| |
The Shadow
Registered: Oct 2007 Posts: 304 |
EOR file coders
Someone once told me that it is impossible to open a file which was coded with an EOR coder. With todays machines, is there any conceivable way that an EOR coded file can be placed into a PC and descrambled? |
|
... 48 posts hidden. Click here to view all posts.... |
| |
tlr
Registered: Sep 2003 Posts: 1790 |
Quote: As I tried cracking instead of guessing this time, I imported it into my 6502 emulator, and chewed through $212121 to $5f5f5f looking for $08 at $0802 and $9e at $0805 (i.e. your average basic sys line). No love :(
Good work but it needs a little more effort to bring love. :)
Added a hint here: Crack me too! |
| |
MagerValp
Registered: Dec 2001 Posts: 1078 |
OK, so I expanded the search to emu_mem[0x0802] == 0x08, 6 <= emu_mem[0x0801] <= 86, emu_mem[(0x0800 | emu_mem[0x0801]) - 1] == 0, aka a proper basic line. Still no love :/
I need to verify that my emu produces the same output as vice.
I wish I had more time to work on this...
|
| |
Ymgve
Registered: May 2002 Posts: 84 |
Just a small hint: The decryption code sets $0800 to zero, so what that address decrypts to is irrelevant. |
| |
JackAsser
Registered: Jun 2002 Posts: 2014 |
Quote: As I tried cracking instead of guessing this time, I imported it into my 6502 emulator, and chewed through $212121 to $5f5f5f looking for $08 at $0802 and $9e at $0805 (i.e. your average basic sys line). No love :(
Cracking vs. Guessing philosophy. Isn't this just automated guessing? :D |
| |
tlr
Registered: Sep 2003 Posts: 1790 |
Quote: OK, so I expanded the search to emu_mem[0x0802] == 0x08, 6 <= emu_mem[0x0801] <= 86, emu_mem[(0x0800 | emu_mem[0x0801]) - 1] == 0, aka a proper basic line. Still no love :/
I need to verify that my emu produces the same output as vice.
I wish I had more time to work on this...
Added another hint: Crack me too!
And when you solve it, it does bring some love! :)
Ymgve knows the secret. ;) |
| |
Quetzal
Registered: Jul 2002 Posts: 71 |
Been working along similar lines to Magervalp, and as he says, no love. Using VICE have scanned all possible password combinations ranging from #$202020 to #$5f5f5f, checking for results where $0801 is equal to #$08. Now I've come to conclude the following possibilities in order from least to most likely.
A) The BASIC line is very non-standard and $0801 is something other than #$08.
B) I need to expand the range of my search.
or
C) My password scanning program completely sucks.
[EDIT] Wrote the above before I saw the latest hint, looks like I may need to re-think which is most likely. :)
|
| |
Oswald
Registered: Apr 2002 Posts: 5094 |
wouldnt it be faster to crack it instead of guessing? |
| |
Quetzal
Registered: Jul 2002 Posts: 71 |
Another edit, I really was checking $0802, not $0801. It's early morning here...
Oswald: To me it seems that in the case of strong encryption like this, but with a relatively weak password that the brute force approach would be the fastest (and most likely the only) way to get results. Provided that is you know something that will be in the resulting decrypted code, which appears to be the problem I'm having now.
|
| |
JackAsser
Registered: Jun 2002 Posts: 2014 |
Quote: Another edit, I really was checking $0802, not $0801. It's early morning here...
Oswald: To me it seems that in the case of strong encryption like this, but with a relatively weak password that the brute force approach would be the fastest (and most likely the only) way to get results. Provided that is you know something that will be in the resulting decrypted code, which appears to be the problem I'm having now.
Not that I've checked this thoroughly but wouldn't it be smarter to try to exploit the bad-key check as a comparator for knowing if you got correct data or not in the brute force scan? |
| |
MagerValp
Registered: Dec 2001 Posts: 1078 |
Quote: Not that I've checked this thoroughly but wouldn't it be smarter to try to exploit the bad-key check as a comparator for knowing if you got correct data or not in the brute force scan?
The bad key check is implemented properly, so it doesn't confirm or deny :) It's a timer IRQ that fires if the program crashes. I assume that the decrypted program disables the IRQ on startup.
TLR: munged basic? Truly evil. That makes it hard to write a function that decides if the decryption worked - I guess I have to execute the code and see if it disables the IRQ, but that means adding a lot more stuff to my barebones emulator...
|
Previous - 1 | 2 | 3 | 4 | 5 | 6 - Next |