Cracking 2

home *** CD-ROM | disk | FTP | other *** search

/ Cracking 2 / Cracking II..iso / Texty / crackme / boo.asm < prev next >

Wrap

Assembly Source File | 1999-05-31 | 6.1 KB | 172 lines

; R!SC 191198 ; asm stylee!!! ; <_risc> well, your a good bloke.. thx for the second opinion (can i have it in writing please..) ; <josephCo> haha ; <_risc> got it.. ; <_risc> <josephCo> the total combinations are 2^18 ; <_risc> <josephCo> which is 262144 ; * josephCo writes "it's 2^18 possible combinations" ; * josephCo writes "which is 262144" ; <josephCo> :) ; <josephCo> there you go ; theory behind R!SC's Matrix Brute Forcer (r) ; we have 18 check boxes, can be either 'checked' or 'unchecked' (1 or 0) ; (apparantly, the amount of diff combo's is square of 18, 324??? so where i come up with 262,144 :) ; we also have a way of testing single 'bits' in a value, by using 'TEST dest, src' ; i use a 18bit binary value (well, 32bit binary value, but only use the TEST on the first ; 18 bits of it...) (i'll refer to this as my MAGIC NUMBER) ; i start the MAGIC NUMBER with the first bit set, (01h) then do the maths, check the result, ; if it doesnt find the correct answer, we increase the MAGIC NUMBER by 1, and check again.... ; examples of the MAGIC NUMBER, and how it represents the matrix of check boxes.... ; 000000000000000001 = 01h = box 1 checked, 2-18 unckecked, simulate the maths, check the results ; 000000000000000010 = 02h = box 2 checked, 1,3-18 unchecked ; 000000000000000011 = 03h = box 1,2 checked, 3-18 unckecked ; 000000000000000100 = 04h = box 3 checked, 1,2,4-18 unchecked ; 000000000000000101 ; 000000000000000110 ; 000000000000000111 = 07h = box 1-3 checked, 4-18 unchecked... ; 000000000000001000 ; 000000000000001001 ; 101000110101000110 = 028d46h = box 2,3,7,9,11,12,16,18 checked ; box 1,4,5,6,8,10,13,14,15,17 unchecked ; 111111111111111111 = 03ffffh = box 1-18 checked... ; to find out if a bit is set or not, i use another 18bit (32bit :) value, with only one bit ; set in it (i'll call this X) ; TEST MAGIC NUMBER, X ; see if bit 'X' is set in the magic number ; JNZ CHECKED ; if bit 'X' is not '0' jump to calculation routine ; which will check bit X in the MAGIC NUMBER, and alter the ZERO flag accordingly ; i.e, bit X is 0, zero flag is set, bit X is 1, zero flag is cleared... ; X gets shifted to the left by 1 bit, the counter increased, check the counter, if its equal ; to 18, we have checked every bit in the MAGIC NUMBER, and have to loop back to check our result ; erm... still with me?? ; examples of X ; 000000000000000001 = bit 1 set = 01h, counter = 0 ; 000000000000000010 = bit 2 set = 02h, counter = 1 ; 000000000000000100 = bit 3 set = 04h, counter = 2 ; 000000000000001000 = bit 4 set = 08h, counter = 3 ; 000000000000010000 = bit 5 set = 10h, counter = 4 ; 000000000000100000 = bit 6 set = 20h, counter = 5 ; 000000000001000000 = bit 7 set = 40h, counter = 6 ; .................. ; 001000000000000000 = bit 16 set = 08000h, counter = 15 ; 010000000000000000 = bit 17 set = 10000h, counter = 16 ; 100000000000000000 = bit 18 set = 20000h, counter = 17 ; bit gets shifted one more time, counter increased to 18, ; counter gets checked, weve done, so loop back and check the answer... ; R!SC's Matrix Brute Forcer for duelist's cm#3 ; compile to a com file, tasm boo, tlink /t boo ; bpint 03 in sice. ; run the com.. ; it breaks when it has found the pattern (about 1 second :) ; eax==duelist's magic number, ebx==my magic number... ; magic number it created is : 647E -- 110010001111110 in binary ; which means bit pattern : 0111111000100110000000 (yeah, reversed...) ; which means each bit thats a 1 is a checked box.. or something ; 0 1 1 1 1 1 1 0 0 0 1 0 0 1 1 0 0 0 ;db 16h,49h,5Eh,15h,27h,26h,21h,25h,1Dh,59h,53h,37h,31h,48h,5Dh,0Ch,61h,52h,4Dh ; boxes 2,3,6,7,9,10,13,14,17 checked... ; buttons on screen ; id 61 49 5e 16 25 26 21 59 53 ;bit was 0 1 1 0 0 1 1 0 1 ; id 15 37 31 48 5d 0c 52 27 1d ; 1 0 0 1 1 0 0 1 0 .MODEL TINY .CODE .386 ORG 100h start: lea si, data xor ecx,ecx xor edx,edx xor eax,eax xor ebx,ebx mov ebx, 01 ; we gonna inc ebx, which will add 1 bit to it each time ; 040000h=all 18 bits set, cant go no futher jmp tryme@ ; try bit 1, before entering the loop which goes through all the other ; possible combinations nextbits: lea si, data ; data is the button iD array, in the mixed up order... mov eax, dword ptr [temp] ; get our calculated number cmp eax, 328feh ; and check it.. je gotit@@ xor eax,eax mov dword ptr [temp], eax ; it wasnt right, so we reset it to 0 :) inc ebx ; our 18bit value, inc ebx will make it go through every possible combination cmp ebx, 040000h ; check if we have reached our limit. je shit_fuck_damn ; shit fuck damn.. means that we have checked all possible ; combinations and not found our answer, we never want to jump here tryme@: mov eax, 01 ; gonna be our single bit , for checking which bit is set in EBX xor edx,edx ; our iD counter inc edx loopy@: test ebx, eax ; TEST MAGIC NUMBER, X jnz callit ; JNZ CHECKED still: shl eax, 1 ; shift our bit to the left :) inc edx ; increase the iD counter inc si ; point data to next iD cmp edx, 19 ; see if we have checked all 18 bits je nextbits ; je next bit pattern, i.e. inc EBX jmp loopy@ ; loop until finished callit: ; bit X in EBX==1 pushad call @1 ; do maths popad jmp still @1: mov al, byte ptr [si] ; current iD mov cl, byte ptr [si+1] ; next iD movsx eax, al ; clear rest of register movsx ecx, cl ; " " imul eax, ecx ; EAX==Current box iD * Next box iD imul eax, edx ; EAX*=Button counter add dword ptr [temp],eax ; MAGIC NUMBER = MAGIC NUMBER + EAX ret shit_fuck_damn: mov eax, dword ptr [temp] ; bad news, either my code is wrong, or??? int 03 gotit@@: mov eax, dword ptr [temp] ; temp==duelist's magic number int 03 ; so EBX==our bit pattern mov ax, 4C00h int 21h ;_______________________________________________________________ temp dd 0 data db 16h,49h,5Eh,15h,27h,26h,21h,25h,1Dh,59h,53h,37h,31h,48h,5Dh,0Ch,61h,52h,4Dh end start;