First off let me start by saying this crackme was provided by crackmes.de. This crackme was NOT made by me. All credits go to the original author (BlZbB). (http://crackmes.de/users/blzbb/keygenme1.blzbb/)
The purpose of this code is to make ECX 3 if the length of the password buffer in 12.
My goal is to one day reverse malware and stop virus creators, but I am starting to learn the basics of reverse engineering. I have commented out how the code works. Can anybody please correct my analysis and tell me where I was wrong? Thanks.
@Keygenme_004010C0: ;<= Procedure Start
PUSH EBX
PUSH ESI
LEA ESI,DWORD PTR DS:[0402050h] ;loading the address of the inputted buffer
XOR ECX,ECX ;making ecx zero
MOV EBX,0FF000000h ;moving 0FF000000 into ebx
@Keygenme_004010CF:
MOV EAX,DWORD PTR DS:[ESI] ;moving the pointer to the character (i.e. buffer[i]) into eax
AND EAX,0FFFFFFFFh ;Not exactly sure what the purpose of this is
TEST EAX,0FFh ;I've seen text eax, eax, but never test eax, value. What exactly is this doing? Isn't it just setting the Z flag to 1?
JE @Keygenme_004010F1 ;Jumping if TEXT EAX, 0FF is 0, but its never going to be 0?
TEST EBX,EAX ;?? Not sure about this
JE @Keygenme_004010EA
INC CL ;Increments ecx, we want to get here 3 times
ADD ESI,4
JMP @Keygenme_004010CF ;jump up if we incremented ecx
@Keygenme_004010E6:
TEST EBX,EAX ;?? confused again
JNZ @Keygenme_004010F1
@Keygenme_004010EA:
INC CH ;Not sure what this has anything to do with it
SHR EBX,8 ;Confused here also
JMP @Keygenme_004010E6
@Keygenme_004010F1:
POP ESI ;restore original esi & ebx values, then return
POP EBX
RETN ;<= Procedure End
I "Think" this is agaisnt forums rules...
I dont think it is, keygenning keygens from a crackme site that releases the programs for the exact purpose of being keygenned isn't against the law.
these or any other illegal areas of coding.
Nothing about that in the forum rules. I think it isnt allowed if you are trying to hack a commercial program. It only stated that illegal areas of coding are banned, i.e. malware, keygenning etc. But I don't think this would fit into this criteria, because the purpose of this program was made to keygen and to learn assembler.
Bad form to learn assembler... If some guy do this for "teach assembler" to a beginner, then i guess it was a FAIL. :naughty:
MOV EAX,DWORD PTR DS:[ESI] -> Get a DWORD value from the buffer (probably the input key)
AND EAX,0FFFFFFFFh -> Making sure its a DWORD
TEST EAX,0FFh -> If EAX is Byte
TEST EBX,EAX -> If EBX match EAX
SHR EBX,8 -> convert EBX to "00FF0000" (Rotate 1 byte to the right)
INC CH -> Increment CH (read more about registers)
TEST EBX,EAX -> Check if EBX still matching EAX
JNZ @Keygenme_004010F1 -> Jump if doesnt match
The rest figure out yourself, i still thinking the autor didnt did this for "learn"
Quote from: David on March 22, 2010, 09:38:02 PMthe purpose of this program was made to keygen and to learn assembler
the trick is to learn assembler before starting RE :eek
David,
You need to read the forum rules again, and this time try to understand the intent of the rules. Thread locked.