home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
Mib
/
BB.ZIP
/
BB.ASM
next >
Wrap
Assembly Source File
|
1998-08-18
|
4KB
|
201 lines
;BrainsBreaker serial finder v1.0
;Written by Cruehead as a part of the 1999 +HCU strainer
;MASM version
.model tiny
.386
.stack
.data
info db 'Brains Breakerv2.1 serial brute forcer'
db 13,10,'By Cruehead as a part of the 1999 +HCU strainer'
db 13,10,'$'
lookitup db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ23456789' ;The lookuptable
counter dd 0
serial db '000000$' ;We'll start testing this serial
serial2 db 6 dup (0)
result db 6 dup (0)
newser db 0,0,07Fh,0,0A8h,0,07Fh,0,010h ;Here the bytes are stored that will
;be XOR'ed with eachother to form
;the "finalbyte"
finalbyte db 0
damn db 13,10,'DAMN! Serial not found!',13,10,'$'
.code
.startup
mov ah,09h ;Write the info text on screen
lea dx,info
int 21h
xor si,si
serialloop:
mov al,serial[si] ;Get a letter from the serial
cmp al,'$' ;is it equal to '$' (the last letter of the serial)
jne continue ;If isnt, continue
jmp doneit ;Otherwise we are ready
continue:
cmp al,'1'
je changeone
cmp al,'0'
je changezero
mov serial2[si],al
inc si
jmp serialloop
changeone:
mov serial2[si],04Ch ;Change '1' to 'L'
inc si
jmp serialloop
changezero:
mov serial2[si],04Fh ;Change '0' to 'O'
inc si
jmp serialloop
;---------------------------------------------------------------
; After the above loop "serial2" will be the transformed serial
; while "serial" is the original.
;
; These next lines is a copy of the protection used in
; Brainsbreaker. It works exactly the same
;---------------------------------------------------------------
doneit:
xor si,si
xor di,di
lookloop:
mov al,serial2[si]
cmp byte ptr lookitup[di],al
je fixedit
inc di
jmp lookloop
fixedit:
mov bx,di
mov result[si],bl ;The result from the function above will be
;saved here.
xor di,di
cmp si,5 ;The size of the serial will be 6 chars.
;Why did I choose 6? well...why not? :)
je everythingready
inc si
jmp lookloop
everythingready:
xor si,si
xor di,di
xor ebx,ebx
goagain:
xor eax,eax
first3:
mov ecx,eax
mov edx,1
shl edx,cl
xor ecx,ecx
mov cl,result[si]
and edx,ecx
jz first1
mov ecx,ebx
mov dl,1
shl dl,cl
or byte ptr newser[di],dl
jmp uncon1
first1:
mov ecx,ebx
mov dl,1
shl dl,cl
not dl
and byte ptr newser[di],dl
uncon1:
inc ebx
cmp ebx,8
jnz first2
inc di
xor ebx,ebx
first2:
inc eax
cmp eax,5
jl first3
inc counter
mov eax,counter
cmp counter,6 ;6=length of serial
jl moremore
jmp rrready
moremore:
inc si
jmp goagain
rrready:
xor si,si
xor di,di
xor ecx,ecx
mov ebx,1
mov edx,1
gogo:
mov eax,ecx
cdq
idiv ebx
mov eax,offset finalbyte
add eax,edx
mov dl,newser[si]
xor [eax],dl
inc ecx
inc si
cmp ecx,9
jl gogo
;mov dword ptr newser[0],0
cmp [finalbyte],0 ;The final test!
je hurray ;If it's equal we got ourself a working serial!
mov counter,0 ;Damn, the serial wasnt correct. We got to clean
mov [finalbyte],0 ;up our mess and start all over again.
xor si,si
inc serial[0]
cmp serial[0],039h ;These next couple of lines are just increasing
jle serialloop ;the serial.
mov serial[0],031h
inc serial[1]
cmp serial[1],039h
jle serialloop
mov serial[1],031h
inc serial[2]
cmp serial[2],039h
jle serialloop
mov serial[2],031h
inc serial[3]
cmp serial[3],039h
jle serialloop
mov serial[3],031h
inc serial[4]
cmp serial[4],039h
jle serialloop
mov serial[4],031h
inc serial[5]
cmp serial[5],039h
jle serialloop
mov serial[5],031h
inc serial[6]
cmp serial[6],039h
je damnit
jmp serialloop
damnit: ;Hopefully we wont get to here!
mov ah,09h
lea dx,damn
int 21h
jmp theend
hurray: ;YES! Write the correct serial on screen!
mov ah,09h
lea dx,serial
int 21h
theend:
.exit
end
