I have an assembly code that you should enter an input and after that with some operating on it, it makes a serial number when you enter a serial number as an input the congratulation message will show. till now I understand that it gets an input and the program XOR input with 504E4D41 if there result of them equal with 6DB278D8 the next step is xor between that result and again 504E4D41 but when I calculate it and enter it to input that’s not correct. could you help me that in with part of this code there serial number is made? or where is my mistake in calculating of serial number
`assembly
00401000 >/$ 55 PUSH EBP
00401001 |. 8BEC MOV EBP,ESP
00401003 |. 53 PUSH EBX
00401004 |. E8 05010000 CALL challeng.0040110E
00401009 |. 85C0 TEST EAX,EAX
0040100B |. 0F84 DA000000 JE challeng.004010EB
00401011 |. C705 08304000 >MOV DWORD PTR DS:[403008],challeng.
0040101B |. C705 0C304000 >MOV DWORD PTR DS:[40300C],challeng.00400>
00401025 |. C705 10304000 >MOV DWORD PTR DS:[403010],400
0040102F |. C705 14304000 >MOV DWORD PTR DS:[403014],600
00401039 |. 68 19304000 PUSH challeng.00403019 ; /format = “**************************************************************
-
AmnPardaz Reverse Engineering Challenge – Level 1 *
-
-
“…
0040103E |. E8 33020000 CALL <JMP.&msvcrt.printf> ; printf
00401043 |. 83C4 04 ADD ESP,4
00401046 |. E8 3F010000 CALL challeng.0040118A
0040104B |. A1 2C204000 MOV EAX,DWORD PTR DS:[<&msvcrt._iob>]
00401050 |. 50 PUSH EAX ; /stream => OFFSET msvcrt._iob
00401051 |. 68 80000000 PUSH 80 ; |n = 80 (128.)
00401056 |. 8D05 6F314000 LEA EAX,DWORD PTR DS:[40316F] ; |
0040105C |. 50 PUSH EAX ; |s => challeng.0040316F
0040105D |. E8 0E020000 CALL <JMP.&msvcrt.fgets> ; fgets
00401062 |. 83C4 0C ADD ESP,0C
00401065 |. 8035 6F314000 >XOR BYTE PTR DS:[40316F],0
0040106C |. 74 7D JE SHORT challeng.004010EB
0040106E |. 33C9 XOR ECX,ECX
00401070 |. 49 DEC ECX
00401071 |. 8D3D 6F314000 LEA EDI,DWORD PTR DS:[40316F]
00401077 |. B0 0A MOV AL,0A
00401079 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
0040107B |. F7D1 NOT ECX
0040107D |. 49 DEC ECX
0040107E |. 6BC9 08 IMUL ECX,ECX,8
00401081 |. 83E9 40 SUB ECX,40
00401084 |. 75 65 JNZ SHORT challeng.004010EB
00401086 |. A1 6F314000 MOV EAX,DWORD PTR DS:[40316F]
0040108B 35 414D4E50 XOR EAX,504E4D41
00401090 75 59 JNZ SHORT challeng.004010EB
00401092 8D0D 6B314000 LEA ECX,DWORD PTR DS:[40316B]
00401098 8D1D 73314000 LEA EBX,DWORD PTR DS:[403173]
0040109E 8A43 02 MOV AL,BYTE PTR DS:[EBX+2]
004010A1 3001 XOR BYTE PTR DS:[ECX],AL
004010A3 8A03 MOV AL,BYTE PTR DS:[EBX]
004010A5 3041 03 XOR BYTE PTR DS:[ECX+3],AL
004010A8 8A43 01 MOV AL,BYTE PTR DS:[EBX+1]
004010AB 3041 02 XOR BYTE PTR DS:[ECX+2],AL
004010AE 8A43 03 MOV AL,BYTE PTR DS:[EBX+3]
004010B1 3041 01 XOR BYTE PTR DS:[ECX+1],AL
004010B4 A0 18304000 MOV AL,BYTE PTR DS:[403018]
004010B9 3001 XOR BYTE PTR DS:[ECX],AL
004010BB 3041 01 XOR BYTE PTR DS:[ECX+1],AL
004010BE 3041 02 XOR BYTE PTR DS:[ECX+2],AL
004010C1 3041 03 XOR BYTE PTR DS:[ECX+3],AL
004010C4 8B01 MOV EAX,DWORD PTR DS:[ECX]
004010C6 2D DB78B26D SUB EAX,6DB278DB
004010CB 75 1E JNZ SHORT challeng.004010EB
004010CD C705 67314000 >MOV DWORD PTR DS:[403167],504E4D41
004010D7 |. E8 4C010000 CALL challeng.00401228
004010DC |. 8D05 64424000 LEA EAX,DWORD PTR DS:[404264]
004010E2 |. 50 PUSH EAX ; /format => “p‚ÇM$*p’œ”
004010E3 |. E8 8E010000 CALL <JMP.&msvcrt.printf> ; printf
004010E8 |. 83C4 04 ADD ESP,4
004010EB |> 5B POP EBX
004010EC |. 8BE5 MOV ESP,EBP
004010EE |. 5D POP EBP
004010EF . C3 RETN
004010F0 CC INT3
004010F1 CC INT3
004010F2 CC INT3
004010F3 CC INT3
004010F4 CC INT3
004010F5 CC INT3
004010F6 CC INT3
004010F7 CC INT3
004010F8 CC INT3
004010F9 CC INT3
004010FA CC INT3
004010FB CC INT3
004010FC CC INT3
004010FD CC INT3
004010FE CC INT3
004010FF CC INT3
00401100 CC INT3
00401101 CC INT3
00401102 CC INT3
00401103 CC INT3
00401104 CC INT3
00401105 CC INT3
00401106 CC INT3
00401107 CC INT3
00401108 CC INT3
00401109 CC INT3
0040110A CC INT3
0040110B CC INT3
0040110C CC INT3
0040110D CC INT3
0040110E /$ 55 PUSH EBP
0040110F |. 8BEC MOV EBP,ESP
00401111 |. 56 PUSH ESI
00401112 |. 6A 00 PUSH 0 ; /pModule = NULL
00401114 |. FF15 1C204000 CALL DWORD PTR DS:[<&kernel32.GetModuleH>; GetModuleHandleA
0040111A |. A3 00304000 MOV DWORD PTR DS:[403000],EAX
0040111F |. 8BF0 MOV ESI,EAX
00401121 |. 0FB706 MOVZX EAX,WORD PTR DS:[ESI]
00401124 |. 3D 4D5A0000 CMP EAX,5A4D
00401129 |. 75 30 JNZ SHORT challeng.0040115B
0040112B |. 8B46 3C MOV EAX,DWORD PTR DS:[ESI+3C]
0040112E |. 8D3406 LEA ESI,DWORD PTR DS:[ESI+EAX]
00401131 |. 813E 50450000 CMP DWORD PTR DS:[ESI],4550
00401137 |. 75 22 JNZ SHORT challeng.0040115B
00401139 |. 66:817E 04 4C0>CMP WORD PTR DS:[ESI+4],14C
0040113F |. 75 1A JNZ SHORT challeng.0040115B
00401141 |. 6A 00 PUSH 0 ; /MaximumSize = 0
00401143 |. 68 00100000 PUSH 1000 ; |InitialSize = 1000 (4096.)
00401148 |. 6A 01 PUSH 1 ; |Flags = HEAP_NO_SERIALIZE
0040114A |. FF15 14204000 CALL DWORD PTR DS:[<&kernel32.HeapCreate>; HeapCreate
00401150 |. 85C0 TEST EAX,EAX
00401152 |. 74 07 JE SHORT challeng.0040115B
00401154 |. A3 04304000 MOV DWORD PTR DS:[403004],EAX
00401159 |. EB 07 JMP SHORT challeng.00401162
0040115B |> 33C0 XOR EAX,EAX
0040115D |. 5E POP ESI
0040115E |. 8BE5 MOV ESP,EBP
00401160 |. 5D POP EBP
00401161 |. C3 RETN
00401162 |> B8 01000000 MOV EAX,1
00401167 |. 5E POP ESI
00401168 |. 8BE5 MOV ESP,EBP
0040116A |. 5D POP EBP
0040116B . C3 RETN
0040116C CC INT3
0040116D CC INT3
0040116E CC INT3
0040116F CC INT3
00401170 CC INT3
00401171 CC INT3
00401172 CC INT3
00401173 CC INT3
00401174 CC INT3
00401175 CC INT3
00401176 CC INT3
00401177 CC INT3
00401178 CC INT3
00401179 CC INT3
0040117A CC INT3
0040117B CC INT3
0040117C CC INT3
0040117D CC INT3
0040117E CC INT3
0040117F CC INT3
00401180 CC INT3
00401181 CC INT3
00401182 CC INT3
00401183 CC INT3
00401184 CC INT3
00401185 CC INT3
00401186 CC INT3
00401187 CC INT3
00401188 CC INT3
00401189 CC INT3
0040118A /$ 55 PUSH EBP
0040118B |. 8BEC MOV EBP,ESP
0040118D |. 81EC 2C010000 SUB ESP,12C
00401193 |. 56 PUSH ESI
00401194 |. 57 PUSH EDI
00401195 |. 51 PUSH ECX
00401196 |. 53 PUSH EBX
00401197 |. 6A 00 PUSH 0 ; /ProcessID = 0
00401199 |. 6A 02 PUSH 2 ; |Flags = TH32CS_SNAPPROCESS
0040119B |. FF15 0C204000 CALL DWORD PTR DS:[<&kernel32.CreateTool>; CreateToolhelp32Snapshot
004011A1 |. 85C0 TEST EAX,EAX
004011A3 |. 74 7B JE SHORT challeng.00401220
004011A5 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004011A8 |. 68 28010000 PUSH 128 ; /Length = 128 (296.)
004011AD |. 8D85 D4FEFFFF LEA EAX,DWORD PTR SS:[EBP-12C] ; |
004011B3 |. 50 PUSH EAX ; |Destination
004011B4 |. FF15 10204000 CALL DWORD PTR DS:[<&kernel32.RtlZeroMem>; RtlZeroMemory
004011BA |. C785 D4FEFFFF >MOV DWORD PTR SS:[EBP-12C],128
004011C4 |. 8D85 D4FEFFFF LEA EAX,DWORD PTR SS:[EBP-12C]
004011CA |. 50 PUSH EAX ; /pProcessentry
004011CB |. FF75 FC PUSH DWORD PTR SS:[EBP-4] ; |hSnapshot
004011CE |. FF15 08204000 CALL DWORD PTR DS:[<&kernel32.Process32F>; Process32First
004011D4 |. 48 DEC EAX
004011D5 |. 75 40 JNZ SHORT challeng.00401217
004011D7 |> 8B1D EF414000 /MOV EBX,DWORD PTR DS:[4041EF]
004011DD |. 8D3D F3414000 |LEA EDI,DWORD PTR DS:[4041F3]
004011E3 |. 8DB5 F8FEFFFF |LEA ESI,DWORD PTR SS:[EBP-108]
004011E9 |> 57 |/PUSH EDI ; /String2
004011EA |. 56 ||PUSH ESI ; |String1
004011EB |. FF15 18204000 ||CALL DWORD PTR DS:[<&kernel32.lstrcmpi>; lstrcmpiA
004011F1 |. 85C0 ||TEST EAX,EAX
004011F3 |. 75 07 ||JNZ SHORT challeng.004011FC
004011F5 |. 8005 18304000 >||ADD BYTE PTR DS:[403018],5
004011FC |> 33C0 ||XOR EAX,EAX
004011FE |> AE ||/SCAS BYTE PTR ES:[EDI]
004011FF |.^75 FD ||JNZ SHORT challeng.004011FE
00401201 |. 4B ||DEC EBX
00401202 |.^75 E5 |JNZ SHORT challeng.004011E9
00401204 |. 8D85 D4FEFFFF |LEA EAX,DWORD PTR SS:[EBP-12C]
0040120A |. 50 |PUSH EAX ; /pProcessentry
0040120B |. FF75 FC |PUSH DWORD PTR SS:[EBP-4] ; |hSnapshot
0040120E |. FF15 04204000 |CALL DWORD PTR DS:[<&kernel32.Process32>; Process32Next
00401214 |. 48 |DEC EAX
00401215 |.^74 C0 JE SHORT challeng.004011D7
00401217 |> FF75 FC PUSH DWORD PTR SS:[EBP-4] ; /hObject
0040121A |. FF15 00204000 CALL DWORD PTR DS:[<&kernel32.CloseHandl>; CloseHandle
00401220 |> 5B POP EBX
00401221 |. 59 POP ECX
00401222 |. 5F POP EDI
00401223 |. 5E POP ESI
00401224 |. 8BE5 MOV ESP,EBP
00401226 |. 5D POP EBP
00401227 . C3 RETN
00401228 /$ 56 PUSH ESI
00401229 |. 53 PUSH EBX
0040122A |. 51 PUSH ECX
0040122B |. 8B0D 74424000 MOV ECX,DWORD PTR DS:[404274]
00401231 |. 8D35 64424000 LEA ESI,DWORD PTR DS:[404264]
00401237 |. 33DB XOR EBX,EBX
00401239 |> 8A83 67314000 /MOV AL,BYTE PTR DS:[EBX+403167]
0040123F |. 3006 |XOR BYTE PTR DS:[ESI],AL
00401241 |. 43 |INC EBX
00401242 |. 83FB 08 |CMP EBX,8
00401245 |. 75 02 |JNZ SHORT challeng.00401249
00401247 |. 33DB |XOR EBX,EBX
00401249 |> 46 |INC ESI
0040124A |. 49 |DEC ECX
0040124B |.^75 EC JNZ SHORT challeng.00401239
0040124D |. 59 POP ECX
0040124E |. 5B POP EBX
0040124F |. 5E POP ESI
00401250 . C3 RETN
00401251 CC INT3
00401252 CC INT3
00401253 CC INT3
00401254 CC INT3
00401255 CC INT3
00401256 CC INT3
00401257 CC INT3
00401258 CC INT3
00401259 CC INT3
0040125A CC INT3
0040125B CC INT3
0040125C CC INT3
0040125D CC INT3
0040125E CC INT3
0040125F CC INT3
00401260 CC INT3
00401261 CC INT3
00401262 CC INT3
00401263 CC INT3
00401264 CC INT3
00401265 CC INT3
00401266 CC INT3
00401267 CC INT3
00401268 CC INT3
00401269 CC INT3
0040126A CC INT3
0040126B CC INT3
0040126C CC INT3
0040126D CC INT3
0040126E CC INT3
0040126F CC INT3
00401270 $-FF25 28204000 JMP DWORD PTR DS:[<&msvcrt.fgets>] ; msvcrt.fgets
00401276 $-FF25 24204000 JMP DWORD PTR DS:[<&msvcrt.printf>] ; msvcrt.printf
0040127C 00 DB 00
Reza Isaabadi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.