Load the COM file into your favorite disassembler and analyze structure of the program.
0100 start: jmp lStart -------------------------------------------------------- 0103 aLogo db -------------------------------------------------------- 0150 lReset: ... 0153 jmp lBack -------------------------------------------------------- 0156 lStart: ; print aLogo and store input .... ; @aPassword 0171 jmp lSetup -------------------------------------------------------- 0174 aData db -------------------------------------------------------- 0185 lSetup: ; code is used as pattern .... 01AE jmp lLoop -------------------------------------------------------- 01B3 aPassword db -------------------------------------------------------- 01C0 lLoop: .... 01C9 jmp lReset 01CB lBack: .... 01D8 loop lLoop .... 023E stosw ; last operation -------------------------------------------------------- 023F aGarbage db .... 024D db 024E jmp lIncorrect -------------------------------------------------------- 0251 dwSome dd -------------------------------------------------------- 0256 lIncorrect: ; print aIncorrect .... 025D jmp short lExit -------------------------------------------------------- 0260 aIncorrect db -------------------------------------------------------- 0277 lExit:
Ez to see that once CX is 0 @01D8, IP reaches instructions @aGarbage and processor goes bananas. Obviously bytes @aGarbage must be modified somewhere in/after loop to became meaningful. To confirm correct password program must perform something like:
023F mov ah,9 ; B409 0241 mov dx, ???? ; BA???? 0244 int 21h ; CD21 0246 jmp lExit ; EB2F
Analysis of code in/after loop gives address of greeting (????) - aData, where bytes are being modified also. Instruction @0241 becomes:
0241 mov dx, aData ; BA7401
Couple of hints for decoding (trivial and left as homework):
Finally, password is: "stormknagXX", where X is any isalnum() char. Greeting is: "kOUGER ZuYYs!", where Y is decoded X char. Hey, kOUGER!, can you explain what that supposed to mean? Thanx! :-)