VxWorksMipsTelnetd

From ProjectWiki
Jump to: navigation, search

What is this?

Telnet daemon for VxWorks written in MIPS assembly. Features multiple consoles at once!~

Sauce

#############################################
#   |\___/|                          
#   )     (     Isabella's  
#  =\     /=      CatTel vx.x
#    )===(           CODED in C++  
#   / /|  \ CatTel Console/telnetd vx.x 
#   | \ \ |     for VxWorks/MIPS       
#  /   \ \ \      Part of the       
#  \   / / /       SIGMA - X         
#   \_/_/_/      Family of Utilities
#
# BE SURE TO ENABLE THESE SYMBOLS!!!!! tnetloginhook
# Crappy Hack stealConsoleHook needs to be inserted into the location 
# also need dbgBreak 
#
# todo (BUGS): 
# 1) when on bcmshell on serial, if you type the first few letters of a command and
#    press [tab] or [space] it auto fills in the rest of the command
# 2) [esc] dont work in vxworks shell either
# FIXED? 3) ctrl-h works for backspace, nothing else does
############################################
#Crappy hack to create this device and steal console, this really isnt part of the beauty nice cattel, its ugly h4x0r crap
stealConsoleHook:
		addiu	$sp,-0x10
		sw	$ra,0xc($sp)
		sw	$s0,0x8($sp)
		
		la	$a0,abindaddy
		la	$a2,aTyco0
		jal	CatTelInit # CatTelInit		
		li	$a1,0x17
		
		lw	$ra,0xc($sp)
		lw	$s0,0x8($sp)
		jr	$ra
		addiu	$sp,0x10

#Start cattel Driver
CatTelDevOpen:
		jr	$ra
		move	$v0, $a0

CatTeldefaultLoginHook:
		jr	$ra
		move	$v0, $0
		
CatTelsetLoginHook:
		la	$v0,LoginHook
		jr	$ra
		sw	$a0, 0($v0)

CatTeltxStartup:
		addiu	$sp, -0x138
		sw	$ra, 0x130($sp)
		sw	$s7, 0x12C($sp)
		sw	$s6, 0x128($sp)
		sw	$s5, 0x124($sp)
		sw	$s4, 0x120($sp)
		sw	$s3, 0x11C($sp)
		sw	$s2, 0x118($sp)
		sw	$s1, 0x114($sp)
		sw	$s0, 0x110($sp)
loc_48:
		move	$s6, $a0
		addiu	$s5,$0,-1
		li	$s4, 0x10010
		addu	$s4, $sp
		addiu	$s7, $sp, 0x10
		addiu	$s1, $sp, 0x10
loc_64:
		move	$a0, $s6
loc_68:
		jal	tyITx
		move	$a1, $s1
		move	$s3, $v0
		beq	$s3, $s5, loc_88
		nop
		addiu	$s1, 1
		beq	$s1, $s4, loc_68
		move	$a0, $s6
loc_88:
		beq	$s1, $s7, loc_DC
		nop
		la	$a0,catMutex
		lw	$a0, 0($a0)
		jal	semTake
		addiu	$a1,$0,-1
		la	$s0, sConsole
		addiu	$s2, $sp, 0x10
loc_AC:
		lw	$a0, 0($s0)
		move	$a1, $s2
		jal	write
		subu	$a2, $s1, $s2
		lw	$s0, 4($s0)
		nop
		bnez	$s0, loc_AC
		nop
		la	$a0,catMutex
		lw	$a0, 0($a0)
		jal	semGive
		nop
loc_DC:
		beqz	$s3, loc_64
		addiu	$s1, $sp, 0x10
		lw	$ra, 0x130($sp)
		lw	$s7, 0x12C($sp)
		lw	$s6, 0x128($sp)
		lw	$s5, 0x124($sp)
		lw	$s4, 0x120($sp)
		lw	$s3, 0x11C($sp)
		lw	$s2, 0x118($sp)
		lw	$s1, 0x114($sp)
		lw	$s0, 0x110($sp)
		jr	$ra
		addiu	$sp, 0x138

tSCon:
		addiu	$sp, -0x28
		sw	$ra, 0x20($sp)
		sw	$s1, 0x1C($sp)
		sw	$s0, 0x18($sp)
		move	$s1, $a0
		la	$a0, aCattelConsoleT
		jal	printf
		move	$s0, $a1
		move	$a0, $s1
loc_138:
		addiu	$a1, $sp, 0x10
		jal	read
		li	$a2, 1
		lb	$a1, 0x10($sp)
		jal	tyIRd
		move	$a0, $s0
		j	loc_138
		move	$a0, $s1

tCatSock:
		addiu	$sp, -0x40
		sw	$ra, 0x38($sp)
		sw	$s3, 0x34($sp)
		sw	$s2, 0x30($sp)
		sw	$s1, 0x2C($sp)
		sw	$s0, 0x28($sp)
		move	$s1, $a0
		move	$s2, $a1
		move	$s3, $a2
loc_17C:
		la	$a0, aCattelTcatsock
		jal	printf
		move	$a1, $s1
		la	$t1,0xfffb0100
		sw	$t1,0x20($sp)
		move	$a0,$s1
		addiu	$a1,$sp,0x20
		jal	write
		li	$a2,3
		la	$a0, amotdtxt
		jal	open
		move	$a1,$0
		addiu	$t0,$0,-1
		beq	$v0,$t0,loc17ccc
		sw	$v0,0x10($sp)
		move	$a0,$v0
		jal	copystreams
		move	$a1,$s1
		jal	close
		lw	$a0,0x10($sp)
loc17ccc:		
		la	$v0,LoginHook
		lw	$v0, 0($v0)
		nop
		jalr	$v0
		move	$a0, $s1
		bnez	$v0, loc_298
		la	$a1,acrlf
		jal	catWrite
		move	$a0,$s1
		la	$a0,catMutex
		lw	$a0, 0($a0)
		jal	semTake
		addiu	$a1,$0,-1
		sw	$s1, 0x10($sp)
		la	$v1, sConsole
		lw	$v0, 4($v1)
		nop
		beqz	$v0, loc_204
		nop
loc_1E8:
		move	$v1, $v0
		lw	$v0, 4($v0)
		nop
		bnez	$v0, loc_1E8
		nop
		lw	$v0, 4($v1)
		nop
loc_204:
		sw	$v0, 0x14($sp)
		sw	$v1, 0x18($sp)
		addiu	$v0, $sp, 0x10
		sw	$v0, 4($v1)
		la	$a0,catMutex
		lw	$a0, 0($a0)
		jal	semGive
		li	$s0, 0xa
catsocl1:
		jal	catGetc
		move	$a0,$s1
		addiu	$v1,$0,-1
		beq	$v0,$v1,catsockl1done
		move	$a1,$v0
		jal	tyIRd
		move	$a0,$s2
		j	catsocl1
catsockl1done:
		la	$a0,catMutex
		lw	$a0, 0($a0)
		jal	semTake
		addiu	$a1,$0,-1
		lw	$v1, 0x18($sp)
		nop
		lw	$v0, 0x14($sp)
		nop
		beqz	$v0, loc_288
		sw	$v0, 4($v1)
		sw	$v1, 8($v0)
loc_288:
		la	$a0,catMutex
		lw	$a0, 0($a0)
		jal	semGive
		nop
loc_298:
		jal	close
		move	$a0, $s1
		jal	semGive
		move	$a0, $s3
		la	$a0, aCattelTcatso_0
		jal	printf
		move	$a1, $s1
		lw	$ra, 0x38($sp)
		lw	$s3, 0x34($sp)
		lw	$s2, 0x30($sp)
		lw	$s1, 0x2C($sp)
		lw	$s0, 0x28($sp)
		jr	$ra
		addiu	$sp, 0x40

tTelnet:
		addiu	$sp, -0xA0
		sw	$ra, 0x98($sp)
		sw	$s5, 0x94($sp)
		sw	$s4, 0x90($sp)
		sw	$s3, 0x8C($sp)
		sw	$s2, 0x88($sp)
		sw	$s1, 0x84($sp)
		sw	$s0, 0x80($sp)
		move	$s2, $a0
		move	$s4, $a1
		li	$s0, 0x10
		sw	$s0, 0x78($sp)
		li	$v0, 1
		sb	$v0, 0x50($sp)
		li	$a0, 2
		li	$a1, 1
		jal	socket
		move	$a2, $0
		move	$s1, $v0
		beqz	$s1, loc_4BC
		li	$a1,0x10
		jal	bzero
		addiu	$a0,$sp,0x40
		li	$v0, 2
		sb	$s0, 0x40($sp)
		sb	$v0, 0x41($sp)
		sh	$s4, 0x42($sp)
		jal	inet_addr
		move	$a0, $s2
		sw	$v0, 0x44($sp)
		move	$a0, $0
		jal	semCCreate
		li	$a1, 4
		move	$s3, $v0
		li	$v0, 1
		sw	$v0, 0x10($sp)
		move	$a0, $s1
		li	$a1, 0xFFFF
		li	$a2, 4
		jal	setsockopt
		addiu	$a3, $sp, 0x50
		bnez	$v0, loc_390
		nop
		jal	__errnoRef
		nop
		la	$a0, aCattelTelnetSe
		lw	$a1, 0($v0)
		jal	printf
		move	$a2, $s1
loc_390:
		j	loc_3BC
		addiu	$s0,$0,-1
loc_398:
		jal	__errnoRef
		nop
		la	$a0, aCattelTelnetSo
		lw	$a1, 0($v0)
		jal	printf
		move	$a2, $s1
		jal	taskDelay
		li	$a0, 0x300
loc_3BC:
		lw	$a2, 0x78($sp)
		move	$a0, $s1
		jal	bind
		addiu	$a1, $sp, 0x40
		beq	$v0, $s0, loc_398
		move	$a0, $s1
		jal	listen
		li	$a1, 2
		addiu	$v1,$0,-1
		beq	$v0, $v1, loc_498
		move	$a1, $s2
		la	$a0, aCattelTelnetIn
		jal	printf
		move	$a2, $s4
		addiu	$s5,$0,-1
		la	$s4, tCatSock
		j	loc_474
		addiu	$s2, $sp, 0x58
loc_40C:
		jal	semTake
		addiu	$a1,$0,-1
		move	$a0, $s2
		la	$a1, aTcatsock02d
		jal	sprintf
		move	$a2, $s0
		sw	$s4, 0x10($sp)
		sw	$s0, 0x14($sp)
		la	$v0,catDev
		lw	$v0, 0($v0)
		nop
		sw	$v0, 0x18($sp)
		sw	$s3, 0x1C($sp)
		move	$a0, $s2
		li	$a1, 0xC8
		move	$a2, $0
		jal	taskSpawn
		li	$a3, 0xF00
loc_474:
		move	$a0, $s1
		addiu	$a1, $sp, 0x40
		jal	accept
		addiu	$a2, $sp, 0x78
		move	$s0, $v0
		bne	$s0, $s5, loc_40C
		move	$a0, $s3
		j	loc_4D8
		nop
loc_498:
		jal	__errnoRef
		nop
		la	$a0, aCattelTelnet_0
		lw	$a1, 0($v0)
		jal	printf
		move	$a2, $s1
		j	loc_4D8
		nop
loc_4BC:
		jal	__errnoRef
		nop
		la	$a0, aCattelTelnet_1
		lw	$a1, 0($v0)
		jal	printf
		move	$a2, $s1
loc_4D8:
		la	$a0, aCattelTelnetTh
		jal	printf
		nop
		lw	$ra, 0x98($sp)
		lw	$s5, 0x94($sp)
		lw	$s4, 0x90($sp)
		lw	$s3, 0x8C($sp)
		lw	$s2, 0x88($sp)
		lw	$s1, 0x84($sp)
		lw	$s0, 0x80($sp)
		jr	$ra
		addiu	$sp, 0xA0

CatTelInit:
		addiu	$sp, -0x58
		sw	$ra, 0x50($sp)
		sw	$s3, 0x4C($sp)
		sw	$s2, 0x48($sp)
		sw	$s1, 0x44($sp)
		sw	$s0, 0x40($sp)
		move	$s2, $a0
		move	$s3, $a1
		move	$s0, $a2
		jal	malloc
		li	$a0, 0xFC
		la	$a0,catDev
		sw	$v0,0($a0)
		move	$a0, $v0
		li	$a1, 0x100
		la	$a3, CatTeltxStartup
		jal	tyDevInit
		li	$a2, 0x100
		la	$v0, tyRead
		sw	$v0, 0x10($sp)
		la	$v0, tyWrite
		sw	$v0, 0x14($sp)
		la	$v0, tyIoctl
		sw	$v0, 0x18($sp)
		move	$a0, $0
		move	$a1, $0
		la	$a2, CatTelDevOpen
		jal	iosDrvInstall
		move	$a3, $0
		la	$a0,catDev
		lw	$a0, 0($a0)
		la	$a1, aCattel
		jal	iosDevAdd
		move	$a2, $v0
		move	$a0, $0
		jal	semBCreate
		li	$a1, 1
		la	$a0,catMutex
		sw	$v0, 0($a0)
		la	$a0, catDoLogin
		jal	CatTelsetLoginHook
		nop
		la	$s1, sConsole
		move	$a0, $s0
		li	$a1, 2
		jal	open
		move	$a2, $0
		move	$v1, $v0
		beqz	$v1, loc_72C
		sw	$v1, 0($s1)
		la	$v0, tSCon
		sw	$v0, 0x10($sp)
		sw	$v1, 0x14($sp)
		la	$v0,catDev
		lw	$v0, 0($v0)
		nop
		sw	$v0, 0x18($sp)
		la	$a0, aTtcnscon
		li	$a1, 0xC8
		move	$a2, $0
		jal	taskSpawn
		li	$a3, 0xF00
		la	$v0, tTelnet
		sw	$v0, 0x10($sp)
		sw	$s2, 0x14($sp)
		sw	$s3, 0x18($sp)
		la	$a0, aTtcntelnet
		li	$a1, 0xC8
		move	$a2, $0
		jal	taskSpawn
		li	$a3, 0xF00
		lw	$a0, 0($s1)
		li	$a1, 3
		jal	ioctl
		move	$a2, $0
		la	$a0, aCattel
		li	$a1, 2
		jal	open
		move	$a2, $0
		move	$s0, $v0
		beqz	$s0, loc_71C
		move	$a0, $0
		jal	ioGlobalStdSet
		move	$a1, $s0
		li	$a0, 1
		jal	ioGlobalStdSet
		move	$a1, $s0
		li	$a0, 2
		jal	ioGlobalStdSet
		move	$a1, $s0
		move	$a0, $s0
		li	$a1, 3
		jal	ioctl
		li	$a2, 0x7F
loc_71C:
		la	$a0,catFd
		sw	$s0, 0($a0)
		j	loc_730
		move	$v0, $s0
loc_72C:
		addiu	$v0,$0,-1
loc_730:
		lw	$ra, 0x50($sp)
		lw	$s3, 0x4C($sp)
		lw	$s2, 0x48($sp)
		lw	$s1, 0x44($sp)
		lw	$s0, 0x40($sp)
		jr	$ra
		addiu	$sp, 0x58
		
__errnoRef:
		addiu	$sp, -0x18
		sw	$ra, 0x10($sp)
		jal	__errno
		nop
		lw	$ra, 0x10($sp)
		nop
		jr	$ra
		addiu	$sp, 0x18

catDoLogin:
		addiu	$sp,-0x130
		sw	$ra,0x12c($sp)
		sw	$s0,0x128($sp)
		move	$s0,$a0
		jal	FlagGet
		li	$a0,2
		beqz	$v0,catDoLoginDone
		la	$a1,aCatLoginPrompt
		jal	CatWrite
		move	$a0,$s0
		move	$a0,$s0
		addiu	$a1,$sp,0x10
		li	$a3,1
		jal	catRdString
		li	$a2,0x50
		la	$a1,aCatPassPrompt
		jal	CatWrite
		move	$a0,$s0
		move	$a0,$s0
		addiu	$a1,$sp,0x60
		move	$a3,$0
		jal	catRdString
		li	$a2,0x50
		la	$a0,mycfgarearaw+0x98
		jal	strcmp
		addiu	$a1,$sp,0x10
		bnez	$v0,catDoLoginFailed
		la	$a0,mycfgarearaw+0xd8
		jal	strcmp
		addiu	$a1,$sp,0x60
		bnez	$v0,catDoLoginFailed
catDoLoginDone:
		lw	$s0,0x128($sp)
		lw	$ra,0x12c($sp)
		jr	$ra
		addiu	$sp,0x130
catDoLoginFailed:
		j	catDoLoginDone
		li	$v0,1

#Basic output routine
catWrite:
		addiu	$sp,-0x18
		sw		$ra,0x14($sp)
		move	$t1,$a1
catwl1:
		lb	$t0,0($t1)
		andi	$t0,0xff
		bnez	$t0,catwl1
		addiu	$t1,1
		addiu	$t1,-1
		jal	write
		subu	$a2,$t1,$a1
		lw	$ra,0x14($sp)
		jr	$ra
		addiu	$sp,0x18

#Basic Input routine
#catRdString(fd,*buff,maxlen,echo)
catRdString:
		addiu	$sp,-0x30
		sw	$ra,0x2c($sp)
		sw	$s0,0x28($sp)
		sw	$s1,0x24($sp)
		sw	$s2,0x20($sp)
		sw	$s3,0x18($sp)
		sw	$s4,0x14($sp)
		move	$s0,$a0
		move	$s1,$a1
		addu	$s2,$a1,$a2
		move	$s3,$a1
		move	$s4,$a3
catRdSl1:
		jal	catGetc
		move	$a0,$s0
		addiu	$t0,$0,-1
		beq	$v0,$t0,catRdError
		li	$t1,0x8
		bne	$v0,$t1,catRdNotBkSp	#bksp?
		li	$t1,0xa	
		beq	$s1,$s3,catRdSl1		#allready @ 0? Do nothing! 
		nop
		beqz	$s4,catRdSl1		#no echo? do nothing but subtract 1
		addiu	$s1,-1
		move	$a0,$s0
		la	$a1,aRubout
		jal	write
		li	$a2,3
		j	catRdSl1
		nop
catRdNotBkSp:
		beq	$v0,$t1,catRdDone		#cr?
		sb	$v0,0($s1)
catRdSk1:
		beqz	$s4,catRdSk2
		sb	$v0,10($sp)
		addiu	$a1,$sp,0x10
		move	$a0,$s0
		jal	write
		li	$a2,1
catRdSk2:
		addiu	$s1,1
		bne	$s1,$s2,catRdSl1
catRdDone:
		subu	$v0,$s1,$s3
		sb	$0,0($s1)
catRdError:
		lw	$s4,0x14($sp)
		lw	$s3,0x18($sp)
		lw	$s2,0x20($sp)
		lw	$s1,0x24($sp)
		lw	$s0,0x28($sp)
		lw	$ra,0x2c($sp)
		jr	$ra
		addiu	$sp,0x30

#catGetc(Fd fd) returns -1 if error or socket trouble else returns char read in (and processes commands and translations)
catGetc:
		addiu	$sp,-0x40
		sw	$ra,0x3c($sp)
		sw	$s0,0x38($sp)
		sw	$s1,0x34($sp)
		move	$s1,$a0
catIgnorec:
		move	$a0, $s1
		addiu	$a1, $sp, 0x20
		jal	fioRead
		li	$a2, 1
		beqz	$v0,catGetcDone
		addiu	$v0,$0,-1
		lb	$a1, 0x20($sp)
		andi	$a1,0xff
		beqz	$a1,catIgnorec	#if its zero, just ignore it completely
		li	$t1,0xff
		beq	$a1,$t1,CatHandleCmd
		li	$t1,0x1f		#ctrl-esc (127) 
		bne	$a1,$t1,NotBksp
		li	$t1,0xa
		li	$a1,0x8		#translate it to ctrl-h
NotBksp:
		beq	$a1, $t1, catIgnorec #is it CR? if so then cr-lf = cr ignore it
		li	$t1,0xd
		bne	$a1,$t1,notlf	#but if it is LF
		nop
		j	notlf
		li	$a1,0xa		#turn it into LF into CR so both unix and win compat
notlf:
		move	$v0,$a1		#return read char
catGetcDone:
		lw	$s1,0x34($sp)
		lw	$s0,0x38($sp)
		lw	$ra,0x3c($sp)
		jr	$ra
		addiu	$sp,0x40

catHandleCmd:		
		li	$s0,2		#use this as a state counter, setup to read 3 byte, unless its 0xff then read 3 more, unless second one is 250 then read till you get 255 250
loc_17c_ish:
		move	$a0,$s1
		addiu	$a1,$sp,0x20
		jal	fioRead
		li	$a2,1		#read a byte
		beqz	$v0,catGetcDone	#on error bail out
		addiu	$v0,$0,-1
		lb	$a1,0x20($sp)
		andi	$a1,0xff
		li	$t1,2
		bne	$t1,$s0,notstate3
		addiu	$s0,-1
		li	$t1,0xfa	#SB ?? (get data till you get IAC and SE)
		bne	$a1,$t1,notsb
		nop
		j	loc238_ish
		li	$s0,0xff	#Keep going till you get 255 chars or IAC & SE

notsb:
		li	$t1,0xf0	#SE ??
		beq	$a1,$t1,isse
		nop
		j	loc238_ish
		li	$s0,1		#ok since its not se, then there must be something else following it so get that
notstate3:
		li	$t1,0xff	#IAC ??
isse:
		bne	$a1,$t1,loc238_ish
		nop

		li	$s0,2		#setup state mach to read at least 1 more bytes, then wait for another IAC or whatever
loc238_ish:
		bnez	$s0,loc_17c_ish
		move	$a0, $s1
		j	catIgnorec	
		nop
aCatLoginPrompt:
		.asciiz	"\n\lLogin: "
aCatPassPrompt:
		.asciiz	"\n\lPassword: "
aUSERNAME:
		.asciiz	"tcniso"
aUSERPASS:
		.asciiz	"sigma"
aRubout:
		.word	0x08200800
catDev:
		nop

sConsole:
		nop
		nop
		nop

catMutex:
nop

catFd:
nop

LoginHook:
nop

aCattelConsoleT:
.asciiz "CatTel: Console Task Started\n\l"

aCattelTcatsock:
.asciiz "CatTel: tCatSock%02d: Telnet Connection Established\n\l"

aCattelTcatso_0:
.asciiz "CatTel: tCatSock%02d: Telnet Connection Lost \n\l"

aCattelTelnetSe:
.asciiz "CatTel: Telnet setsockopt() error-%d socket-%04d, but continuing...\n\l"

aCattelTelnetSo:
.asciiz "CatTel: Telnet socket bind() error-%04d socket-%04d! Sleeping then retrying\n\l"

aCattelTelnetIn:
.asciiz "CatTel: Telnet Initialized, listening on %s:%d\n\l"

aTcatsock02d:
.asciiz "tCatSock%02d"

aCattelTelnet_0:
.asciiz "CatTel: Telnet socket listen() error-%04d socket-%04d!\n\l"

aCattelTelnet_1:
.asciiz "CatTel: Telnet socket()  error-%04d!\n\l"

aCattelTelnetTh:
.asciiz "CatTel: Telnet Thread Exiting!\n\l"

aCattel:
	.asciiz "/CatTel"

aTyco0:
	.asciiz	"/tyCo/0"
	
aTtcnscon:
	.asciiz "tTcnSCon"

aTtcntelnet:
	.asciiz "tTcnTelnet"
Personal tools
irssi scripts
eggdrop scripts