2 million steps is good

6447e7c7 · George Hotz · ece1a54a · 6447e7c7 · 6447e7c7
Commit 6447e7c7 authored 3 years ago by George Hotz
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 16 deletions

main.go mipsevm/main.go +19 -7

simple.py risc/simple.py +14 -9

No files found.
--- a/mipsevm/main.go
+++ b/mipsevm/main.go
@@ -125,12 +125,24 @@ func opStaticCall(pc *uint64, interpreter *vm.EVMInterpreter, scope *vm.ScopeCon
 		if debug >= 2 {
 			fmt.Println("HOOKED READ!   ", fmt.Sprintf("%x = %x", addr, nret))
 		}
-		if addr == 0xc0000080 && debug >= 1 {
+		if addr == 0xc0000080 {
-			fmt.Printf("%7d %8X %08X : %08X %08X %08X %08X %08X %08X %08X %08X %08X\n",
+			if debug >= 1 {
-				pcCount, nret, ram[nret],
+				fmt.Printf("%7d %8X %08X : %08X %08X %08X %08X %08X %08X %08X %08X %08X\n",
-				ram[0xc0000004],
+					pcCount, nret, ram[nret],
-				ram[0xc0000008], ram[0xc000000c], ram[0xc0000010], ram[0xc0000014],
+					ram[0xc0000004],
-				ram[0xc0000018], ram[0xc000001c], ram[0xc0000020], ram[0xc0000024])
+					ram[0xc0000008], ram[0xc000000c], ram[0xc0000010], ram[0xc0000014],
+					ram[0xc0000018], ram[0xc000001c], ram[0xc0000020], ram[0xc0000024])
+			}
+			if ram[nret] == 0xC {
+				/*syscall := ram[0xc0000008]
+				fmt.Printf("syscall %d at %x (step %d)\n", syscall, nret, pcCount)
+				if syscall == 4004 {
+					fmt.Printf("WRITE!")
+				}*/
+			}
+			if (pcCount % 10000) == 0 {
+				os.Stderr.WriteString(fmt.Sprintf("step %d\n", pcCount))
+			}
 			pcCount += 1
 		}
 		scope.Memory.Set(retOffset.Uint64(), retSize.Uint64(), ret)
@@ -162,7 +174,7 @@ func runMinigeth(fn string, interpreter *vm.EVMInterpreter, bytecode []byte) {
 			uint32(dat[i+3])<<0
 	}
-	steps := 1000000
+	steps := 10000000
 	gas := 10000 * uint64(steps)
 	// 0xdb7df598

--- a/risc/simple.py
+++ b/risc/simple.py
@@ -22,16 +22,25 @@ def hook_interrupt(uc, intno, user_data):
  if intno != 17:
    print("interrupt", intno)
    raise unicorn.UcError(0)
  syscall_no = uc.reg_read(UC_MIPS_REG_V0)
+  """
+  pc = uc.reg_read(UC_MIPS_REG_PC)
+  inst = struct.unpack(">I", uc.mem_read(pc, 4))[0]
+  print("syscall %d at %x" % (syscall_no, pc-4))
+  """
  v0 = 0
  if syscall_no == 4020:
    oracle_hash = binascii.hexlify(uc.mem_read(0x30001000, 0x20)).decode('utf-8')
-    dat = open("/tmp/eth/0x"+oracle_hash, "rb").read()
+    try:
-    #print("oracle:", oracle_hash, len(dat))
+      dat = open("/tmp/eth/0x"+oracle_hash, "rb").read()
-    uc.mem_write(0x31000000, struct.pack(">I", len(dat)))
+      #print("oracle:", oracle_hash, len(dat))
-    uc.mem_write(0x31000004, dat)
+      uc.mem_write(0x31000000, struct.pack(">I", len(dat)))
+      uc.mem_write(0x31000004, dat)
+    except FileNotFoundError:
+      # oracle not found
+      uc.mem_write(0x31000000, struct.pack(">I", 0))
  elif syscall_no == 4004:
    # write
    fd = uc.reg_read(UC_MIPS_REG_A0)
@@ -86,7 +95,6 @@ mu.hook_add(UC_HOOK_MEM_FETCH_UNMAPPED, hook_mem_invalid)
 gt = open("/tmp/gethtrace").read().split("\n")
 # tracer
-STEP_COUNT = 1000000
 step = 0
 is_bds = False
 def hook_code_simple(uc, address, size, user_data):
@@ -121,10 +129,7 @@ def hook_code_simple(uc, address, size, user_data):
  print(dat)
  step += 1
-  if step >= STEP_COUNT:
-    os._exit(0)
 mu.hook_add(UC_HOOK_CODE, hook_code_simple)
 mu.emu_start(0, -1)