PDA

View Full Version : hash algo help


ramin_rad2000
September 5th, 2004, 12:43
I am wondering if any one can give me a clue about this kind of hash algo
-------------------------------------------------------------------------
10001850 53 push ebx
10001851 B900800010 mov ecx,L10008000
10001856 56 push esi
10001857 8B74240C mov esi,[esp+0Ch]
1000185B 8B06 mov eax,[esi]
1000185D 8901 mov [ecx],eax--->Serial number
1000185F 8D4608 lea eax,[esi+08h]
10001862 668B5604 mov dx,[esi+04h]
10001866 50 push eax
10001867 66895104 mov [ecx+04h],dx
1000186B 51 push ecx
1000186C 8A5E06 mov bl,[esi+06h]
1000186F 885906 mov [ecx+06h],bl
10001872 C6050680001000 mov byte ptr [L10008006],00h
10001879 FF1530B40010 call [KERNEL32.dll!lstrcatA]
1000187F 6810800010 push L10008010
10001884 6A0C push 0000000Ch
10001886 6800800010 push L10008000
1000188B E8000E0000 call SUB_L10002690(it goes down)
10001890 83C40C add esp,0000000Ch
10001893 8A4E06 mov cl,[esi+06h]
10001896 880D00800010 mov [L10008000],cl
1000189C 6800800010 push L10008000
100018A1 8A4607 mov al,[esi+07h]
100018A4 BE64000000 mov esi,00000064h -->(interesting!)
100018A9 C6050280001000 mov byte ptr [L10008002],00h
100018B0 A201800010 mov [L10008001],al
100018B5 FF1594B50010 call [MSVCRT20.dll!atol]---->does anybody know how this works?
100018BB 83C404 add esp,00000004h
100018BE 8BC8 mov ecx,eax
100018C0 A110800010 mov eax,[L10008010]
100018C5 2BD2 sub edx,edx
100018C7 F7F6 div esi
100018C9 33C9 sub ecx,edx
100018CB 5E pop esi
100018CC 5B pop ebx
100018CD 83F901 cmp ecx,00000001h
100018D0 1BC0 sbb eax,eax
100018D2 F7D8 neg eax
100018D4 C20400 retn 0004h

The brute forcing is easy:at 100018C9 ecx must be less than edx so that the carry will be set and the sbb eax,eax will then be -1(FFFFFFFF) so after neg eax function will return 1. if it is MD5 then please give me some especifics on it(i am a totall newbie in crtypto stuff)

serial number removed by mike

------------------------------------------------------------------------
SUB_L10002690
10002690 53 push ebx
10002691 BAFFFFFFFF mov edx,FFFFFFFFh
10002696 8B4C240C mov ecx,[esp+0Ch]
1000269A 56 push esi
1000269B 8BC1 mov eax,ecx
1000269D 03CA add ecx,edx
1000269F 85C0 test eax,eax
100026A1 7428 jz L100026CB
100026A3 8B74240C mov esi,[esp+0Ch]
100026A7 L100026A7:
100026A7 8A06 mov al,[esi]---->serial
100026A9 46 inc esi
100026AA 33DB xor ebx,ebx
100026AC 8AD8 mov bl,al
100026AE 33DA xor ebx,edx
100026B0 C1EA08 shr edx,08h
100026B3 81E3FF000000 and ebx,000000FFh
100026B9 8B049D70A20010 mov eax,[L1000A270+ebx*4]----->(goes down)
100026C0 8BD9 mov ebx,ecx
100026C2 33C2 xor eax,edx
100026C4 49 dec ecx
100026C5 8BD0 mov edx,eax
100026C7 85DB test ebx,ebx
100026C9 75DC jnz L100026A7
100026CB L100026CB:
100026CB F7D2 not edx
100026CD 8B442414 mov eax,[esp+14h]
100026D1 5E pop esi
100026D2 5B pop ebx
100026D3 8910 mov [eax],edx
100026D5 33C0 xor eax,eax
100026D7 C3 retn
----------------------------------------------------------------------
L1000A270:

1000A270 00000000 dd 00000000h
1000A274 96 db 96h; '-'
1000A275 30 db 30h; '0'
1000A276 07 db 07h;
1000A277 77 db 77h; 'w'
1000A278 2C db 2Ch; ','
1000A279 61 db 61h; 'a'
1000A27A 0E db 0Eh;
1000A27B EE db EEh; ''

rest of table deleted since the first word is enough to figure out what's going on-mike

IT seems that is never ends!(if i don't make any mistake it is 1024 bytes) I don't know anything of crc but this 1024(decimal) hashtable and that 64 above is ....
-------------------------------------------------------------------------

mike
September 5th, 2004, 19:42
Google is your friend:
http://www.google.co.nz/search?q=77073096
It's crc32.

JMI
September 5th, 2004, 20:12
Wait. You mean they even have "crypto" on google? What a concept. That darn company is everywhere and into everything. I just didn't know those bots were good at math.

Of course, we still need Mike to tell us how the heck that math "works." There are good reasons some of us avoided those subjects after completing school. We're just not very good at the subject.

Regards,

ramin_rad2000
September 6th, 2004, 01:41
JMI with all the respects,but do you think there is something wrong with my thread? and mike thank you very much for the link.

JMI
September 6th, 2004, 10:21
ramin_rad2000:

With all due respect, I was simply expressing my not to great suprise that even complex concepts, such as crypto procedures, could be found by searching the net, which you know is one of my pet projects.

The remainder of the post was a general expression of my own personal view that I have always found math a more difficult subject, and therefore less well liked, than most other subjects. I was also expressing my gratitude to people like Mike, who not only like the subject, but are damn good at it and able to explain it to those less talented in the subject, like I am.

So you see, my post really wasn't about "you" at all. It was about "me."

Regards,

ramin_rad2000
September 7th, 2004, 15:49
jmi man,and i believe in your talent
Well i hope that other people also share their knowledge on this subject