Cracking Projects For Newbies

Task 3 Sandman Can you give me a couple pointers
Sunday, 07-Feb-99 10:46:20
    205.214.207.167 writes:

    Hello Sandman,

    I am having a few problems with Question 3 and part in question 1, can you lend a tiny little hand (ha ha).

    Task 3 - Understanding The Serial Routine..

    Question 1. Explain as best you can, what the above code fragment does. Comment all four
    lines. I'm looking for your comments that:-


    :0040B73A call 0040CCC0 ;<- This call compares our fake code with the
    ; real regcode if it matches it sets the eax
    ; register to zero, if not it remains with 1
    :0040B73F add esp, 00000008 ; <- I am not to sure about this, but I think it
    ; points to something pushed unto the stack.
    :0040B742 test eax, eax ; <- This test the eax register to see if it
    ; contains 1 or 0. 1 is bad cracker 0 good cracker
    :0040B744 jne 0040B9BC ; <- bad cracker jump if eax contains 1.



    a. Show what values of importance are returned in the PC's internal registers after the CALL
    0040CCC0 has been executed.

    EAX contains 1 if registration fails or 0 if it succeeds.
    ECX contains fake regcode.
    EDX contains real serial number.


    b. What is the reason for the ADD ESP, 00000008 instruction? BTW, register ESP is a
    STACK Register.


    c. The instruction TEST EAX,EAX is checking the eax register for two possible values, what
    are they and what do they signify?

    1 for registration failed or 0 for registration succeeded.


    d. Where does the instruction JNE 0040B9BC take us to?

    This jump takes us to the code that tells us our registration failed.

    0040B9BC push 0000EF3C
    0040B9C1 lea ecx, [ebp-18]
    0040B9C4 call 0041FF9F


    Question 2. Explain how this program compares our *fake* serial number
    against the *real* one. (hint, check the code between :0040CCC0
    to :0040CCF9 )

    0040CCCE mov ecx, [esp+10] ;<- fake ergcode loaded in ecx
    0040CCD2 mov edx, [esp+14] ;<- real regcode loaded in edx
    0040CCD6 mov al, [ecx] ;<- first character in fake regcode
    ;<- loaded in al
    0040CCD8 cmp al, [edx] ;<- first character in fake regcode
    ; compared to first character in real
    ; regcode.
    0040CCDA jnz 0040CCFA ;<- jumps if characters don't match,
    ; skipping the xor instruction which
    ; sets eax to zero, thus failing
    ; registration.

    Looking at the above code we see that the registration routine compares
    our fake regocde one character at a time with the real regcode.
    If a character does not match the the jump is taken. If all character
    matches the jump is not taken and the xor eax, eax instruction at the
    end of the call is executed and setting the eax register to 0 thus
    successfully passing the registration routine.



    Question 3. Explain how our User Name: Pirate Copy is converted into a 16 character hex
    code.

    So far no luck here. I keep breaking in this piece of code but
    can't figure out what is happening here.

    004093B2 movzx eax, dl
    004093B5 cmp esi, eax
    004093B7 jle 004093CB
    004093B9 xor ebx, ebx
    004093BB mov al, [eax+ecx]
    004093BE mov bl, dl
    004093C0 inc dl
    004093C2 and ebx, 07
    004093C5 xor [ebx+ebp-4a], al
    004093C9 jmp 004093B2

    Is this the right routine or am I lost.
    Sandman please help me.

    Punisher


Message thread:

Punisher: My First Look (03-Feb-99 15:15:03)

Back to main board


Message subject:

Name: (optional)

Email address: (optional)

Type your message here:




Back to main board

Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.