Task 3 Saturday, 06-Feb-99 13:07:57
XXXX:0040B73A CALL 0040CCC0 Compares the fake serial with the correct one (see answer 2) XXXX:0040B73F ADD ESP, 00000008 before the ADD, ESP points to the adress, where the fake serial is stored, after the ADD, ESP doesn't point to anything important (in my opinion) XXXX:0040B742 TEST EAX, EAX Compares fakes serial with correct one XXXX:0040B744 JNE 0040B9BC If entered serial is wrong jump to bad cracker, else good buyer a) ecx - fake serial edx - correct serial b) After the Call ESP points to the adress where the fake serial is saved, after the ADD ESP,08 the ESP doesn't point to a important adress (I believe), So ADD ESP,08 deletes the pointer to the fake serial, because the serial is stored in ecx. c) same as a) d) jne 0040B9BC Takes us to the 'Sorry...' message. 2) Before the CALL ESP points to the fake serial 0040CCC0 SUB ESP, 04 points somewhere in the memory 0040CCC3 CMP DWORD PTR [0042F124],00 compares lenght of name(?) to 0 0040CCCA PUSH EBX saves EBX on the stack 0040CCCB PUSH ESI saves ESI on the stack 0040CCCC JNZ 0040CD05 jumps to wrong serial 0040CCCE MOV ECX,[ESP+10] ECX=fake serial 0040CCD2 MOV EDX,[ESP+14] EDX=correct serial 0040CCD6 MOV AL,[ECX] adress AL=ascii of first char of fake serial 0040CCD8 CMP AL,[EDX] compares first char of fake serial with first char of correct serial 0040CCDA JNZ 0040CCFA jumps to bad serial 0040CCDC OR AL,AL logic inclusive OR 0040CCDE JZ 0040CCF2 if AL=0 jumps to correct serial 0040CCE0 MOV AL,[ECX+01] adress al=second char of fake# 0040CCE3 MOV AL,[EDX+01] compares first char of fake and valid serial 0040CCE6 JNZ 0040CCFA jumps to bad serial 0040CCE8 ADD ECX,02 ecx=third char of fake serial 0040CCEB ADD EDX,02 edx=third char of correct serial 0040CCEE OR AL,AL logic inclusive OR 0040CCF0 JNZ 0040CDD6 if AL is not 0 jump to 0040CDD6 (loop) 0040CCF2 XOR EAX,EAX EAX=0 0040CCF4 POP ESI loads ESI from the stack 0040CCF5 POP EBX loads EBX from the stack 0040CCF6 ADD ESP,04 makes the SUB ESP,04 at the beginning undone 0040CCF9 RET returns from Call First the program compares the lenght of our fake serial to 0. If it is 0 then it jumps to bad serial. Then it compares the first char of our serial to the first char of the correct serial. Then the second and so on, until there are different chars in the fake and correct serial. Then it jumps to bad serial. 3) Not yet LaZaRuS |
LaZaRuS: My solutions for Task 1 (03-Feb-99 12:14:39) |
|
Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.