Results 1 to 1 of 1

Thread: Finding Secret Key in the Assembly code Share/Save - My123World.Com!

Hybrid View

  1. #1

    Lightbulb Finding Secret Key in the Assembly code

    So we have follow given assembly code and we need to find the secrete key out of it. The following method, I've used to extract secrete key.


    Code:
    >>> a="\x31\xC0\x50\x68\x23\x25\x24\x76\x68\x76\x79\x20\x25\x68\x23\x78\x25\x72\x68\x25\x74\x20\x20\x68\x72\x73\x25\x27\x68\x75\x78\x77\x79\x68\x22\x72\x75\x77\x68\x71\x25\x75\x71\x68\x24\x27\x23\x20\x68\x25\x24\x78\x23\x68\x77\x76\x71\x76\x68\x23\x24\x77\x75\x68\x74\x24\x78\x24\x68\x71\x73\x70\x27\x68\x77\x74\x74\x23\x68\x79\x77\x70\x22\x68\x75\x20\x23\x24\x68\x79\x20\x78\x79\x68\x20\x79\x75\x20\x68\x76\x75\x23\x78\x68\x70\x74\x23\x79\x68\x22\x71\x79\x77\x68\x22\x76\x25\x72\x68\x77\x74\x22\x74\x68\x75\x73\x78\x22\x68\x22\x72\x20\x77\x68\x27\x27\x20\x79\x68\x79\x22\x72\x76\x68\x24\x79\x24\x78\x68\x25\x73\x27\x27\x68\x24\x25\x73\x24\x68\x20\x77\x74\x71\x54\x5E\x8B\xFE\x8B\xD7\xFC\xB9\x80\x00\x00\x00\xBB\x41\x00\x00\x00\x31\xC0\x50\xAC\x33\xC3\xAA\xE2\xFA\x54\x5E\xCC"
    Code:
    >>> open("asdf.bin", "wb").write(a)
    Code:
    >>> __import__("os").system("ndisasm -b32 asdf.bin")
    00000000  31C0              xor eax,eax
    00000002  50                push eax
    00000003  6823252476        push dword 0x76242523
    00000008  6876792025        push dword 0x25207976
    0000000D  6823782572        push dword 0x72257823
    00000012  6825742020        push dword 0x20207425
    00000017  6872732527        push dword 0x27257372
    0000001C  6875787779        push dword 0x79777875
    00000021  6822727577        push dword 0x77757222
    00000026  6871257571        push dword 0x71752571
    0000002B  6824272320        push dword 0x20232724
    00000030  6825247823        push dword 0x23782425
    00000035  6877767176        push dword 0x76717677
    0000003A  6823247775        push dword 0x75772423
    0000003F  6874247824        push dword 0x24782474
    00000044  6871737027        push dword 0x27707371
    00000049  6877747423        push dword 0x23747477
    0000004E  6879777022        push dword 0x22707779
    00000053  6875202324        push dword 0x24232075
    00000058  6879207879        push dword 0x79782079
    0000005D  6820797520        push dword 0x20757920
    00000062  6876752378        push dword 0x78237576
    00000067  6870742379        push dword 0x79237470
    0000006C  6822717977        push dword 0x77797122
    00000071  6822762572        push dword 0x72257622
    00000076  6877742274        push dword 0x74227477
    0000007B  6875737822        push dword 0x22787375
    00000080  6822722077        push dword 0x77207222
    00000085  6827272079        push dword 0x79202727
    0000008A  6879227276        push dword 0x76722279
    0000008F  6824792478        push dword 0x78247924
    00000094  6825732727        push dword 0x27277325
    00000099  6824257324        push dword 0x24732524
    0000009E  6820777471        push dword 0x71747720
    000000A3  54                push esp
    000000A4  5E                pop esi
    000000A5  8BFE              mov edi,esi
    000000A7  8BD7              mov edx,edi
    000000A9  FC                cld
    000000AA  B980000000        mov ecx,0x80
    000000AF  BB41000000        mov ebx,0x41
    000000B4  31C0              xor eax,eax
    000000B6  50                push eax
    000000B7  AC                lodsb
    000000B8  33C3              xor eax,ebx
    000000BA  AA                stosb
    000000BB  E2FA              loop 0xb7
    000000BD  54                push esp
    000000BE  5E                pop esi
    000000BF  CC                int3
    Code:
    >>> ab=bytearray(a)
    >>> enc = []
    >>> for i in range(3,0xa3):
    ...   if (i - 3) % 5 == 0:
    ...     continue
    ...   enc.append(ab[i])
    ... 
    >>> enc
    [35, 37, 36, 118, 118, 121, 32, 37, 35, 120, 37, 114, 37, 116, 32, 32, 114, 115, 37, 39, 117, 120, 119, 121, 34, 114, 117, 119, 113, 37, 117, 113, 36, 39, 35, 32, 37, 36, 120, 35, 119, 118, 113, 118, 35, 36, 119, 117, 116, 36, 120, 36, 113, 115, 112, 39, 119, 116, 116, 35, 121, 119, 112, 34, 117, 32, 35, 36, 121, 32, 120, 121, 32, 121, 117, 32, 118, 117, 35, 120, 112, 116, 35, 121, 34, 113, 121, 119, 34, 118, 37, 114, 119, 116, 34, 116, 117, 115, 120, 34, 34, 114, 32, 119, 39, 39, 32, 121, 121, 34, 114, 118, 36, 121, 36, 120, 37, 115, 39, 39, 36, 37, 115, 36, 32, 119, 116, 113]                                                                                                
    >>> dec = ''.join([chr(x^0x41) for x in enc])
    Code:
    >>> dec
    'bde778adb9d3d5aa32df4968c3460d40efbade9b6707be645e9e021f655b861c4abe8a98a84a74b915b8c086c7d365c5429cc3a6ffa88c37e8e9d2ffed2ea650'
    The order was wrong, since push moves esp backwards; need to fix:
    Code:
    >>> ''.join([dec[i*4:(i+1)*4] for i in range(len(dec)/4)][::-1])
    
    'a650ed2ed2ffe8e98c37ffa8c3a6429c65c5c7d3c08615b874b9a84a8a984abe861c655b021f5e9ebe646707de9befba0d40c346496832dfd5aab9d378adbde7'
    Cheers
    Last edited by [s]; 03-28-2017 at 01:17 PM.
    Garage4Hackers bugs for the community , of the community

    We provide IT
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •