News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Having trouble understanding this disassembled code

Started by David, March 22, 2010, 09:16:07 PM

Previous topic - Next topic

David

First off let me start by saying this crackme was provided by crackmes.de.  This crackme was NOT made by me.  All credits go to the original author (BlZbB). (http://crackmes.de/users/blzbb/keygenme1.blzbb/)

The purpose of this code is to make ECX 3 if the length of the password buffer in 12. 
My goal is to one day reverse malware and stop virus creators, but I am starting to learn the basics of reverse engineering.  I have commented out how the code works.  Can anybody please correct my analysis and tell me where I was wrong?  Thanks.




@Keygenme_004010C0:                          ;<= Procedure Start

        PUSH EBX
        PUSH ESI
        LEA ESI,DWORD PTR DS:[0402050h] ;loading the address of the inputted buffer
        XOR ECX,ECX ;making ecx zero
        MOV EBX,0FF000000h ;moving 0FF000000 into ebx

@Keygenme_004010CF:

        MOV EAX,DWORD PTR DS:[ESI] ;moving the pointer to the character (i.e. buffer[i]) into eax
        AND EAX,0FFFFFFFFh ;Not exactly sure what the purpose of this is
        TEST EAX,0FFh ;I've seen text eax, eax, but never test eax, value.  What exactly is this doing?  Isn't it just setting the Z flag to 1?
        JE @Keygenme_004010F1 ;Jumping if TEXT EAX, 0FF is 0, but its never going to be 0?
        TEST EBX,EAX ;?? Not sure about this
        JE @Keygenme_004010EA
        INC CL ;Increments ecx, we want to get here 3 times
        ADD ESI,4
        JMP @Keygenme_004010CF ;jump up if we incremented ecx

@Keygenme_004010E6:

        TEST EBX,EAX ;?? confused again
        JNZ @Keygenme_004010F1

@Keygenme_004010EA:

        INC CH ;Not sure what this has anything to do with it
        SHR EBX,8 ;Confused here also
        JMP @Keygenme_004010E6

@Keygenme_004010F1:

        POP ESI ;restore original esi & ebx values, then return
        POP EBX
        RETN                                 ;<= Procedure End






theunknownguy


David

I dont think it is, keygenning keygens from a crackme site that releases the programs for the exact purpose of being keygenned isn't against the law.

these or any other illegal areas of coding.

Nothing about that in the forum rules.  I think it isnt allowed if you are trying to hack a commercial program.  It only stated that illegal areas of coding are banned, i.e. malware, keygenning etc.  But I don't think this would fit into this criteria, because the purpose of this program was made to keygen and to learn assembler.


theunknownguy

Bad form to learn assembler... If some guy do this for "teach assembler" to a beginner, then i guess it was a FAIL.  :naughty:

MOV EAX,DWORD PTR DS:[ESI] -> Get a DWORD value from the buffer (probably the input key)
AND EAX,0FFFFFFFFh -> Making sure its a DWORD
TEST EAX,0FFh -> If EAX is Byte
TEST EBX,EAX -> If EBX match EAX


SHR EBX,8 -> convert EBX to "00FF0000" (Rotate 1 byte to the right)

INC CH -> Increment CH (read more about registers)
TEST EBX,EAX -> Check if EBX still matching EAX
JNZ @Keygenme_004010F1 -> Jump if doesnt match


The rest figure out yourself, i still thinking the autor didnt did this for "learn"

qWord

Quote from: David on March 22, 2010, 09:38:02 PMthe purpose of this program was made to keygen and to learn assembler
the trick is to learn assembler before starting RE  :eek
FPU in a trice: SmplMath
It's that simple!

MichaelW

David,

You need to read the forum rules again, and this time try to understand the intent of the rules. Thread locked.

eschew obfuscation