You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ld a, [JMP_PARAM]
ld hl, JMP_TABLE
add a, l
ld l, a
ld a, h
adc a, 0
ld h, a
ld a, [hli]
ld h, [hl]
ld l, a
jp [hl]
Right now tracing will hit the last line of the stream and then bail as the entropy of jp [hl] is maximal. It can literally go anywhere if you don't know the value of the jump table's parameter, which goes from 8 to 9 to 16 to up to 25 bits of entropy as to where the jump lands. If we instead forked at the start on the value of a, then we'd only have 8 bits total (although with still plenty of invalid values, which we'd have to discover by some other means).
In order to do entropy minimization, we need to actually track data values through the trace, as well as have a way to analyze data dependencies (so we can discard irrelevant forks).
The text was updated successfully, but these errors were encountered:
Let's say we encounter a jump table, like so:
Right now tracing will hit the last line of the stream and then bail as the entropy of
jp [hl]is maximal. It can literally go anywhere if you don't know the value of the jump table's parameter, which goes from 8 to 9 to 16 to up to 25 bits of entropy as to where the jump lands. If we instead forked at the start on the value ofa, then we'd only have 8 bits total (although with still plenty of invalid values, which we'd have to discover by some other means).In order to do entropy minimization, we need to actually track data values through the trace, as well as have a way to analyze data dependencies (so we can discard irrelevant forks).
The text was updated successfully, but these errors were encountered: