librex 0.0.68 → 0.0.70

data/lib/rex/encoder/alpha2.rb

@@ -1,9 +1,8 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 #
 # ________________________________________________________________________________
-# 
+#
 #     ,sSSs,,s,  ,sSSSs,  ALPHA 2: Zero-tolerance. (build 07)
 #    SS"  Y$P"  SY"  ,SY
 #   iS'   dY       ,sS"   Unicode-proof uppercase alphanumeric shellcode encoding.

data/lib/rex/encoder/alpha2/alpha_mixed.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 require 'rex/encoder/alpha2/generic'
@@ -9,61 +8,61 @@ module Alpha2
 
 class AlphaMixed < Generic
 
-	def self.gen_decoder_prefix(reg, offset)
-		if (offset > 32)
-			raise "Critical: Offset is greater than 32"
-		end
+  def self.gen_decoder_prefix(reg, offset)
+    if (offset > 32)
+      raise "Critical: Offset is greater than 32"
+    end
 
-		# use inc ebx as a nop here so we still pad correctly
-		if (offset <= 16)
-			nop = 'C' * offset
-			mod = 'I' * (16 - offset) + nop + '7QZ'    # dec ecx,,, push ecx, pop edx
-			edxmod = 'J' * (17 - offset)
-		else
-			mod = 'A' * (offset - 16)
-			nop = 'C' * (16 - mod.length)
-			mod << nop + '7QZ'
-			edxmod = 'B' * (17 - (offset - 16))
-		end
-		regprefix = {
-			'EAX'   => 'PY' + mod,                         # push eax, pop ecx
-			'ECX'   => 'I' + mod,                          # dec ecx
-			'EDX'   =>  edxmod + nop + '7RY',			   # dec edx,,, push edx, pop ecx
-			'EBX'   => 'SY' + mod,                         # push ebx, pop ecx
-			'ESP'   => 'TY' + mod,                         # push esp, pop ecx
-			'EBP'   => 'UY' + mod,                         # push ebp, pop ecx
-			'ESI'   => 'VY' + mod,                         # push esi, pop ecx
-			'EDI'   => 'WY' + mod,                         # push edi, pop ecx
-		}
+    # use inc ebx as a nop here so we still pad correctly
+    if (offset <= 16)
+      nop = 'C' * offset
+      mod = 'I' * (16 - offset) + nop + '7QZ'    # dec ecx,,, push ecx, pop edx
+      edxmod = 'J' * (17 - offset)
+    else
+      mod = 'A' * (offset - 16)
+      nop = 'C' * (16 - mod.length)
+      mod << nop + '7QZ'
+      edxmod = 'B' * (17 - (offset - 16))
+    end
+    regprefix = {
+      'EAX'   => 'PY' + mod,                         # push eax, pop ecx
+      'ECX'   => 'I' + mod,                          # dec ecx
+      'EDX'   =>  edxmod + nop + '7RY',			   # dec edx,,, push edx, pop ecx
+      'EBX'   => 'SY' + mod,                         # push ebx, pop ecx
+      'ESP'   => 'TY' + mod,                         # push esp, pop ecx
+      'EBP'   => 'UY' + mod,                         # push ebp, pop ecx
+      'ESI'   => 'VY' + mod,                         # push esi, pop ecx
+      'EDI'   => 'WY' + mod,                         # push edi, pop ecx
+    }
 
-		reg.upcase!
-		if (not regprefix.keys.include? reg)
-			raise ArgumentError.new("Invalid register name")
-		end
-		return regprefix[reg]
-	end
+    reg.upcase!
+    if (not regprefix.keys.include? reg)
+      raise ArgumentError.new("Invalid register name")
+    end
+    return regprefix[reg]
+  end
 
-	def self.gen_decoder(reg, offset)
-		decoder =
-			 gen_decoder_prefix(reg, offset) +
-			 "jA" +          # push 0x41
-			 "X" +           # pop eax
-			 "P" +           # push eax
-			 "0A0" +         # xor byte [ecx+30], al
-			 "A" +           # inc ecx                        <---
-			 "kAAQ" +        # imul eax, [ecx+42], 51 -> 10       |
-			 "2AB" +         # xor al, [ecx + 42]                 |
-			 "2BB" +         # xor al, [edx + 42]                 |
-			 "0BB" +         # xor [edx + 42], al                 |
-			 "A" +           # inc ecx                            |
-			 "B" +           # inc edx                            |
-			 "X" +           # pop eax                            |
-			 "P" +           # push eax                           |
-			 "8AB" +         # cmp [ecx + 42], al                 |
-			 "uJ" +          # jnz short -------------------------
-			 "I"             # first encoded char, fixes the above J
+  def self.gen_decoder(reg, offset)
+    decoder =
+       gen_decoder_prefix(reg, offset) +
+       "jA" +          # push 0x41
+       "X" +           # pop eax
+       "P" +           # push eax
+       "0A0" +         # xor byte [ecx+30], al
+       "A" +           # inc ecx                        <---
+       "kAAQ" +        # imul eax, [ecx+42], 51 -> 10       |
+       "2AB" +         # xor al, [ecx + 42]                 |
+       "2BB" +         # xor al, [edx + 42]                 |
+       "0BB" +         # xor [edx + 42], al                 |
+       "A" +           # inc ecx                            |
+       "B" +           # inc edx                            |
+       "X" +           # pop eax                            |
+       "P" +           # push eax                           |
+       "8AB" +         # cmp [ecx + 42], al                 |
+       "uJ" +          # jnz short -------------------------
+       "I"             # first encoded char, fixes the above J
 
-		return decoder
-	end
+    return decoder
+  end
 
 end end end end

data/lib/rex/encoder/alpha2/alpha_upper.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 require 'rex/encoder/alpha2/generic'
@@ -8,73 +7,73 @@ module Encoder
 module Alpha2
 
 class AlphaUpper < Generic
-	def self.default_accepted_chars ; ('B' .. 'Z').to_a + ('0' .. '9').to_a ; end
+  def self.default_accepted_chars ; ('B' .. 'Z').to_a + ('0' .. '9').to_a ; end
 
-	def self.gen_decoder_prefix(reg, offset)
-		if (offset > 20)
-			raise "Critical: Offset is greater than 20"
-		end
+  def self.gen_decoder_prefix(reg, offset)
+    if (offset > 20)
+      raise "Critical: Offset is greater than 20"
+    end
 
-		# use inc ebx as a nop here so we still pad correctly
-		if (offset <= 10)
-			nop = 'C' * offset
-			mod = 'I' * (10 - offset) + nop + 'QZ'    # dec ecx,,, push ecx, pop edx
-			edxmod = 'J' * (11 - offset)
-		else
-			mod = 'A' * (offset - 10)
-			nop = 'C' * (10 - mod.length)
-			mod << nop + 'QZ'
-			edxmod = 'B' * (11 - (offset - 10))
-		end
-		regprefix = {
-			'EAX'   => 'PY' + mod,                        # push eax, pop ecx
-			'ECX'   => 'I' + mod,                         # dec ecx
-			'EDX'   =>  edxmod + nop + 'RY',  			  # mod edx,,, push edx, pop ecx
-			'EBX'   => 'SY' + mod,                        # push ebx, pop ecx
-			'ESP'   => 'TY' + mod,                        # push esp, pop ecx
-			'EBP'   => 'UY' + mod,                        # push ebp, pop ecx
-			'ESI'   => 'VY' + mod,                        # push esi, pop ecx
-			'EDI'   => 'WY' + mod,                        # push edi, pop edi
-		}
+    # use inc ebx as a nop here so we still pad correctly
+    if (offset <= 10)
+      nop = 'C' * offset
+      mod = 'I' * (10 - offset) + nop + 'QZ'    # dec ecx,,, push ecx, pop edx
+      edxmod = 'J' * (11 - offset)
+    else
+      mod = 'A' * (offset - 10)
+      nop = 'C' * (10 - mod.length)
+      mod << nop + 'QZ'
+      edxmod = 'B' * (11 - (offset - 10))
+    end
+    regprefix = {
+      'EAX'   => 'PY' + mod,                        # push eax, pop ecx
+      'ECX'   => 'I' + mod,                         # dec ecx
+      'EDX'   =>  edxmod + nop + 'RY',  			  # mod edx,,, push edx, pop ecx
+      'EBX'   => 'SY' + mod,                        # push ebx, pop ecx
+      'ESP'   => 'TY' + mod,                        # push esp, pop ecx
+      'EBP'   => 'UY' + mod,                        # push ebp, pop ecx
+      'ESI'   => 'VY' + mod,                        # push esi, pop ecx
+      'EDI'   => 'WY' + mod,                        # push edi, pop edi
+    }
 
-		reg.upcase!
-		if (not regprefix.keys.include? reg)
-			raise ArgumentError.new("Invalid register name")
-		end
-		return regprefix[reg]
+    reg.upcase!
+    if (not regprefix.keys.include? reg)
+      raise ArgumentError.new("Invalid register name")
+    end
+    return regprefix[reg]
 
-	end
+  end
 
-	def self.gen_decoder(reg, offset)
-		decoder =
-			gen_decoder_prefix(reg, offset) +
-			"V" +           # push esi
-			"T" +           # push esp
-			"X" +           # pop eax
-			"30" +          # xor esi, [eax]
-			"V" +           # push esi
-			"X" +           # pop eax
-			"4A" +          # xor al, 41
-			"P" +           # push eax
-			"0A3" +         # xor [ecx+33], al
-			"H" +           # dec eax
-			"H" +           # dec eax
-			"0A0" +         # xor [ecx+30], al
-			"0AB" +         # xor [ecx+42], al
-			"A" +           # inc ecx   <---------------
-			"A" +           # inc ecx                   |
-			"B" +           # inc edx                   |
-			"TAAQ" +        # imul eax, [ecx+41], 10 *  |
-			"2AB" +         # xor al [ecx+42]           |
-			"2BB" +         # xor al, [edx+42]          |
-			"0BB" +         # xor [edx+42], al          |
-			"X" +           # pop eax                   |
-			"P" +           # push eax                  |
-			"8AC" +         # cmp [ecx+43], al          |
-			"JJ" +          # jnz * --------------------
-			"I"             # first encoded char, fixes the above J
+  def self.gen_decoder(reg, offset)
+    decoder =
+      gen_decoder_prefix(reg, offset) +
+      "V" +           # push esi
+      "T" +           # push esp
+      "X" +           # pop eax
+      "30" +          # xor esi, [eax]
+      "V" +           # push esi
+      "X" +           # pop eax
+      "4A" +          # xor al, 41
+      "P" +           # push eax
+      "0A3" +         # xor [ecx+33], al
+      "H" +           # dec eax
+      "H" +           # dec eax
+      "0A0" +         # xor [ecx+30], al
+      "0AB" +         # xor [ecx+42], al
+      "A" +           # inc ecx   <---------------
+      "A" +           # inc ecx                   |
+      "B" +           # inc edx                   |
+      "TAAQ" +        # imul eax, [ecx+41], 10 *  |
+      "2AB" +         # xor al [ecx+42]           |
+      "2BB" +         # xor al, [edx+42]          |
+      "0BB" +         # xor [edx+42], al          |
+      "X" +           # pop eax                   |
+      "P" +           # push eax                  |
+      "8AC" +         # cmp [ecx+43], al          |
+      "JJ" +          # jnz * --------------------
+      "I"             # first encoded char, fixes the above J
 
-		return decoder
-	end
+    return decoder
+  end
 
 end end end end

data/lib/rex/encoder/alpha2/generic.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 require 'rex/text'
@@ -9,83 +8,83 @@ module Alpha2
 
 class Generic
 
-	# Note: 'A' is presumed to be accepted, but excluded from the accepted characters, because it serves as the terminator
-	def Generic.default_accepted_chars ; ('a' .. 'z').to_a + ('B' .. 'Z').to_a + ('0' .. '9').to_a ; end
-
-	def Generic.gen_decoder_prefix(reg, offset)
-		# Should never happen - have to pick a specifc
-		# encoding:
-		# alphamixed, alphaupper, unicodemixed, unicodeupper
-		''
-	end
-
-	def Generic.gen_decoder(reg, offset)
-		# same as above
-		return ''
-	end
-
-	def Generic.gen_second(block, base)
-		# XOR encoder for ascii - unicode uses additive
-		(block^base)
-	end
-
-	def Generic.encode_byte(block, badchars)
-		accepted_chars = default_accepted_chars.dup
-		
-		badchars.each_char {|c| accepted_chars.delete(c) } if badchars
-		
-		# No, not nipple.
-		nibble_chars = Array.new(0x10) {[]}
-		accepted_chars.each {|c| nibble_chars[c.unpack('C')[0] & 0x0F].push(c) }
-		
-		poss_encodings = []
-		
-		block_low_nibble = block & 0x0F
-		block_high_nibble = block >> 4
-		
-		# Get list of chars suitable for expressing lower part of byte
-		first_chars = nibble_chars[block_low_nibble]
-		
-		# Build a list of possible encodings
-		first_chars.each do |first_char|
-			first_high_nibble = first_char.unpack('C')[0] >> 4
-		
-			# In the decoding process, the low nibble of the second char gets combined
-			# (either ADDed or XORed depending on the encoder) with the high nibble of the first char,
-			# and we want the high nibble of our input byte to result
-			second_low_nibble = gen_second(block_high_nibble, first_high_nibble) & 0x0F
-			
-			# Find valid second chars for this first char and add each combination to our possible encodings
-			second_chars = nibble_chars[second_low_nibble]
-			second_chars.each {|second_char| poss_encodings.push(second_char + first_char) }
-		end
-		
-		if poss_encodings.empty?
-			raise RuntimeError, "No encoding of #{"0x%.2X" % block} possible with limited character set"
-		end
-		
-		# Return a random encoding
-		poss_encodings[rand(poss_encodings.length)]
-	end
-
-	def Generic.encode(buf, reg, offset, badchars = '')
-		encoded = gen_decoder(reg, offset)
-
-		buf.each_byte {
-			|block|
-
-			encoded << encode_byte(block, badchars)
-		}
-
-		encoded << add_terminator()
-
-		return encoded
-	end
-
-	# 'A' signifies the end of the encoded shellcode
-	def Generic.add_terminator()
-		'AA'
-	end
+  # Note: 'A' is presumed to be accepted, but excluded from the accepted characters, because it serves as the terminator
+  def Generic.default_accepted_chars ; ('a' .. 'z').to_a + ('B' .. 'Z').to_a + ('0' .. '9').to_a ; end
+
+  def Generic.gen_decoder_prefix(reg, offset)
+    # Should never happen - have to pick a specifc
+    # encoding:
+    # alphamixed, alphaupper, unicodemixed, unicodeupper
+    ''
+  end
+
+  def Generic.gen_decoder(reg, offset)
+    # same as above
+    return ''
+  end
+
+  def Generic.gen_second(block, base)
+    # XOR encoder for ascii - unicode uses additive
+    (block^base)
+  end
+
+  def Generic.encode_byte(block, badchars)
+    accepted_chars = default_accepted_chars.dup
+
+    badchars.each_char {|c| accepted_chars.delete(c) } if badchars
+
+    # No, not nipple.
+    nibble_chars = Array.new(0x10) {[]}
+    accepted_chars.each {|c| nibble_chars[c.unpack('C')[0] & 0x0F].push(c) }
+
+    poss_encodings = []
+
+    block_low_nibble = block & 0x0F
+    block_high_nibble = block >> 4
+
+    # Get list of chars suitable for expressing lower part of byte
+    first_chars = nibble_chars[block_low_nibble]
+
+    # Build a list of possible encodings
+    first_chars.each do |first_char|
+      first_high_nibble = first_char.unpack('C')[0] >> 4
+
+      # In the decoding process, the low nibble of the second char gets combined
+      # (either ADDed or XORed depending on the encoder) with the high nibble of the first char,
+      # and we want the high nibble of our input byte to result
+      second_low_nibble = gen_second(block_high_nibble, first_high_nibble) & 0x0F
+
+      # Find valid second chars for this first char and add each combination to our possible encodings
+      second_chars = nibble_chars[second_low_nibble]
+      second_chars.each {|second_char| poss_encodings.push(second_char + first_char) }
+    end
+
+    if poss_encodings.empty?
+      raise RuntimeError, "No encoding of #{"0x%.2X" % block} possible with limited character set"
+    end
+
+    # Return a random encoding
+    poss_encodings[rand(poss_encodings.length)]
+  end
+
+  def Generic.encode(buf, reg, offset, badchars = '')
+    encoded = gen_decoder(reg, offset)
+
+    buf.each_byte {
+      |block|
+
+      encoded << encode_byte(block, badchars)
+    }
+
+    encoded << add_terminator()
+
+    return encoded
+  end
+
+  # 'A' signifies the end of the encoded shellcode
+  def Generic.add_terminator()
+    'AA'
+  end
 
 end end end end
 

data/lib/rex/encoder/alpha2/unicode_mixed.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 require 'rex/encoder/alpha2/generic'
@@ -8,105 +7,110 @@ module Encoder
 module Alpha2
 
 class UnicodeMixed < Generic
-	
-	def self.gen_second(block, base)
-		# unicode uses additive encoding
-		(block - base)
-	end
-	
-	def self.gen_decoder_prefix(reg, offset)
-		if (offset > 21)
-			 raise "Critical: Offset is greater than 21"
-		end
 
-		# offset untested for unicode :(
-		if (offset <= 14)
-			nop = 'CP' * offset
-			mod = 'IA' * (14 - offset) + nop    # dec ecx,,, push ecx, pop edx
-		else
-			mod = 'AA' * (offset - 14)			# inc ecx
-			nop = 'CP' * (14 - mod.length)
-			mod += nop
-		end	
-		regprefix = {                       # nops ignored below
-			'EAX'   => 'PPYA' + mod,         # push eax, pop ecx
-			'ECX'   =>  mod + "4444",        # dec ecx
-			'EDX'   => 'RRYA' + mod,         # push edx, pop ecx
-			'EBX'   => 'SSYA' + mod,         # push ebx, pop ecx
-			'ESP'   => 'TUYA' + mod,         # push esp, pop ecx
-			'EBP'   => 'UUYA' + mod,         # push ebp, pop ecx
-			'ESI'   => 'VVYA' + mod,         # push esi, pop ecx
-			'EDI'   => 'WWYA' + mod,         # push edi, pop edi
-		}
+  def self.gen_second(block, base)
+    # unicode uses additive encoding
+    (block - base)
+  end
 
-		return regprefix[reg]	
-	end
+  def self.gen_decoder_prefix(reg, offset)
+    if (offset > 21)
+       raise "Critical: Offset is greater than 21"
+    end
 
-	def self.gen_decoder(reg, offset)
-		decoder =
-			gen_decoder_prefix(reg, offset) +
-			"j" +               # push 0
-			"XA" +              # pop eax, NOP
-			"QA" +              # push ecx, NOP
-			"DA" +              # inc esp, NOP
-			"ZA" +              # pop edx, NOP
-			"BA" +              # inc edx, NOP
-			"RA" +              # push edx, NOP
-			"LA" +              # dec esp, NOP
-			"YA" +              # pop ecx, NOP
-			"IA" +              # dec ecx, NOP
-			"QA" +              # push ecx, NOP
-			"IA" +              # dec ecx, NOP
-			"QA" +              # push ecx, NOP
-			"IA" +              # dec ecx, NOP
-			"hAAA" +            # push 00410041, NOP
-			"Z" +               # pop edx
-			"1A" +              # add [ecx], dh NOP
-			"IA" +              # dec ecx, NOP
-			"IA" +              # dec ecx, NOP
-			"J" +               # dec edx
-			"1" +               # add [ecx], dh
-			"1A" +              # add [ecx], dh NOP
-			"IA" +              # dec ecx, NOP
-			"IA" +              # dec ecx, NOP
-			"BA" +              # inc edx, NOP
-			"BA" +              # inc edx, NOP
-			"B" +               # inc edx
-			"Q" +               # add [ecx], dl
-			"I" +               # dec ecx
-			"1A" +              # add [ecx], dh NOP
-			"I" +               # dec ecx
-			"Q" +               # add [ecx], dl
-			"IA" +              # dec ecx, NOP
-			"I" +               # dec ecx
-			"Q" +               # add [ecx], dh
-			"I" +               # dec ecx
-			"1" +               # add [ecx], dh
-			"1" +               # add [ecx], dh
-			"1A" +              # add [ecx], dh NOP
-			"IA" +              # dec ecx, NOP
-			"J" +               # dec edx
-			"Q" +               # add [ecx], dl 
-			"YA" +              # pop ecx, NOP
-			"Z" +               # pop edx
-			"B" +               # add [edx], al
-			"A" +               # inc ecx       <-------
-			"B" +               # add [edx], al         |
-			"A" +               # inc ecx               |
-			"B" +               # add [edx], al         |
-			"A" +               # inc ecx               |
-			"B" +               # add [edx], al         |
-			"A" +               # inc ecx               |
-			"B" +               # add [edx], al         |
-			"kM" +              # imul eax, [eax], 10 * |
-			"A" +               # add [edx], al         |
-			"G" +               # inc edi               | 
-			"B" +               # add [edx], al         |
-			"9" +               # cmp [eax], eax        |
-			"u" +               # jnz ------------------      
-			"4JB"
+    # offset untested for unicode :(
+    if (offset <= 14)
+      nop = 'CP' * offset
+      mod = 'IA' * (14 - offset) + nop    # dec ecx,,, push ecx, pop edx
+    else
+      mod = 'AA' * (offset - 14)			# inc ecx
+      nop = 'CP' * (14 - mod.length)
+      mod += nop
+    end
+    regprefix = {                       # nops ignored below
+      'EAX'   => 'PPYA' + mod,         # push eax, pop ecx
+      'ECX'   =>  mod + "4444",        # dec ecx
+      'EDX'   => 'RRYA' + mod,         # push edx, pop ecx
+      'EBX'   => 'SSYA' + mod,         # push ebx, pop ecx
+      'ESP'   => 'TUYA' + mod,         # push esp, pop ecx
+      'EBP'   => 'UUYA' + mod,         # push ebp, pop ecx
+      'ESI'   => 'VVYA' + mod,         # push esi, pop ecx
+      'EDI'   => 'WWYA' + mod,         # push edi, pop edi
+    }
 
-		return decoder
-	end
+    prefix = regprefix[reg.upcase]
+    if prefix.nil?
+      raise "Critical: Invalid register"
+    end
+
+    return prefix
+  end
+
+  def self.gen_decoder(reg, offset)
+    decoder =
+      gen_decoder_prefix(reg, offset) +
+      "j" +               # push 0
+      "XA" +              # pop eax, NOP
+      "QA" +              # push ecx, NOP
+      "DA" +              # inc esp, NOP
+      "ZA" +              # pop edx, NOP
+      "BA" +              # inc edx, NOP
+      "RA" +              # push edx, NOP
+      "LA" +              # dec esp, NOP
+      "YA" +              # pop ecx, NOP
+      "IA" +              # dec ecx, NOP
+      "QA" +              # push ecx, NOP
+      "IA" +              # dec ecx, NOP
+      "QA" +              # push ecx, NOP
+      "IA" +              # dec ecx, NOP
+      "hAAA" +            # push 00410041, NOP
+      "Z" +               # pop edx
+      "1A" +              # add [ecx], dh NOP
+      "IA" +              # dec ecx, NOP
+      "IA" +              # dec ecx, NOP
+      "J" +               # dec edx
+      "1" +               # add [ecx], dh
+      "1A" +              # add [ecx], dh NOP
+      "IA" +              # dec ecx, NOP
+      "IA" +              # dec ecx, NOP
+      "BA" +              # inc edx, NOP
+      "BA" +              # inc edx, NOP
+      "B" +               # inc edx
+      "Q" +               # add [ecx], dl
+      "I" +               # dec ecx
+      "1A" +              # add [ecx], dh NOP
+      "I" +               # dec ecx
+      "Q" +               # add [ecx], dl
+      "IA" +              # dec ecx, NOP
+      "I" +               # dec ecx
+      "Q" +               # add [ecx], dh
+      "I" +               # dec ecx
+      "1" +               # add [ecx], dh
+      "1" +               # add [ecx], dh
+      "1A" +              # add [ecx], dh NOP
+      "IA" +              # dec ecx, NOP
+      "J" +               # dec edx
+      "Q" +               # add [ecx], dl
+      "YA" +              # pop ecx, NOP
+      "Z" +               # pop edx
+      "B" +               # add [edx], al
+      "A" +               # inc ecx       <-------
+      "B" +               # add [edx], al         |
+      "A" +               # inc ecx               |
+      "B" +               # add [edx], al         |
+      "A" +               # inc ecx               |
+      "B" +               # add [edx], al         |
+      "A" +               # inc ecx               |
+      "B" +               # add [edx], al         |
+      "kM" +              # imul eax, [eax], 10 * |
+      "A" +               # add [edx], al         |
+      "G" +               # inc edi               |
+      "B" +               # add [edx], al         |
+      "9" +               # cmp [eax], eax        |
+      "u" +               # jnz ------------------
+      "4JB"
+
+    return decoder
+  end
 
 end end end end