def main(): local pushbuf:byte[2048] local request:uint local path:uint local isadmin:uint local rtype:uint local buf:uint local cheatingdeath:uint local c:uint # allocate 160 bytes on the DS request = " " isadmin = "N" path = " " rtype = " " buf = " " cheatingdeath = " " pokeb(cheatingdeath + 0, 12) pokeb(cheatingdeath + 1, 43) pokeb(cheatingdeath + 2, 32) pokeb(cheatingdeath + 3, 54) pokeb(cheatingdeath + 4, 34) pokeb(cheatingdeath + 5, 23) pokeb(cheatingdeath + 6, 4) pokeb(cheatingdeath + 7, 3) pokeb(cheatingdeath + 8, 2) pokeb(cheatingdeath + 9, 54) pokeb(cheatingdeath + 10, 76) pokeb(cheatingdeath + 11, 123) pokeb(cheatingdeath + 12, 32) pokeb(cheatingdeath + 13, 43) pokeb(cheatingdeath + 14, 245) pokeb(cheatingdeath + 15, 240) pokeb(cheatingdeath + 16, 230) pokeb(cheatingdeath + 17, 120) pokeb(cheatingdeath + 18, 120) pokeb(cheatingdeath + 19, 230) pokeb(cheatingdeath + 20, 32) pokeb(cheatingdeath + 21, 43) pokeb(cheatingdeath + 22, 54) pokeb(cheatingdeath + 23, 65) pokeb(cheatingdeath + 24, 76) pokeb(cheatingdeath + 25, 87) readword(request) if peekb(isadmin) != 78: putl("Admin mode") users() if streq(request, "GET"): readword(path) readword(rtype) readline(request) get(path, rtype) halt() if streq(request, "LAPUTANMACHINE"): puts("I am not a machine!") users() if streq(request, "FLATLANDERWOMAN"): puts("How did you know?") halt() if streq(request, "ABOUT"): about() halt() if streq(request, "WHOT"): c = getc() - 65 putc(peekb(cheatingdeath + c)) halt() if streq(request, "REGISTER"): readword(path) readword(rtype) register(path, rtype) if streq(request, "UPLOAD") | streq(request, "DOWNLOAD"): c = streq(request, "UPLOAD") readword(request) readword(rtype) readword(path) if authenticate(request, rtype) == 0: puts("Authentication not successful") halt() pokeb(buf, 0) strcat(buf, request) strcat(buf, "/") strcat(buf, path) if c: puts("Uploading to ") puts(buf) upload(buf) halt() puts("Downloading from ") puts(buf) download(buf) halt() def upload(path:uint): local f:uint local c:uint f = open(path, 1089) c = getc() while (c != 0) & (c != 64): fputc(f, c) c = getc() close(f) putl("Everything seems to be in order.") def download(path:uint): local f:uint local c:uint f = open(path, 0) c = fgetc(f) while c != -1: putc(c) c = fgetc(f) close(f) def authenticate(user:uint, pass:uint): local f:uint local lu:uint local lp:uint lu = " " lp = " " f = open("/tmp/httpdusers", 0) while 1: if readwordf(f, lu) == 0: puts("Error") return 0 if readwordf(f, lp) == 0: puts("Error") return 0 if streq(lu, user): puts("Username match") putc(10) putc(13) if streq(lp, pass): puts("Password match") putc(10) putc(13) return 1 def strcat(dest:uint, src:uint): local c:uint c = peekb(dest) while c: dest = dest + 1 c = peekb(dest) c = peekb(src) while c: pokeb(dest, c) dest = dest + 1 src = src + 1 c = peekb(src) pokeb(dest, 0) def register(user:uint, pass:uint): local f:uint f = open("/tmp/httpdusers", 1025) if f == -1: puts("Registration failed") return 0 fputs(f, user) fputc(f, 32) fputs(f, pass) fputc(f, 10) close(f) return 1 def fputs(f:uint, s:uint): local c:uint c = peekb(s) while c: fputc(f, c) s = s + 1 c = peekb(s) def puts(s:uint): local c:uint c = peekb(s) while c: putc(c) s = s + 1 c = peekb(s) def getci(): local c:uint c = getc() while c == 13: c = getc() return c def putl(l:uint): local dummy:uint puts(l) putc(10) putc(13) def readword(dest:uint): local c:uint c = getci() while (c != 32) & (c != 10) & (c != 13): pokeb(dest, c) dest = dest + 1 c = getci() pokeb(dest, 0) def readwordf(f:uint, dest:uint): local c:uint local len:uint c = fgetc(f) len = 0 while (c != -1) & (c != 32) & (c != 10) & (c != 13): len = len + 1 pokeb(dest, c) dest = dest + 1 c = fgetc(f) pokeb(dest, 0) return len def readline(dest:uint): local c:uint c = getci() while (c != 10) & (c != 13): pokeb(dest, c) dest = dest + 1 c = getci() pokeb(dest, 0) def streq(s1:uint, s2:uint): local c:uint c = peekb(s1) while c: if c != peekb(s2): return 0 s1 = s1 + 1 s2 = s2 + 1 c = peekb(s1) if peekb(s2) == 0: return 1 return 0 def strlen(s:uint): local len:uint while peekb(s): len = len + 1 s = s + 1 return len def endswith(s:uint, token:uint): local tl:uint tl = strlen(token) if strlen(s) < tl: return 0 s = s + strlen(s) - 1 token = token + tl - 1 while tl: if peekb(s) != peekb(token): return 0 tl = tl - 1 s = s - 1 token = token - 1 return 1 def issane(what:uint): local c:uint c = peekb(what) while c: if (((c >= 65) & (c <= 90)) | ((c >= 97) & (c <= 122)) | (c == 46) | (c == 47) | ((c >= 48) & (c <= 57))) == 0: return 0 if c == 46: if peekb(what + 1) == 46: return 0 what = what + 2 what = what + 1 c = peekb(what) return 1 def get(path:uint, rtype:uint): local is:uint local f:uint local c:uint path = path + 1 is = issane(path) if is == 0: putl("HTTP/1.1 500 Internal server error") putl("") putl("

Internal server error

") return 0 if endswith(path, ".secret"): putl("HTTP/1.1 404 Permission Denied") putl("") putl("

Verboten!

") return 0 f = open(path, 0) if f == -1: putl("HTTP/1.1 500 File does not exist") putl("") putl("

Nicht gefunden!

") return 0 putl("HTTP/1.1 200 Qapla'") putl("Content-Type: text/html") putl("X-Served-By: HC's 100% pure govm webserver ") putl("") c = fgetc(f) while c != -1: putc(c) c = fgetc(f) close(f) return 1 def users(): local f:uint local c:uint f = open("/tmp/httpdusers", 0) c = fgetc(f) while c != -1: putc(c) c = fgetc(f) close(f) putl() putl("There. I hope you're happy") def about(): local what:byte[8] local i:uint local c:uint i = 7 c = (getc() << 8) + getc() while (c != 10) & (c != 2570) & (c != 2573): what[i] = c i = i - 1 c = (getc() << 8) + getc() if (what[7] == 16725) & (what[6] == 21576) & (what[5] == 20306): putl("govm http") putl("100% pure govm bytecode HTTP daemon") putl("a HAR CTF service and govm demo") putl("(C) 2009, Hans-Christian Esperer ") putl("Public Domain") return 1723