Glancing through the FREE book “Reverse Engineering for Beginners“, brought a lot of fun memories that I had with assembly language and doing Hex dump of executables.
Sharing two examples below:
1. My first freeware (downloaded by thousands) around 1996-97 was EasyPass. It removed (!) the password from a #Microsoft #Access Jet 95 MDB database files. It helped those who had forgotten password, or, that’s what I naively believed then. Believe it or not – it was just a matter of flipping (XOR encryption) a few bytes of hex values, you needed to know which bytes, that’s all. A whole chapter in the book explains this technique.
2. When .NET framework was previewed, the very first thing I did was to create a console application in VB.NET (my favourite programming language), put the output executable through Visual Studio Disassembly window (obviously the output didn’t make much sense) and then through ILdasm.exe (Disassembler) which gave a clean MSIL (Intermediate Language) output. To check whether C# and VB.NET both produced the same IL code, did the same thing in C#. What fun days!
Thanks to Dorai Thodla for recommending the book in his timeline.
Public Function bRemovePassword(ByVal sFileName As String) As Boolean
' Removes the password present in a Access MDB File
' Opens the file only for write in Binary
Dim i As Integer
On Error GoTo myErrorCatch
Open sFileName For Binary Access Write As #1
For i = 1 To 14
Put #1, 66 + i, bOriginalCharacters(i)
Next i
Close #1
'we are sure that the password has been removed, but even then
' we are checking the same by again determining what is the
' password of the mdb file
If Len(LTrim(sFindDbPassword(sFileName))) = 0 Then
bRemovePassword = True
Else
bRemovePassword = False
End If
Exit Function
myErrorCatch:
gMyErrNumber = Err.Number
gMyErrDescription = Err.Description
bRemovePassword = False
Exit Function
End Function
Public Function sFindDbPassword(ByVal sFileName As String) As String
' Reveals the coded password present in a Access MDB File
' Opens the file only for Read in Binary
Dim bCharacter As Byte
Dim sPassword As String
Dim i As Integer
Dim bTranslate As Byte
sPassword = ""
If sFileName = "" Then
Exit Function
End If
On Error GoTo Catchit
Open sFileName For Binary Access Read As #1
For i = 1 To 14
Get #1, 66 + i, bCharacter
If bCharacter = bOriginalCharacters(i) Then
sPassword = sPassword
Else
' IMPORTANT: XORS THE CHARCTER PRESENT WITH THE PRESET VALUES
bTranslate = bCharacter Xor bOriginalCharacters(i)
sPassword = sPassword & Chr(bTranslate)
End If
Next i
Close #1
sFindDbPassword = sPassword
Exit Function
Catchit:
gMyErrNumber = Err.Number
gMyErrDescription = Err.Description
sFindDbPassword = ""
End Function
_New_Timer PROC FAR ; Line 221 pushad push ds push es mov bp,sp push ds mov ax,DGROUP mov ds,ax ASSUME DS: DGROUP cld ; Line 222 cmp BYTE PTR $S405_c,2 je SHORT $I463 cmp BYTE PTR $S405_c,3 jne SHORT $I462 $I463: mov BYTE PTR $S405_c,1 ; Line 223 $I462: push DWORD PTR _Old_Timer call __chain_intr ; Line 224 mov sp,bp pop es pop ds ASSUME DS: DGROUP popad iret _New_Timer ENDP
Comments