Author Topic: Assembly tutorial  (Read 10478 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Assembly tutorial
« on: March 13, 2007, 12:00:43 am »
So I was going to walk dlStevens through my standard assembly reference this weekend. Instead, I decided to write a guide that anybody can use. It's supposed to be a beginner's guide. Knowing C is a definite asset, and some programming experience is probably a requirement.

I've only made it to the first example so far, which is the Starcraft CDKey checker (when you're installing the game). The ultimate goal is to show some cracking, keygen-writing, some buffer overflow exploitation, and writing a hack for a game (very basic, for an old version, but that's beside the point). I pretty much want to cover all the cool stuff. If this goes well, I might extend it to do some other neat things, depending on what people want.

Plus, I finally get to use the domain name I bought a few months ago :)

http://www.skullsecurity.org/wiki
« Last Edit: March 13, 2007, 12:18:15 am by iago »

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Assembly tutorial
« Reply #1 on: March 13, 2007, 12:10:37 am »
That's awesome. :)
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Assembly tutorial
« Reply #2 on: March 13, 2007, 12:13:00 am »
I should mention, I've done absolutely no proofreading, anybody feel free to look for grammar/spelling mistakes and fix them.

Offline d&q

  • Hero Member
  • *****
  • Posts: 1427
  • I'm here.
    • View Profile
    • Site
Re: Assembly tutorial
« Reply #3 on: March 13, 2007, 01:06:58 pm »
I should mention, I've done absolutely no proofreading, anybody feel free to look for grammar/spelling mistakes and fix them.

I have been doing so, but I have not been able to create an account:
Code: [Select]
Fatal error: Call to undefined function mail() in /home/ron/skullsecurity/wiki/includes/UserMailer.php on line 152
Scratch that, I just cannot input an email address.  :'(
The writ of the founders must endure.

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: Assembly tutorial
« Reply #4 on: March 13, 2007, 02:31:03 pm »
Ooh! Can I write stuff about coding security practices?
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Assembly tutorial
« Reply #5 on: March 13, 2007, 04:31:07 pm »
IMO, making sure someone completely understands addressing needs to be understood before they jump into larger examples.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Assembly tutorial
« Reply #6 on: March 13, 2007, 05:59:34 pm »
I spent a good part of today working on it, especially the "stack" section and the examples. So if anybody wants to have a look, there's plenty more content there!

Oh and I realized the humor today on a site about x86 by x86.. :)

Ooh! Can I write stuff about coding security practices?
I've been aiming more from the taking-stuff-apart side, but of course the more content the better.

What did you have in mind, specifically? Could it be part of a section other than "Assembly", or does it still fit with that?

IMO, making sure someone completely understands addressing needs to be understood before they jump into larger examples.
How do you mean, exactly? I went over a little bit about memory in the first page, but not a whole lot. What, specifically, do you think I should talk about?

Keep in mind that this guide is for reading assembly, not writing it, so I didn't bother with a lot of the boring addressing stuff I learned back in school, only what I find I actually use. But I'm open to suggestions if you think there's anything specifically I ought to mention.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Assembly tutorial
« Reply #7 on: March 13, 2007, 08:56:38 pm »
I fixed it so that the image in the top-left corner randomly chooses an image from OSPAP and resizes it. :)

(Up till now, it was just a selection of static images)

Offline abc

  • Hero Member
  • *****
  • Posts: 576
    • View Profile
Re: Assembly tutorial
« Reply #8 on: March 13, 2007, 09:09:55 pm »
I LOVE IAGO!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Assembly tutorial
« Reply #9 on: March 13, 2007, 10:12:24 pm »
I LOVE IAGO!
It's encouragement like that that'll help me finish this :)


Also having nothing to do at work helps...

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Assembly tutorial
« Reply #10 on: March 13, 2007, 11:29:49 pm »
I LOVE IAGO!
It's encouragement like that that'll help me finish this :)


Also having nothing to do at work helps...


Well, in that case:

I LOVE iAGO!
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline abc

  • Hero Member
  • *****
  • Posts: 576
    • View Profile
Re: Assembly tutorial
« Reply #11 on: March 14, 2007, 07:32:49 am »
I always thought I'd never understand ASM, but (seriously) since iago's tutorials I've *actually* understood quite a lot.

and I love it!

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Assembly tutorial
« Reply #12 on: March 14, 2007, 02:48:43 pm »
How do you mean, exactly? I went over a little bit about memory in the first page, but not a whole lot. What, specifically, do you think I should talk about?

Keep in mind that this guide is for reading assembly, not writing it, so I didn't bother with a lot of the boring addressing stuff I learned back in school, only what I find I actually use. But I'm open to suggestions if you think there's anything specifically I ought to mention.
I suppose if you are just reading the code, its not as big of a deal but there is a huge difference between stack addressing / extended addressing / relative addressing / etc that can cause all kinds of problems if you don't know which to use when and how to figure out what the effective address of any given operand is.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Assembly tutorial
« Reply #13 on: March 14, 2007, 04:13:47 pm »
I suppose if you are just reading the code, its not as big of a deal but there is a huge difference between stack addressing / extended addressing / relative addressing / etc that can cause all kinds of problems if you don't know which to use when and how to figure out what the effective address of any given operand is.
Yeah, that's not terribly important. I go over relative addressing very briefly, in like one sentence, and I talk about the stack a lot. But I don't talk about any kind of variable storage other than the stack, because when you're reading assembly that's pretty much common sense.

Also, I don't know enough about addressing to confidently talk about that, either.

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Assembly tutorial
« Reply #14 on: March 15, 2007, 02:20:51 pm »
Maybe I'll add something then when I have the time.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Assembly tutorial
« Reply #15 on: March 16, 2007, 09:00:54 pm »
So, I've done up to the end of making a functional hack for Starcraft.

Is anybody still reading? Are there any tough parts/bottlenecks that I should go back and work on?

Are all the explanations clear enough?

I'm going to stop here for awhile till I get some feedback and inspiration.

One major question is: what more do you want? What should I add, or work on? What interests you?  I'm willing to teach! :)


<Edit>
Here's a screenshot of the hack I made in the walkthrough:
« Last Edit: March 16, 2007, 09:09:19 pm by iago »

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: Assembly tutorial
« Reply #16 on: March 16, 2007, 09:44:06 pm »
I'd really like to know the offset for the current version.  I thought it was 0x5031B0, but it's not working.

Also, your link to the Injector is broken (it points to skullsecurity.com).

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Assembly tutorial
« Reply #17 on: March 16, 2007, 10:37:05 pm »
I'd really like to know the offset for the current version.  I thought it was 0x5031B0, but it's not working.

Also, your link to the Injector is broken (it points to skullsecurity.com).
What do you mean by "offset"? There are a lot of offsets.

I had trouble using TSearch with the current version, plus I don't want to stir up legal trouble, but if you follow my guide you should be able to find any of the same functions on the newest version.

Oops @ the link -- I have to run right away, can somebody fix it?

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: Assembly tutorial
« Reply #18 on: March 17, 2007, 07:45:20 am »
I mean in the final bit of code
Code: [Select]
int fcnDisplayMessage = 0x469380;I was so sure I had the right address, but it didn't work :\

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Assembly tutorial
« Reply #19 on: March 17, 2007, 10:40:10 am »
It may be because Blizzard is being more proactive on anti-hacking stuffs. Can you link me to the latest Starcraft.exe?

<edit> Thanks to Deuce for fixing that link. :)

If anybody wants to learn how to do files nicely (with thumbnails) and wants to do screenshots for some of the tutorials, I'd appreciate it. :)
« Last Edit: March 17, 2007, 10:51:51 am by iago »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Assembly tutorial
« Reply #20 on: March 17, 2007, 11:25:59 am »
I mean in the final bit of code
Code: [Select]
int fcnDisplayMessage = 0x469380;I was so sure I had the right address, but it didn't work :\
Well, the "Injector" program doesn't seem to work on the latest version of Starcraft, I'm going to have to re-write it or something. Perhaps that's your problem?

<edit> this can be fixed by running the programmer in a debugger, breaking immediately, finding advapi32!SetSecurityInfo, and setting the first 3 bytes of that to c2 1c 00. Then run the program, and you can load whatever you want.

I wrote about that here:
http://www.skullsecurity.org/wiki/index.php/Example_8#Removing_Protection
« Last Edit: March 17, 2007, 12:06:46 pm by iago »

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Assembly tutorial
« Reply #21 on: March 17, 2007, 08:49:19 pm »
After reading it, I suggest maybe it could be edited to include links to the relevant sections in parenthesis.

For example when you talk about fastcall calling conventions you could provide a (see: Calling Conventions) next to it so if people want to fully understand it before going on they can.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Assembly tutorial
« Reply #22 on: March 17, 2007, 10:01:21 pm »
After reading it, I suggest maybe it could be edited to include links to the relevant sections in parenthesis.

For example when you talk about fastcall calling conventions you could provide a (see: Calling Conventions) next to it so if people want to fully understand it before going on they can.

That's a good point. I thought about doing that before, but once I'm on a roll it's hard to stop and find a link, it breaks the chain of thought.

If I get around to proofreading, I might go back and do that.

But if anybody else wants to do it, the syntax is [[SectionLink|texttodisplay]]

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Assembly tutorial
« Reply #23 on: March 18, 2007, 01:58:04 pm »
I'll see if I can do it
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling