added sbox version

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "mbedtls"]
 	path = mbedtls
 	url = https://github.com/ARMmbed/mbedtls
+[submodule "tiny-AES-c"]
+	path = tiny-AES-c
+	url = https://github.com/kokke/tiny-AES-c

CMakeLists.txt

@@ -28,8 +28,13 @@ target_link_libraries(aes-dec-test mbedcrypto)
 target_include_directories(aes-dec-test PRIVATE ${CMAKE_SOURCE_DIR}/mbedtls/include)
 target_compile_options(mbedcrypto PRIVATE ${CFLAGS})
 target_compile_options(aes-dec-test PRIVATE ${CFLAGS})
+
+add_executable(aes-sbox-dec-test aes-sbox-dec-test.c tiny-AES-c/aes.c)
+target_include_directories(aes-sbox-dec-test PRIVATE ${CMAKE_SOURCE_DIR}/tiny-AES-c)
+target_compile_options(aes-sbox-dec-test PRIVATE ${CFLAGS})
+
 set_target_properties(
-    aes-dec-test
+    aes-dec-test aes-sbox-dec-test
     PROPERTIES
     C_STANDARD 11
     C_EXTENSIONS ON

aes-sbox-dec-test.c

@@ -0,0 +1,66 @@
+#include <assert.h>
+#include <string.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include "aes.h"
+
+void read_hex(const char *hex_str, uint8_t *out_buf, size_t len) {
+	for (size_t i = 0; i < len; ++i) {
+		assert(sscanf(hex_str, "%02hhx", &out_buf[i]) == 1);
+		hex_str += 2;
+	}
+}
+
+void print_hex(const uint8_t *buf, size_t len) {
+	for (size_t i = 0; i < len; ++i) {
+		printf("%02hhx", buf[i]);
+	}
+}
+
+uint8_t key[0x10];
+uint8_t iv[0x10];
+uint8_t ct[0x10];
+uint8_t pt[0x10];
+
+void aes_do_dec(const uint8_t *key_in, size_t key_sz, uint8_t *iv_in, const uint8_t *ct_in, uint8_t *pt_out, size_t sz_in) {
+	struct AES_ctx ctx;
+	memcpy(pt_out, ct_in, sz_in);
+	AES_init_ctx_iv(&ctx, key, iv);
+	AES_CBC_decrypt_buffer(&ctx, pt_out, sz_in);
+	return;
+}
+
+__attribute__((noinline))
+void aes_init_marker(void) {
+    asm volatile("nop\n\t");
+    return;
+}
+
+void aes_do_dec_wrapped(void) {
+	static int done_init = 0;
+	if (!done_init) {
+		aes_init_marker();
+	}
+	aes_do_dec(key, sizeof(key), iv, ct, pt, sizeof(ct));
+#ifdef __arm__
+	_exit(243);
+#endif
+}
+
+int main(int argc, const char **argv) {
+	_Static_assert(sizeof(ct) == sizeof(pt), "ct and pt size differ");
+	if (argc != 4) {
+		printf("Usage: %s <key hex> <iv hex> <ct hex>\n", argv[0]);
+		return -1;
+	}
+	read_hex(argv[1], key, sizeof(key));
+	read_hex(argv[2], iv, sizeof(iv));
+	read_hex(argv[3], ct, sizeof(pt));
+	// aes_do_dec(key, sizeof(key), iv, ct, pt, sizeof(ct));
+	aes_do_dec_wrapped();
+	print_hex(pt, sizeof(pt));
+	puts("");
+	return 0;
+}

emusca.py

@@ -80,20 +80,20 @@ def print_keystuff(uc):
 	iv = uc.mem_read(uc.iv_sym.value, uc.iv_sym.size)
 	ct = uc.mem_read(uc.ct_sym.value, uc.ct_sym.size)
 	pt = uc.mem_read(uc.pt_sym.value, uc.pt_sym.size)
-	init_key = uc.mem_read(uc.init_key_sym.value, uc.init_key_sym.size)
-	init_iv = uc.mem_read(uc.init_iv_sym.value, uc.init_iv_sym.size)
-	init_ct = uc.mem_read(uc.init_ct_sym.value, uc.init_ct_sym.size)
-	init_pt = uc.mem_read(uc.init_pt_sym.value, uc.init_pt_sym.size)
-	aes_init_done = uc.mem_read(uc.aes_init_done_sym.value, uc.aes_init_done_sym.size)
+	# init_key = uc.mem_read(uc.init_key_sym.value, uc.init_key_sym.size)
+	# init_iv = uc.mem_read(uc.init_iv_sym.value, uc.init_iv_sym.size)
+	# init_ct = uc.mem_read(uc.init_ct_sym.value, uc.init_ct_sym.size)
+	# init_pt = uc.mem_read(uc.init_pt_sym.value, uc.init_pt_sym.size)
+	# aes_init_done = uc.mem_read(uc.aes_init_done_sym.value, uc.aes_init_done_sym.size)
 	print("\tkey: {}".format(ba.hexlify(key)))
 	print("\tiv: {}".format(ba.hexlify(iv)))
 	print("\tct: {}".format(ba.hexlify(ct)))
 	print("\tpt: {}".format(ba.hexlify(pt)))
-	print("\tinit_key: {}".format(ba.hexlify(init_key)))
-	print("\tinit_iv: {}".format(ba.hexlify(init_iv)))
-	print("\tinit_ct: {}".format(ba.hexlify(init_ct)))
-	print("\tinit_pt: {}".format(ba.hexlify(init_pt)))
-	print("\taes_init_done: {}".format(ba.hexlify(aes_init_done)))
+	# print("\tinit_key: {}".format(ba.hexlify(init_key)))
+	# print("\tinit_iv: {}".format(ba.hexlify(init_iv)))
+	# print("\tinit_ct: {}".format(ba.hexlify(init_ct)))
+	# print("\tinit_pt: {}".format(ba.hexlify(init_pt)))
+	# print("\taes_init_done: {}".format(ba.hexlify(aes_init_done)))
 
 def dump_regs(regs):
 	for k in regs.keys():
@@ -378,11 +378,11 @@ def hook_aes_init_marker(uc, address, size, user_data):
 			uc.iv_sym = findsym(uc.elf, 'iv')
 			uc.ct_sym = findsym(uc.elf, 'ct')
 			uc.pt_sym = findsym(uc.elf, 'pt')
-			uc.init_key_sym = findsym(uc.elf, 'init_key')
-			uc.init_iv_sym = findsym(uc.elf, 'init_iv')
-			uc.init_ct_sym = findsym(uc.elf, 'init_ct')
-			uc.init_pt_sym = findsym(uc.elf, 'init_pt')
-			uc.aes_init_done_sym = findsym(uc.elf, 'aes_init_done')
+			# uc.init_key_sym = findsym(uc.elf, 'init_key')
+			# uc.init_iv_sym = findsym(uc.elf, 'init_iv')
+			# uc.init_ct_sym = findsym(uc.elf, 'init_ct')
+			# uc.init_pt_sym = findsym(uc.elf, 'init_pt')
+			# uc.aes_init_done_sym = findsym(uc.elf, 'aes_init_done')
 			uc.exit_sym = findsym(uc.elf, '_exit')
 
 			aes_init_marker_sym = findsym(uc.elf, 'aes_init_marker')
@@ -421,12 +421,12 @@ def hook_aes_init_marker(uc, address, size, user_data):
 	uc.iv_sym = findsym(uc.elf, 'iv')
 	uc.ct_sym = findsym(uc.elf, 'ct')
 	uc.pt_sym = findsym(uc.elf, 'pt')
-	uc.init_key_sym = findsym(uc.elf, 'init_key')
-	uc.init_iv_sym = findsym(uc.elf, 'init_iv')
-	uc.init_ct_sym = findsym(uc.elf, 'init_ct')
-	uc.init_pt_sym = findsym(uc.elf, 'init_pt')
+	# uc.init_key_sym = findsym(uc.elf, 'init_key')
+	# uc.init_iv_sym = findsym(uc.elf, 'init_iv')
+	# uc.init_ct_sym = findsym(uc.elf, 'init_ct')
+	# uc.init_pt_sym = findsym(uc.elf, 'init_pt')
+	# uc.aes_init_done_sym = findsym(uc.elf, 'aes_init_done')
 	uc.exit_sym = findsym(uc.elf, '_exit')
-	uc.aes_init_done_sym = findsym(uc.elf, 'aes_init_done')
 	uc.aes_round_marker_sym = findsym(uc.elf, 'aes_round_marker')
 	uc.aes_round_marker_addr = uc.aes_round_marker_sym.value & EVEN_MASK
 	uc.aes_round_marks = []
@@ -506,7 +506,7 @@ def main(argv):
 	# key = b'\x00' * 16
 	iv = b'\x00' * 16
 	res = []
-	for i in range(2048):
+	for i in range(10):
 		ct = os.urandom(16)
 		# ct = b'\x00' * 16
 		# print("main ct: {}".format(ba.hexlify(ct)))