Forums before death by AOL, social media and spammers... "We can't have nice things"
| comp.lang.asm.x86 | Ahh, the lost art of x86 assembly | 4,675 messages |
[ << oldest | < older | list | newer > | newest >> ]
| Message 2,831 of 4,675 |
| wolfgang kern to All |
| Re: Look back to "just for the H@ck" |
| 18 Jul 17 09:36:55 |
From: nowhere@never.at Herbert Kleebauer posted : >>> I had a two line decoding header: >>> hD1X-s0P_kUHP0UxGWX4ax1y1ieimnfeinklddmemkjanmndnadmndnpbbn >>> hhpbbnpljhoxolnhaigidpllnbkdnhlkfhlflefblffahfUebdfahhfkokh >> I'll check this in more detail this time. > Here the source of the two header lines: let me convert it into hexcoders view first :) > 0100: 68 3144 push 3144 > 0103: 58 pop ax > 0104: 2d 3073 sub ax,3073 > 0107: 50 push ax > 0108: 5f pop di ;di=00d1 > 0109: 6b 55 48 50 imul word [di+48],50 ;[0119] ;_30: > 010d: 30 55 78 xor [di+78],dl ;[0149] > 0110: 47 inc di > 0111: 57 push di > 0112: 58 pop ax > 0113: 34 61 xor al,61 ;cmp di, b3..00 > 0115: 78 31 js +31 ;0148 > 0117: 79 31 jns +31 ;014a ;_50 > 0119: 69 ;data set1 > 011a: 65 69 6d 6e 66 65 ; > 0120: 69 6e 6b 6c ; > 0124: 64 64 6d 65 6d 6b ; > 012a: 6a 61 6e ; > 012d: 6d 6e 64 6e 61 64 ; > 0133: 6d 6e 64 ; > 0136: 6e 70 62 62 6e 0d ; > 013c: 0a 68 68 ; > 013f: 70 62 62 6e 70 6c ; > 0145: 6a 68 6f ; ;data set2 > 0148: 78 ;_10: js (69*50)=d0 xor 6f=bf > 0149: 6f ;_20: 0148 become "js 0109" > 014a: 6c 6e 68 61 69 67 ;(65*50)=90 xor 6c=FC aka "CLD" > 0150: 69 64 70 6c ;_50: > 0154: 6c 6e 62 6b 64 6e ; > 015a: 68 6c 6b ; > 015d: 66 68 6c 66 6c 65 ; > 0163: 66 62 6c ; > 0166: 66 66 61 68 66 55 ; > 016c: 65 62 64 ; > 016f: 66 61 68 68 66 6b ; > 0175: 6f 6b 68 ; Interesting method. Terje wanted to see another 2:1 algo. Here is one! > Here the code which is generated at runtime by xor-ing (after the mul > with $50) the two above data blocks (this is the decoding routine): > 014a: fc cld > 014b: be 0178 mov si,0178 > 014e: 89 f7 mov di,si > 0150: b9 0004 mov cx,4 > 0153: ac lodsb > 0154: 2c 2e sub al,2e > 0156: 72 fb jc 153 > 0158: 74 1e jz 178 > 015a: 48 dec ax > 015b: 3c 0b cmp al,0b > 015d: 76 08 jbe 0167 > 015f: 2c 06 sub al,6 > 0161: 3c 25 cmp al,25 > 0163: 76 02 jbe 167 > 0165: 2c 06 sub al,6 > 0167: 66 c1 c8 06 ROR eax,6 ; > 016b: 45 inc bp > 016c: 45 inc bp > 016d: e2 e4 loop 0153 > 016f: 66 c1 c8 08 ROR eax,8 ; > 0173: 66 ab stosq > 0175: 4f dec di > 0176: eb d8 jmp 0150 > 0178: ;start of a non-B64 4:3 string (decoded in place) funny that this look a bit similar to what I have in my B64 decoder :) >>> The binary following this two lines was encoded as 6 bits per byte >>> using the characters a-z, A-Z, 0-9, @ and /. >> this sounds like a predecessor of Base64. > There is no advantage in using Base64 in an ascii binary. yeah, it may be just good for Big Endian machines. >> [...] copied to check on Annie Ascii in motion :) > But we never got a movie from Beth or Laura. yes, it's sad that we lost all our ASM-Ladies. > PS: Laura has also write such an ascii binary converter. The website > doesn't exist anymore, but here is a dissasembly of her code: > https://groups.google.com/forum/#!msg/alt.msdos.batch/u4qgr2gF QI/i6sG_H31TtsJ > https://groups.google.com/forum/#!msg/alt.msdos.batch/u4qgr2gF QI/fL8dSJzmbh8J Thanks, I'll check it. __ wolfgang --- SoupGate-Win32 v1.05 * Origin: you cannot sedate... all the things you hate (1:229/2) |
(c) 1994, bbs@darkrealms.ca