 101
L B [AR2,P#0.0]
T #TEMP2
JU M006
M00f: +AR1 P#1.0
L B [AR1,P#0.0]
L C#8
*I
T #TEMP11
+AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP7
L P#M 100.0
LAR2
L #TEMP7
L C#8
*I
+AR2
TAR2 #TEMP9
TAR1 #TEMP4
OPN DB 101
L P#DBX 0.0
LAR1
L #TEMP11
+AR1
LAR2 #TEMP9
L B [AR2,P#0.0]
T B [AR1,P#0.0]
L #TEMP4
LAR1
JU M006
M008: +AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP3
+AR1 P#1.0
L B [AR1,P#0.0]
JL M009
JU M00b
JU M00a
JU M00c
M009: JU M005
M00b: L #TEMP3
T #TEMP0
JU M006
M00a: L #TEMP3
T #TEMP1
JU M006
M00c: L #TEMP3
T #TEMP2
JU M006
M00e: +AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP7
L P#M 100.0
LAR2
L #TEMP7
L C#8
*I
+AR2
TAR2 #TEMP9
+AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP8
L P#M 100.0
LAR2
L #TEMP8
L C#8
*I
+AR2
TAR2 #TEMP10
TAR1 #TEMP4
LAR1 #TEMP9
LAR2 #TEMP10
L B [AR1,P#0.0]
L B [AR2,P#0.0]
AW
INVI
T #TEMP12
L B [AR1,P#0.0]
L B [AR2,P#0.0]
OW
L #TEMP12
AW
T B [AR1,P#0.0]
L DW#16#0
T #TEMP0
L MB 101
T #TEMP1
L MB 102
T #TEMP2
L #TEMP4
LAR1
JU M006
M011: +AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP7
L P#M 100.0
LAR2
L #TEMP7
L C#8
*I
+AR2
TAR2 #TEMP9
+AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP8
L P#M 100.0
LAR2
L #TEMP8
L C#8
*I
+AR2
TAR2 #TEMP10
TAR1 #TEMP4
LAR1 #TEMP9
LAR2 #TEMP10
L B [AR1,P#0.0]
L B [AR2,P#0.0]
-I
T B [AR1,P#0.0]
L DW#16#0
T #TEMP0
L MB 101
T #TEMP1
L MB 102
T #TEMP2
L #TEMP4
LAR1
JU M006
M012: L #TEMP15
INC 1
T #TEMP15
+AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP7
L P#M 100.0
LAR2
L #TEMP7
L C#8
*I
+AR2
TAR2 #TEMP9
+AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP8
L P#M 100.0
LAR2
L #TEMP8
L C#8
*I
+AR2
TAR2 #TEMP10
TAR1 #TEMP4
LAR1 #TEMP9
LAR2 #TEMP10
L B [AR1,P#0.0]
L B [AR2,P#0.0]
==I
JCN M013
JU M014
M013: L P#DBX 0.0
LAR1
T #TEMP4
L B#16#0
T #TEMP6
JU M006
M014: L #TEMP4
LAR1
L #TEMP13
L L#1
+I
T #TEMP13
JU M006
M006: L #TEMP0
T MB 100
L #TEMP1
T MB 101
L #TEMP2
T MB 102
+AR1 P#1.0
L #TEMP6
+ 1
T #TEMP6
JU M005
M010: L P#DBX 0.0
LAR1
L 0
T #TEMP6
TAR1 #TEMP4
M005: TAR1 #TEMP4
CLR
= #TEMP16
L #TEMP13
L L#20
==I
S #TEMP16
L #TEMP15
==I
A #TEMP16
JC M017
L #TEMP13
L L#20
<I
S #TEMP16
L #TEMP15
==I
A #TEMP16
JC M018
JU M019
M017: SET
= #TEMP14
JU M016
M018: CLR
= #TEMP14
JU M016
M019: CLR
O #TEMP14
= #RET_VAL
JU M015
M016: CLR
O #TEMP14
= #RET_VALKoodu naa gun pupọ ati pe o le dabi idiju si ẹnikan ti ko mọ STL. Ko si aaye ni itupalẹ itọnisọna kọọkan laarin ilana ti nkan yii; . Nibi Emi yoo ṣafihan koodu kanna lẹhin ṣiṣe - lorukọmii awọn aami ati awọn oniyipada ati ṣafikun awọn asọye ti n ṣalaye algorithm iṣẹ ati diẹ ninu awọn itumọ ede STL. Jẹ ki n ṣe akiyesi lẹsẹkẹsẹ pe bulọki ti o wa ninu ibeere ni ẹrọ foju kan ti o ṣiṣẹ diẹ ninu awọn bytecode ti o wa ninu bulọki DB100, awọn akoonu ti eyiti a mọ. Awọn itọnisọna ẹrọ foju ni 1 baiti ti koodu iṣẹ ati awọn baiti ti awọn ariyanjiyan, baiti kan fun ariyanjiyan kọọkan. Gbogbo awọn ilana ti a gbero ni awọn ariyanjiyan meji;
Koodu lẹhin processing]
# Инициализация различных переменных
L B#16#0
T #CHECK_N # Счетчик успешно пройденных проверок
T #COUNTER_N # Счетчик общего количества проверок
L P#DBX 0.0
T #POINTER # Указатель на текущую инструкцию
CLR
= #PRE_RET_VAL
# Основной цикл работы интерпретатора байт-кода
LOOP: L #POINTER
LAR1
OPN DB 100
L DBLG
TAR1
<=D # Проверка выхода указателя за пределы программы
JC FINISH
L DW#16#0
T #REG0
L #TEMP6
L W#16#0
<>I
JC M00d
L P#DBX 0.0
LAR1
# Конструкция switch - case для обработки различных опкодов
M00d: L B [AR1,P#0.0]
T #OPCODE
L W#16#1
==I
JC OPCODE_1
L #OPCODE
L W#16#2
==I
JC OPCODE_2
L #OPCODE
L W#16#3
==I
JC OPCODE_3
L #OPCODE
L W#16#4
==I
JC OPCODE_4
L #OPCODE
L W#16#5
==I
JC OPCODE_5
L #OPCODE
L W#16#6
==I
JC OPCODE_6
JU OPCODE_OTHER
# Обработчик опкода 01: загрузка значения из DB101[X] в регистр Y
# OP01(X, Y): REG[Y] = DB101[X]
OPCODE_1: +AR1 P#1.0
L P#DBX 0.0
LAR2
L B [AR1,P#0.0] # Загрузка аргумента X (индекс в DB101)
L C#8
*I
+AR2
+AR1 P#1.0
L B [AR1,P#0.0] # Загрузка аргумента Y (индекс регистра)
JL M003 # Аналог switch - case на основе значения Y
JU M001 # для выбора необходимого регистра для записи.
JU M002 # Подобные конструкции используются и в других
JU M004 # операциях ниже для аналогичных целей
M003: JU LOOPEND
M001: OPN DB 101
L B [AR2,P#0.0]
T #REG0 # Запись значения DB101[X] в REG[0]
JU PRE_LOOPEND
M002: OPN DB 101
L B [AR2,P#0.0]
T #REG1 # Запись значения DB101[X] в REG[1]
JU PRE_LOOPEND
M004: OPN DB 101
L B [AR2,P#0.0]
T #REG2 # Запись значения DB101[X] в REG[2]
JU PRE_LOOPEND
# Обработчик опкода 02: загрузка значения X в регистр Y
# OP02(X, Y): REG[Y] = X
OPCODE_2: +AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP3
+AR1 P#1.0
L B [AR1,P#0.0]
JL M009
JU M00b
JU M00a
JU M00c
M009: JU LOOPEND
M00b: L #TEMP3
T #REG0
JU PRE_LOOPEND
M00a: L #TEMP3
T #REG1
JU PRE_LOOPEND
M00c: L #TEMP3
T #REG2
JU PRE_LOOPEND
# Опкод 03 не используется в программе, поэтому пропустим его
...
# Обработчик опкода 04: сравнение регистров X и Y
# OP04(X, Y): REG[0] = 0; REG[X] = (REG[X] == REG[Y])
OPCODE_4: +AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP7 # первый аргумент - X
L P#M 100.0
LAR2
L #TEMP7
L C#8
*I
+AR2
TAR2 #TEMP9 # REG[X]
+AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP8
L P#M 100.0
LAR2
L #TEMP8
L C#8
*I
+AR2
TAR2 #TEMP10 # REG[Y]
TAR1 #POINTER
LAR1 #TEMP9 # REG[X]
LAR2 #TEMP10 # REG[Y]
L B [AR1,P#0.0]
L B [AR2,P#0.0]
AW
INVI
T #TEMP12 # ~(REG[Y] & REG[X])
L B [AR1,P#0.0]
L B [AR2,P#0.0]
OW
L #TEMP12
AW # (~(REG[Y] & REG[X])) & (REG[Y] | REG[X]) - аналог проверки на равенство
T B [AR1,P#0.0]
L DW#16#0
T #REG0
L MB 101
T #REG1
L MB 102
T #REG2
L #POINTER
LAR1
JU PRE_LOOPEND
# Обработчик опкода 05: вычитание регистра Y из X
# OP05(X, Y): REG[0] = 0; REG[X] = REG[X] - REG[Y]
OPCODE_5: +AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP7
L P#M 100.0
LAR2
L #TEMP7
L C#8
*I
+AR2
TAR2 #TEMP9 # REG[X]
+AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP8
L P#M 100.0
LAR2
L #TEMP8
L C#8
*I
+AR2
TAR2 #TEMP10 # REG[Y]
TAR1 #POINTER
LAR1 #TEMP9
LAR2 #TEMP10
L B [AR1,P#0.0]
L B [AR2,P#0.0]
-I # ACCU1 = ACCU2 - ACCU1, REG[X] - REG[Y]
T B [AR1,P#0.0]
L DW#16#0
T #REG0
L MB 101
T #REG1
L MB 102
T #REG2
L #POINTER
LAR1
JU PRE_LOOPEND
# Обработчик опкода 06: инкремент #CHECK_N при равенстве регистров X и Y
# OP06(X, Y): #CHECK_N += (1 if REG[X] == REG[Y] else 0)
OPCODE_6: L #COUNTER_N
INC 1
T #COUNTER_N
+AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP7 # REG[X]
L P#M 100.0
LAR2
L #TEMP7
L C#8
*I
+AR2
TAR2 #TEMP9 # REG[X]
+AR1 P#1.0
L B [AR1,P#0.0]
T #TEMP8
L P#M 100.0
LAR2
L #TEMP8
L C#8
*I
+AR2
TAR2 #TEMP10 # REG[Y]
TAR1 #POINTER
LAR1 #TEMP9 # REG[Y]
LAR2 #TEMP10 # REG[X]
L B [AR1,P#0.0]
L B [AR2,P#0.0]
==I
JCN M013
JU M014
M013: L P#DBX 0.0
LAR1
T #POINTER
L B#16#0
T #TEMP6
JU PRE_LOOPEND
M014: L #POINTER
LAR1
# Инкремент значения #CHECK_N
L #CHECK_N
L L#1
+I
T #CHECK_N
JU PRE_LOOPEND
PRE_LOOPEND: L #REG0
T MB 100
L #REG1
T MB 101
L #REG2
T MB 102
+AR1 P#1.0
L #TEMP6
+ 1
T #TEMP6
JU LOOPEND
OPCODE_OTHER: L P#DBX 0.0
LAR1
L 0
T #TEMP6
TAR1 #POINTER
LOOPEND: TAR1 #POINTER
CLR
= #TEMP16
L #CHECK_N
L L#20
==I
S #TEMP16
L #COUNTER_N
==I
A #TEMP16
# Все проверки пройдены, если #CHECK_N == #COUNTER_N == 20
JC GOOD
L #CHECK_N
L L#20
<I
S #TEMP16
L #COUNTER_N
==I
A #TEMP16
JC FAIL
JU M019
GOOD: SET
= #PRE_RET_VAL
JU FINISH
FAIL: CLR
= #PRE_RET_VAL
JU FINISH
M019: CLR
O #PRE_RET_VAL
= #RET_VAL
JU LOOP
FINISH: CLR
O #PRE_RET_VAL
= #RET_VALLehin ti o ni imọran ti awọn ilana ẹrọ foju, jẹ ki a kọ apanirun kekere kan lati ṣe itupalẹ bytecode ni bulọọki DB100:
import string
alph = string.ascii_letters + string.digits
with open('DB100.bin', 'rb') as f:
m = f.read()
pc = 0
while pc < len(m):
op = m[pc]
if op == 1:
print('R{} = DB101[{}]'.format(m[pc + 2], m[pc + 1]))
pc += 3
elif op == 2:
c = chr(m[pc + 1])
c = c if c in alph else '?'
print('R{} = {:02x} ({})'.format(m[pc + 2], m[pc + 1], c))
pc += 3
elif op == 4:
print('R0 = 0; R{} = (R{} == R{})'.format(
m[pc + 1], m[pc + 1], m[pc + 2]))
pc += 3
elif op == 5:
print('R0 = 0; R{} = R{} - R{}'.format(
m[pc + 1], m[pc + 1], m[pc + 2]))
pc += 3
elif op == 6:
print('CHECK (R{} == R{})n'.format(
m[pc + 1], m[pc + 2]))
pc += 3
else:
print('unk opcode {}'.format(op))
breakBi abajade, a gba koodu ẹrọ foju wọnyi:
Foju ẹrọ koodu
R1 = DB101[0]
R2 = 6e (n)
R0 = 0; R1 = (R1 == R2)
CHECK (R1 == R0)
R1 = DB101[1]
R2 = 10 (?)
R0 = 0; R1 = R1 - R2
R2 = 20 (?)
R0 = 0; R1 = R1 - R2
CHECK (R1 == R0)
R1 = DB101[2]
R2 = 77 (w)
R0 = 0; R1 = (R1 == R2)
CHECK (R1 == R0)
R1 = DB101[3]
R2 = 0a (?)
R0 = 0; R1 = R1 - R2
R2 = 16 (?)
R0 = 0; R1 = R1 - R2
CHECK (R1 == R0)
R1 = DB101[4]
R2 = 75 (u)
R0 = 0; R1 = (R1 == R2)
CHECK (R1 == R0)
R1 = DB101[5]
R2 = 0a (?)
R0 = 0; R1 = R1 - R2
R2 = 16 (?)
R0 = 0; R1 = R1 - R2
CHECK (R1 == R0)
R1 = DB101[6]
R2 = 34 (4)
R0 = 0; R1 = (R1 == R2)
CHECK (R1 == R0)
R1 = DB101[7]
R2 = 26 (?)
R0 = 0; R1 = R1 - R2
R2 = 4c (L)
R0 = 0; R1 = R1 - R2
CHECK (R1 == R0)
R1 = DB101[8]
R2 = 33 (3)
R0 = 0; R1 = (R1 == R2)
CHECK (R1 == R0)
R1 = DB101[9]
R2 = 0a (?)
R0 = 0; R1 = R1 - R2
R2 = 16 (?)
R0 = 0; R1 = R1 - R2
CHECK (R1 == R0)
R1 = DB101[10]
R2 = 37 (7)
R0 = 0; R1 = (R1 == R2)
CHECK (R1 == R0)
R1 = DB101[11]
R2 = 22 (?)
R0 = 0; R1 = R1 - R2
R2 = 46 (F)
R0 = 0; R1 = R1 - R2
CHECK (R1 == R0)
R1 = DB101[12]
R2 = 33 (3)
R0 = 0; R1 = (R1 == R2)
CHECK (R1 == R0)
R1 = DB101[13]
R2 = 0a (?)
R0 = 0; R1 = R1 - R2
R2 = 16 (?)
R0 = 0; R1 = R1 - R2
CHECK (R1 == R0)
R1 = DB101[14]
R2 = 6d (m)
R0 = 0; R1 = (R1 == R2)
CHECK (R1 == R0)
R1 = DB101[15]
R2 = 11 (?)
R0 = 0; R1 = R1 - R2
R2 = 23 (?)
R0 = 0; R1 = R1 - R2
CHECK (R1 == R0)
R1 = DB101[16]
R2 = 35 (5)
R0 = 0; R1 = (R1 == R2)
CHECK (R1 == R0)
R1 = DB101[17]
R2 = 12 (?)
R0 = 0; R1 = R1 - R2
R2 = 25 (?)
R0 = 0; R1 = R1 - R2
CHECK (R1 == R0)
R1 = DB101[18]
R2 = 33 (3)
R0 = 0; R1 = (R1 == R2)
CHECK (R1 == R0)
R1 = DB101[19]
R2 = 26 (?)
R0 = 0; R1 = R1 - R2
R2 = 4c (L)
R0 = 0; R1 = R1 - R2
CHECK (R1 == R0)Bii o ti le rii, eto yii kan ṣayẹwo ohun kikọ kọọkan lati DB101 fun idogba si iye kan. Laini ipari fun gbigbe gbogbo awọn sọwedowo jẹ: n0w u 4r3 7h3 m4573r. Ti ila yii ba wa ni bulọki DB101, lẹhinna iṣakoso PLC afọwọṣe ti mu ṣiṣẹ ati pe yoo ṣee ṣe lati gbamu tabi deflate balloon naa.
Gbogbo ẹ niyẹn! Alexey ṣe afihan ipele giga ti oye ti o yẹ fun ninja ile-iṣẹ :) A firanṣẹ awọn ẹbun ti o ṣe iranti si olubori. Ọpọlọpọ ọpẹ si gbogbo awọn olukopa!
orisun: www.habr.com
