|
Joseph's Thread Thursday, 25-Feb-99 04:47:28 Greetings, Late last night I unzipped Caveman and took a look at it: General 1: Ran the program and get the message "Unregistered: Invalid or missing keyfile!". Ok. Then we need a keyfile to run this program correctly. 2: the first thing I did was to dump it using HexWorkshop and noticed the data at the end of the dump which included the name "Caveman.dat". No other useful information was easily noticed at this stage. 3: Using HexWorkshop, created a short file, stuffed it with some bytes and saved it in the same directory with Caveman.com. 4: Using W32dasm, generated a source file and made some superficial examination of the dead listing. Not much help yet, especially since W32dasm does not debug 16 bit programs. Some pure DOS utilities will work better with this one. 5: Using Turbo Debugger for DOS, debugging became a breeze but not without some initial problems. Caveman was not opening Cavman.DAT in spite its presence. What is going on? It looks like Caveman does not like to reside in a subdirectory several levels deep, so I moved the program and the data files to a subdirectory in the root directory. This made Caveman happy and opened Caveman.DAT The KeyFile and its contents 1: First 2 bytes are for the length of the user name--only the first byte is used. 2: N number of bytes determined by the first byte containing a name terminated by a "$" 3: Two bytes of code containing the key needed to let the program precede. 4: A block of 100 bytes to be read by the program at a later stage. I have not determined the nature of this block or any other contents of the KeyFile. Program exaction 1: Displays a message on the screen consisting of the program's name, the author's Name, and date, 2: Attempts to open Caveman.dat and continues if successful and aborts if not. 3: Reads 2 bytes from Caveman.dat, this will be the length of the next block to be read. 4: Reads a block of bytes equals the number in the first byte read. This is the name. 5: Reads the following 2 bytes fro Caveman.DAT. This is the Key in the KeyFile. 6: Calculates the key, a tow byte hex number, from the name and compares it with that read from the KeyFile. Here is the code which calculates the key: 0001.0169 BE6706 mov si, 0667 :0001.016C AC lodsb :0001.016D 02E0 add ah, al :0001.016F D1C0 rol ax, 01 :0001.0171 D1C0 rol ax, 01 :0001.0173 D1C0 rol ax, 01 :0001.0175 E2F5 loop 016C :0001.0177 3B065A06 cmp ax, [065A] :0001.017B 0F853604 jne 05B5 7: If the keys are not equal the program aborts, but if equal continues. 8: Using 2 tables: one at 1B1 and the other at 660, builds a third table of 100 bytes and stores it at 100. This is how this new table is built: Each byte in the first table is split into two halves. The upper half is an offset number to a byte in the second table, and the lower half is the count of how many times this byte will be repeated in the third table. The second table consists of 8 bytes "T.abcfw". So the third table is made of these characters in the following maner: TTTTTTTTTT T........T T...cc...T T........T TT..TTT..T T.aaabbb.T T........T T..TT....T T..Tfww..T TTTTTTTTTT 9: Once the table is constructed the program jumps to 1D0 and loops, if necessary, until SI points to the first 2Eh "." byte in the newly constructed table. 10: Sends a block of character to the display consisting of the name. If you break the program after this and look at the screen you will see "registered to: YourName." Here is the code: 0001.01D4 AC lodsb :0001.01D5 3C2E cmp al, 2E :0001.01D7 75FB jne 01D4 :0001.01D9 4E dec si :0001.01DA BA6706 mov dx, 0667 :0001.01DD B409 mov ah, 09 :0001.01DF CD21 int 21 :0001.01E1 B023 mov al, 23 ;Break here to see your name After this the program stars the game which I have not figured how to play yet and tomorrow is another day, Best regards, Joseph Joseph |
| Joseph's Thread (Joseph) (25-Feb-99 04:47:28) |