buenas, me preguntaba si alguien podria decirme alguna pista sobre como invertir este codigo ASM:
gracias
Código [Seleccionar]
When main deal is called,EAX contains null terminated string "fiUg32Gt7" without the " off course,EDI holds password to be hashed
// SOME OTHER SUBROUTINE THATS ALSO USED DUNNO WTF FOR
.text:0048F260 sub_48F260 proc near ; CODE XREF: .text:0048EE3Fp
.text:0048F260 ; .text:0048EE81p
.text:0048F260
.text:0048F260 arg_0 = dword ptr 4
.text:0048F260
.text:0048F260 mov eax, [esp+arg_0]
.text:0048F264 movzx ecx, byte ptr [eax]
.text:0048F267 mov dl, ds:byte_4BF700[ecx]
.text:0048F26D movzx ecx, byte ptr [eax+1]
.text:0048F271 mov [eax], dl
.text:0048F273 mov dl, ds:byte_4BF700[ecx]
.text:0048F279 movzx ecx, byte ptr [eax+2]
.text:0048F27D mov [eax+1], dl
.text:0048F280 mov dl, ds:byte_4BF700[ecx]
.text:0048F286 movzx ecx, byte ptr [eax+3]
.text:0048F28A mov [eax+2], dl
.text:0048F28D mov dl, ds:byte_4BF700[ecx]
.text:0048F293 movzx ecx, byte ptr [eax+4]
.text:0048F297 mov [eax+3], dl
.text:0048F29A mov dl, ds:byte_4BF700[ecx]
.text:0048F2A0 movzx ecx, byte ptr [eax+5]
.text:0048F2A4 mov [eax+4], dl
.text:0048F2A7 mov dl, ds:byte_4BF700[ecx]
.text:0048F2AD movzx ecx, byte ptr [eax+6]
.text:0048F2B1 mov [eax+5], dl
.text:0048F2B4 mov dl, ds:byte_4BF700[ecx]
.text:0048F2BA movzx ecx, byte ptr [eax+7]
.text:0048F2BE mov [eax+6], dl
.text:0048F2C1 mov dl, ds:byte_4BF700[ecx]
.text:0048F2C7 mov [eax+7], dl
.text:0048F2CA retn
.text:0048F2CA sub_48F260 endp
.text:0048EDA0 ; --------------- S U B R O U T I N E --------------------------------------- // THE MAIN DEAL
.text:0048EDA0
.text:0048EDA0
.text:0048EDA0 sub_48EDA0 proc near ; CODE XREF: sub_48ECC0+Ap
.text:0048EDA0
.text:0048EDA0 var_80 = dword ptr -80h
.text:0048EDA0 arg_0 = dword ptr 4
.text:0048EDA0 arg_4 = dword ptr 8
.text:0048EDA0
.text:0048EDA0 sub esp, 80h
.text:0048EDA6 push ebx
.text:0048EDA7 push ebp
.text:0048EDA8 mov ebp, [esp+88h+arg_4]
.text:0048EDAF xor eax, eax
.text:0048EDB1 push esi
.text:0048EDB2 mov ecx, ebp
.text:0048EDB4 mov [ecx], eax
.text:0048EDB6 push edi
.text:0048EDB7 mov edi, [esp+90h+arg_0]
.text:0048EDBE mov [ecx+4], eax
.text:0048EDC1 mov eax, edi
.text:0048EDC3 lea edx, [eax+1]
.text:0048EDC6
.text:0048EDC6 loc_48EDC6: ; CODE XREF: sub_48EDA0+2Bj
.text:0048EDC6 mov cl, [eax]
.text:0048EDC8 inc eax
.text:0048EDC9 test cl, cl
.text:0048EDCB jnz short loc_48EDC6
.text:0048EDCD sub eax, edx
.text:0048EDCF mov ebx, eax
.text:0048EDD1 xor esi, esi
.text:0048EDD3 test ebx, ebx
.text:0048EDD5 jle short loc_48EE3E
.text:0048EDD7
.text:0048EDD7 Loop1: ; CODE XREF: .text:0048EE3Cj
.text:0048EDD7 mov al, [esi+edi]
.text:0048EDDA mov edx, esi
.text:0048EDDC and dl, 0Fh
.text:0048EDDF cmp dl, 8
.text:0048EDE2 jge short MainThingy
.text:0048EDE4 mov ecx, esi
.text:0048EDE6 and ecx, 7
.text:0048EDE9 mov dl, [ecx+ebp]
.text:0048EDEC add ecx, ebp
.text:0048EDEE shl al, 1
.text:0048EDF0 xor dl, al
.text:0048EDF2 mov [ecx], dl
.text:0048EDF4 jmp short Incrementor1
.text:0048EDF6 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:0048EDF6
.text:0048EDF6 MainThingy: ; CODE XREF: sub_48EDA0+42j
.text:0048EDF6 mov cl, al
.text:0048EDF8 shr cl, 4
.text:0048EDFB shl al, 4
.text:0048EDFE or cl, al
.text:0048EE00 mov dl, cl
.text:0048EE02 mov al, cl
.text:0048EE04 shr al, 2
.text:0048EE07 shl dl, 2
.text:0048EE0A xor al, dl
.text:0048EE0C shl cl, 2
.text:0048EE0F and al, 33h
.text:0048EE11 xor al, cl
.text:0048EE13 mov ecx, esi
.text:0048EE15 and ecx, 7
.text:0048EE18 mov edx, ebp
.text:0048EE1A sub edx, ecx
.text:0048EE1C lea edi, [edx+7]
.text:0048EE1F mov cl, al
.text:0048EE21 mov dl, al
.text:0048EE23 shr cl, 1
.text:0048EE25 shl dl, 1
.text:0048EE27 xor cl, dl
.text:0048EE29 shl al, 1
.text:0048EE2B and cl, 55h
.text:0048EE2E xor cl, al
.text:0048EE30 xor [edi], cl
.text:0048EE32 mov edi, [esp+90h+arg_0]
.text:0048EE39
.text:0048EE39 Incrementor1: ; CODE XREF: sub_48EDA0+54j
.text:0048EE39 inc esi
.text:0048EE39 sub_48EDA0 endp
.text:0048EE39
.text:0048EE3A cmp esi, ebx
.text:0048EE3C jl short Loop1
.text:0048EE3E
.text:0048EE3E loc_48EE3E: ; CODE XREF: sub_48EDA0+35j
.text:0048EE3E push ebp
.text:0048EE3F call sub_48F260
.text:0048EE44 mov esi, dword_4FD104
.text:0048EE4A lea eax, [esp+14h]
.text:0048EE4E push eax
.text:0048EE4F push ebp
.text:0048EE50 mov dword_4FD104, 0
.text:0048EE5A call sub_48F300
.text:0048EE5F push ebp
.text:0048EE60 lea ecx, [esp+20h]
.text:0048EE64 push ecx
.text:0048EE65 push ebx
.text:0048EE66 push ebp
.text:0048EE67 push edi
.text:0048EE68 mov dword_4FD104, esi
.text:0048EE6E call sub_48F950
.text:0048EE73 xor eax, eax
.text:0048EE75 mov ecx, 20h
.text:0048EE7A lea edi, [esp+30h]
.text:0048EE7E push ebp
.text:0048EE7F rep stosd
.text:0048EE81 call sub_48F260
.text:0048EE86 add esp, 24h
.text:0048EE89 pop edi
.text:0048EE8A pop esi
.text:0048EE8B pop ebp
.text:0048EE8C pop ebx
.text:0048EE8D add esp, 80h
.text:0048EE93 retngracias