| |
The Shadow
Registered: Oct 2007 Posts: 304 |
EOR file coders
Someone once told me that it is impossible to open a file which was coded with an EOR coder. With todays machines, is there any conceivable way that an EOR coded file can be placed into a PC and descrambled? |
|
... 48 posts hidden. Click here to view all posts.... |
| |
tlr
Registered: Sep 2003 Posts: 1790 |
Added todays hint: Crack me too!
@MagerValp: I didn't know code could be evil... ;) |
| |
MagerValp
Registered: Dec 2001 Posts: 1078 |
Sadly I haven't had time to work on it. I confirmed that my emulator produces the same output as VICE though, which is good.
|
| |
tlr
Registered: Sep 2003 Posts: 1790 |
Added another hint... |
| |
tlr
Registered: Sep 2003 Posts: 1790 |
I guess most gave up on this so I'm giving the pw this evening unless someone says they are still trying. :)
It's apparent that Ymgve chose a really good strategy for cracking it!
When I got the correct answer reported only 5 hours after release I thought I might had accidentally made the challenge way too easy. ;)
|
| |
tlr
Registered: Sep 2003 Posts: 1790 |
Posted the answer: Crack me too! |
| |
Quetzal
Registered: Jul 2002 Posts: 71 |
Tried brute force attack myself and failed, since searching for #$08 at $0802 gave far too many results to sort through (have just confirmed "2,4" was in my list of results, damn!). Also tried looking for POKE565xx in the decrypted code (for disabling CIA timer), but TLR cleverly hid that, as I suspected when no results were found.
I'll be interested to hear a report from Ymgve as to what his method of attack was.
|
| |
Ymgve
Registered: May 2002 Posts: 84 |
I actually found it by doing a bit of statistics. One of my ideas was to count the number of digit characters in the first 128 bytes, and then the "2,4" combination showed up with 45 out of 128 bytes being digits. |
| |
MagerValp
Registered: Dec 2001 Posts: 1078 |
Nice work Ymgve!
My next step would have been code execution and a breakpoint on the basic SYS command and the error routine, but I didn't have the time to implement it. Would it have worked?
|
| |
Ymgve
Registered: May 2002 Posts: 84 |
Yeah, detecting changes to the error routine should work. He never actually uses a SYS command. He POKEs a small program into memory, hooks the error message vector, then executes a syntax error. There's also no numbers larger than 3 digits, all addresses are created through obfuscated math. |
| |
MagerValp
Registered: Dec 2001 Posts: 1078 |
Nasty! :)
|
Previous - 1 | 2 | 3 | 4 | 5 | 6 - Next |