vmcrack/output/annotated/decrypt_flag.asm at main · ben-sb/vmcrack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
0x41a3c0:	push         dword ebp
0x41a3c4:	mov          dword ebp, dword esp
0x41a3cb:	sub          esp, 0xc

0x41a3ce:	mov          dword [esp], credential_dest_ptr_2
0x41a3dd:	mov          dword [esp+0x4], encrypted_string_ptr
0x41a3ec:	mov          dword [esp+0x8], constant_0x570

0x41a3fb:	push         dword edi
0x41a3ff:	push         dword esi
0x41a403:	push         dword ebx

0x41a407:	xor          dword eax, dword eax
0x41a40e:	mov          dword ecx, 0xffff
0x41a417:	mov          dword edi, dword [ebp-0xc]             ; credential_dest_ptr_2
0x41a424:	repne scasb  byte [edi]                             ; read until zero
0x41a426:	sub          dword ecx, 0xffff
0x41a42f:	not          dword ecx                              ; string length
0x41a433:	mov          dword ebx, dword ecx
0x41a43a:	sub          esp, 0x10

0x41a43d:	mov          dword esi, dword esp
0x41a444:	push         dword esi                              ; md5 destination ptr
0x41a448:	push         dword ebx                              ; data length
0x41a44c:	push         dword [ebp-0xc]                        ; credential_dest_ptr_2 - string to be hashed
0x41a456:	call         md5_func
0x41a45c:	add          esp, 0xc

0x41a45f:	sub          esp, 0x20
0x41a462:	mov          dword edi, dword esp
0x41a469:	push         dword edi                              ; sha256 destination ptr
0x41a46d:	push         dword ebx                              ; data length
0x41a471:	push         dword [ebp-0xc]                        ; credential_dest_ptr_2 - string to be hashed
0x41a47b:	call         sha256_func
0x41a481:	add          esp, 0xc

0x41a484:	push         dword esi                              ; md5 hash
0x41a488:	push         dword edi                              ; sha256 hash
0x41a48c:	push         dword [ebp-0x4]                        ; constant_0x570
0x41a496:	push         dword [ebp-0x8]                        ; encrypted_string_ptr
0x41a4a0:	call         some_decryption_func
0x41a4a6:	add          esp, 0x40

0x41a4a9:	push         dword [ebp-0x4]                        ; constant_0x570
0x41a4b3:	push         dword [ebp-0x8]                        ; encrypted_string_ptr
0x41a4bd:	call         crc_func
0x41a4c3:	add          esp, 0x8

0x41a4c6:	mov          dword ebx, dword eax
0x41a4cd:	xor          dword eax, dword eax
0x41a4d4:	cmp          dword ebx, 0x4da2c9f6                  ; check crc checksum is correct
0x41a4dd:	jnz          0x41a4ec                               ; return 0 if not

0x41a4e3:	mov          dword eax, 0x1                         ; return 1 if correct
0x41a4ec:	pop          dword ebx
0x41a4f0:	pop          dword esi
0x41a4f4:	pop          dword edi
0x41a4f8:	add          esp, 0xc
0x41a4fb:	pop          dword ebp
0x41a4ff:	ret