• Welcome to Valhalla Legends Archive.
 

Try Out Your Reversing Skills

Started by iago, March 14, 2004, 06:23 PM

Previous topic - Next topic

Maddox

(on topic)
The solution for this is


BOOL __fastcall funcc(char *param)
{
   int i = 0, eax = 3, edx;

   while(i < 0x0c)
       eax += (param[i++] - 0x30) ^ (eax + eax);

   edx = (eax % 0x0a) + 0x30;
   
   if(edx == param[0x0c])
       return 1;

   return 0;
}
asdf.

iago

#16
Quote from: Maddox on March 15, 2004, 10:13 PM
(on topic)
The solution for this is


BOOL __fastcall funcc(char *param)
{
   int i = 0, eax = 3, edx;

   while(i < 0x0c)
       eax += (param[i++] - 0x30) ^ (eax + eax);

   edx = (eax % 0x0a) + 0x30;
   
   if(edx == param[0x0c])
       return 1;

   return 0;
}


You do realize that I posted the solution in my initial post in a black quote box? :P

<edit> and, I like my solution better.  for > while :P
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Maddox

asdf.

Mephisto

Quote
The code is very similar to Yobgul's public one, except I changed the initial parsing a little.  The actual running is pretty much the same as his.

Who is YobGuls?  I've never heard of him before until I started coding for Battle.net which has no only been two weeks when I tested out his hashing algorithm and check revision.

iago

Quote from: Mephisto on March 16, 2004, 08:57 PM
Quote
The code is very similar to Yobgul's public one, except I changed the initial parsing a little.  The actual running is pretty much the same as his.

Who is YobGuls?  I've never heard of him before until I started coding for Battle.net which has no only been two weeks when I tested out his hashing algorithm and check revision.

He's some ancient and powerful person in battle.net's history.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Maddox

The only program I ever saw from YobGuls was a stand-alone d2 gamebot that didn't get very far.
asdf.

Mephisto


iago

Probably.  I wouldn't be surprised if he's a member of vL under a different name.  *looks around suspiciously*
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Mephisto


Adron

Quote from: iago on March 17, 2004, 08:07 AM
Probably.  I wouldn't be surprised if he's a member of vL under a different name.  *looks around suspiciously*

I don't know, but I don't think so. He was clever and good at reversing, but he wrote simple code. He didn't refine it as much as we did. He renewed bot making by being the first person to widely publicly post the results of his reversing. As far as I know, he dove into it for a limited time and then got bored. I think he was more skilled as a hacker/reverser than as a programmer.

Death_Ryder

By the way, I noticed a little problem with your original asm code:

Quote from: iago on March 14, 2004, 06:23 PM

--snip--
   mov     eax, 1  
   retn    8
bottom:
   xor     eax, eax
   retn    8


Isn't it a tad unusual for a __fastcall function with only 1 param to be returning 8 bytes to the stack?

~Death_Ryder

iago

I think there was a second parameter, but it was irrelevant for that.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


TheMinistered

I thought fastcall didn't even use the stack. I thought it used registers for passing arguements to functions.  I could be wrong and correct me if I am.

iago

The first 2 parameters are ecx/edx, after that they are done like stdcall.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Maddox

Quote from: iago on March 27, 2004, 11:00 AM
The first 2 parameters are ecx/edx, after that they are done like stdcall.

In your previous post you meant to say "third."
asdf.

|