home *** CD-ROM | disk | FTP | other *** search
- ;BrainsBreaker serial finder v1.0
- ;Written by Cruehead as a part of the 1999 +HCU strainer
- ;MASM version
-
- .model tiny
- .386
- .stack
- .data
- info db 'Brains Breakerv2.1 serial brute forcer'
- db 13,10,'By Cruehead as a part of the 1999 +HCU strainer'
- db 13,10,'$'
- lookitup db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ23456789' ;The lookuptable
- counter dd 0
- serial db '000000$' ;We'll start testing this serial
- serial2 db 6 dup (0)
- result db 6 dup (0)
- newser db 0,0,07Fh,0,0A8h,0,07Fh,0,010h ;Here the bytes are stored that will
- ;be XOR'ed with eachother to form
- ;the "finalbyte"
- finalbyte db 0
- damn db 13,10,'DAMN! Serial not found!',13,10,'$'
- .code
- .startup
-
- mov ah,09h ;Write the info text on screen
- lea dx,info
- int 21h
-
- xor si,si
- serialloop:
- mov al,serial[si] ;Get a letter from the serial
- cmp al,'$' ;is it equal to '$' (the last letter of the serial)
- jne continue ;If isnt, continue
- jmp doneit ;Otherwise we are ready
- continue:
- cmp al,'1'
- je changeone
- cmp al,'0'
- je changezero
- mov serial2[si],al
- inc si
- jmp serialloop
-
- changeone:
- mov serial2[si],04Ch ;Change '1' to 'L'
- inc si
- jmp serialloop
-
- changezero:
- mov serial2[si],04Fh ;Change '0' to 'O'
- inc si
- jmp serialloop
-
- ;---------------------------------------------------------------
- ; After the above loop "serial2" will be the transformed serial
- ; while "serial" is the original.
- ;
- ; These next lines is a copy of the protection used in
- ; Brainsbreaker. It works exactly the same
- ;---------------------------------------------------------------
-
- doneit:
- xor si,si
- xor di,di
-
- lookloop:
- mov al,serial2[si]
- cmp byte ptr lookitup[di],al
- je fixedit
- inc di
- jmp lookloop
-
- fixedit:
- mov bx,di
- mov result[si],bl ;The result from the function above will be
- ;saved here.
- xor di,di
- cmp si,5 ;The size of the serial will be 6 chars.
- ;Why did I choose 6? well...why not? :)
- je everythingready
- inc si
- jmp lookloop
-
- everythingready:
- xor si,si
- xor di,di
- xor ebx,ebx
-
- goagain:
- xor eax,eax
- first3:
- mov ecx,eax
- mov edx,1
- shl edx,cl
- xor ecx,ecx
- mov cl,result[si]
- and edx,ecx
- jz first1
- mov ecx,ebx
- mov dl,1
- shl dl,cl
- or byte ptr newser[di],dl
- jmp uncon1
- first1:
- mov ecx,ebx
- mov dl,1
- shl dl,cl
- not dl
- and byte ptr newser[di],dl
- uncon1:
- inc ebx
- cmp ebx,8
- jnz first2
- inc di
- xor ebx,ebx
- first2:
- inc eax
- cmp eax,5
- jl first3
- inc counter
- mov eax,counter
- cmp counter,6 ;6=length of serial
- jl moremore
- jmp rrready
-
- moremore:
- inc si
- jmp goagain
-
- rrready:
- xor si,si
- xor di,di
- xor ecx,ecx
- mov ebx,1
- mov edx,1
- gogo:
- mov eax,ecx
- cdq
- idiv ebx
- mov eax,offset finalbyte
- add eax,edx
- mov dl,newser[si]
- xor [eax],dl
- inc ecx
- inc si
- cmp ecx,9
- jl gogo
-
- ;mov dword ptr newser[0],0
-
- cmp [finalbyte],0 ;The final test!
- je hurray ;If it's equal we got ourself a working serial!
-
- mov counter,0 ;Damn, the serial wasnt correct. We got to clean
- mov [finalbyte],0 ;up our mess and start all over again.
- xor si,si
-
- inc serial[0]
- cmp serial[0],039h ;These next couple of lines are just increasing
- jle serialloop ;the serial.
- mov serial[0],031h
- inc serial[1]
- cmp serial[1],039h
- jle serialloop
- mov serial[1],031h
- inc serial[2]
- cmp serial[2],039h
- jle serialloop
- mov serial[2],031h
- inc serial[3]
- cmp serial[3],039h
- jle serialloop
- mov serial[3],031h
- inc serial[4]
- cmp serial[4],039h
- jle serialloop
- mov serial[4],031h
- inc serial[5]
- cmp serial[5],039h
- jle serialloop
- mov serial[5],031h
- inc serial[6]
- cmp serial[6],039h
- je damnit
- jmp serialloop
-
- damnit: ;Hopefully we wont get to here!
- mov ah,09h
- lea dx,damn
- int 21h
- jmp theend
-
- hurray: ;YES! Write the correct serial on screen!
- mov ah,09h
- lea dx,serial
- int 21h
-
- theend:
- .exit
- end
-
