Glancing through the FREE book “Reverse Engineering for Beginners“, brought a lot of fun memories that I had with assembly language and doing Hex dump of executables.
Sharing two examples below:
1. My first freeware (downloaded by thousands) around 1996-97 was EasyPass. It removed (!) the password from a #Microsoft #Access Jet 95 MDB database files. It helped those who had forgotten password, or, that’s what I naively believed then. Believe it or not – it was just a matter of flipping (XOR encryption) a few bytes of hex values, you needed to know which bytes, that’s all. A whole chapter in the book explains this technique.
2. When .NET framework was previewed, the very first thing I did was to create a console application in VB.NET (my favourite programming language), put the output executable through Visual Studio Disassembly window (obviously the output didn’t make much sense) and then through ILdasm.exe (Disassembler) which gave a clean MSIL (Intermediate Language) output. To check whether C# and VB.NET both produced the same IL code, did the same thing in C#. What fun days!
Public Function bRemovePassword(ByVal sFileName As String) As Boolean ' Removes the password present in a Access MDB File ' Opens the file only for write in Binary Dim i As Integer On Error GoTo myErrorCatch Open sFileName For Binary Access Write As #1 For i = 1 To 14 Put #1, 66 + i, bOriginalCharacters(i) Next i Close #1 'we are sure that the password has been removed, but even then ' we are checking the same by again determining what is the ' password of the mdb file If Len(LTrim(sFindDbPassword(sFileName))) = 0 Then bRemovePassword = True Else bRemovePassword = False End If Exit Function myErrorCatch: gMyErrNumber = Err.Number gMyErrDescription = Err.Description bRemovePassword = False Exit Function End Function Public Function sFindDbPassword(ByVal sFileName As String) As String ' Reveals the coded password present in a Access MDB File ' Opens the file only for Read in Binary Dim bCharacter As Byte Dim sPassword As String Dim i As Integer Dim bTranslate As Byte sPassword = "" If sFileName = "" Then Exit Function End If On Error GoTo Catchit Open sFileName For Binary Access Read As #1 For i = 1 To 14 Get #1, 66 + i, bCharacter If bCharacter = bOriginalCharacters(i) Then sPassword = sPassword Else ' IMPORTANT: XORS THE CHARCTER PRESENT WITH THE PRESET VALUES bTranslate = bCharacter Xor bOriginalCharacters(i) sPassword = sPassword & Chr(bTranslate) End If Next i Close #1 sFindDbPassword = sPassword Exit Function Catchit: gMyErrNumber = Err.Number gMyErrDescription = Err.Description sFindDbPassword = "" End Function
_New_Timer PROC FAR ; Line 221 pushad push ds push es mov bp,sp push ds mov ax,DGROUP mov ds,ax ASSUME DS: DGROUP cld ; Line 222 cmp BYTE PTR $S405_c,2 je SHORT $I463 cmp BYTE PTR $S405_c,3 jne SHORT $I462 $I463: mov BYTE PTR $S405_c,1 ; Line 223 $I462: push DWORD PTR _Old_Timer call __chain_intr ; Line 224 mov sp,bp pop es pop ds ASSUME DS: DGROUP popad iret _New_Timer ENDP