Coding Flashback

A trip down memory lane to assembly and hex

Glancing through the FREE book “Reverse Engineering for Beginners“, brought a lot of fun memories that I had with assembly language and doing Hex dump of executables.

Sharing two examples below:

1. My first freeware (downloaded by thousands) around 1996-97 was EasyPass. It removed (!) the password from a #Microsoft #Access Jet 95 MDB database files. It helped those who had forgotten password, or, that’s what I naively believed then. Believe it or not – it was just a matter of flipping (XOR encryption) a few bytes of hex values, you needed to know which bytes, that’s all. A whole chapter in the book explains this technique.

2. When .NET framework was previewed, the very first thing I did was to create a console application in VB.NET (my favourite programming language), put the output executable through Visual Studio Disassembly window (obviously the output didn’t make much sense) and then through ILdasm.exe (Disassembler) which gave a clean MSIL (Intermediate Language) output. To check whether C# and VB.NET both produced the same IL code, did the same thing in C#. What fun days!

Thanks to Dorai Thodla for recommending the book in his timeline.



Public Function bRemovePassword(ByVal sFileName As String) As Boolean

    ' Removes the password present in a Access MDB File
    ' Opens the file only for write in Binary
    
    Dim i As Integer
    On Error GoTo myErrorCatch
    
    Open sFileName For Binary Access Write As #1
    
        For i = 1 To 14
            Put #1, 66 + i, bOriginalCharacters(i)
        Next i
    
    Close #1
    
    'we are sure that the password has been removed, but even then
    ' we are checking the same by again determining what is the
    ' password of the mdb file
    
    If Len(LTrim(sFindDbPassword(sFileName))) = 0 Then
        bRemovePassword = True
    Else
        bRemovePassword = False
    End If
    
    Exit Function
    
myErrorCatch:
    gMyErrNumber = Err.Number
    gMyErrDescription = Err.Description
    bRemovePassword = False
    Exit Function
End Function
Public Function sFindDbPassword(ByVal sFileName As String) As String

    ' Reveals the coded password present in a Access MDB File
    ' Opens the file only for Read in Binary
    
    Dim bCharacter As Byte
    Dim sPassword As String
    Dim i As Integer
    Dim bTranslate As Byte
    
    sPassword = ""
    
    If sFileName = "" Then
        Exit Function
    End If

    On Error GoTo Catchit
    Open sFileName For Binary Access Read As #1
    
    
        For i = 1 To 14
            Get #1, 66 + i, bCharacter
            If bCharacter = bOriginalCharacters(i) Then
                sPassword = sPassword
            Else
                ' IMPORTANT: XORS THE CHARCTER PRESENT WITH THE PRESET VALUES
                bTranslate = bCharacter Xor bOriginalCharacters(i)
                sPassword = sPassword & Chr(bTranslate)
            End If
        Next i
        
    Close #1

   sFindDbPassword = sPassword
   Exit Function

Catchit:
    gMyErrNumber = Err.Number
    gMyErrDescription = Err.Description
    sFindDbPassword = ""
End Function


_New_Timer	PROC FAR
; Line 221
	pushad
	push	ds
	push	es
	mov	bp,sp
	push	ds
	mov	ax,DGROUP
	mov	ds,ax
	ASSUME DS: DGROUP
	cld	
; Line 222
	cmp	BYTE PTR $S405_c,2
	je	SHORT $I463
	cmp	BYTE PTR $S405_c,3
	jne	SHORT $I462
$I463:
	mov	BYTE PTR $S405_c,1
; Line 223
$I462:
	push	DWORD PTR _Old_Timer
	call	__chain_intr
; Line 224
	mov	sp,bp
	pop	es
	pop	ds
	ASSUME DS: DGROUP
	popad
	iret	

_New_Timer	ENDP

Write A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.