So I was going to walk dlStevens through my standard assembly reference this weekend. Instead, I decided to write a guide that anybody can use. It's supposed to be a beginner's guide. Knowing C is a definite asset, and some programming experience is probably a requirement.
I've only made it to the first example so far, which is the Starcraft CDKey checker (when you're installing the game). The ultimate goal is to show some cracking, keygen-writing, some buffer overflow exploitation, and writing a hack for a game (very basic, for an old version, but that's beside the point). I pretty much want to cover all the cool stuff. If this goes well, I might extend it to do some other neat things, depending on what people want.
Plus, I finally get to use the domain name I bought a few months ago :)
http://www.skullsecurity.org/wiki
That's awesome. :)
I should mention, I've done absolutely no proofreading, anybody feel free to look for grammar/spelling mistakes and fix them.
Quote from: iago on March 13, 2007, 12:13:00 AM
I should mention, I've done absolutely no proofreading, anybody feel free to look for grammar/spelling mistakes and fix them.
I have been doing so, but I have not been able to create an account:
Fatal error: Call to undefined function mail() in /home/ron/skullsecurity/wiki/includes/UserMailer.php on line 152Scratch that, I just cannot input an email address. :'(
Ooh! Can I write stuff about coding security practices?
IMO, making sure someone completely understands addressing needs to be understood before they jump into larger examples.
I spent a good part of today working on it, especially the "stack" section and the examples. So if anybody wants to have a look, there's plenty more content there!
Oh and I realized the humor today on a site about x86 by x86.. :)
Quote from: MyndFyrex86] link=topic=8799.msg111869#msg111869 date=1173810663]
Ooh! Can I write stuff about coding security practices?
I've been aiming more from the taking-stuff-apart side, but of course the more content the better.
What did you have in mind, specifically? Could it be part of a section other than "Assembly", or does it still fit with that?
Quote from: unTactical on March 13, 2007, 04:31:07 PM
IMO, making sure someone completely understands addressing needs to be understood before they jump into larger examples.
How do you mean, exactly? I went over a little bit about memory in the first page, but not a whole lot. What, specifically, do you think I should talk about?
Keep in mind that this guide is for reading assembly, not writing it, so I didn't bother with a lot of the boring addressing stuff I learned back in school, only what I find I actually use. But I'm open to suggestions if you think there's anything specifically I ought to mention.
I fixed it so that the image in the top-left corner randomly chooses an image from OSPAP and resizes it. :)
(Up till now, it was just a selection of static images)
I LOVE IAGO!
Quote from: dlStevens on March 13, 2007, 09:09:55 PM
I LOVE IAGO!
It's encouragement like that that'll help me finish this :)
Also having nothing to do at work helps...
Quote from: iago on March 13, 2007, 10:12:24 PM
Quote from: dlStevens on March 13, 2007, 09:09:55 PM
I LOVE IAGO!
It's encouragement like that that'll help me finish this :)
Also having nothing to do at work helps...
Well, in that case:
I LOVE iAGO!
I always thought I'd never understand ASM, but (seriously) since iago's tutorials I've *actually* understood quite a lot.
and I love it!
Quote from: iago on March 13, 2007, 05:59:34 PM
How do you mean, exactly? I went over a little bit about memory in the first page, but not a whole lot. What, specifically, do you think I should talk about?
Keep in mind that this guide is for reading assembly, not writing it, so I didn't bother with a lot of the boring addressing stuff I learned back in school, only what I find I actually use. But I'm open to suggestions if you think there's anything specifically I ought to mention.
I suppose if you are just reading the code, its not as big of a deal but there is a huge difference between stack addressing / extended addressing / relative addressing / etc that can cause all kinds of problems if you don't know which to use when and how to figure out what the effective address of any given operand is.
Quote from: unTactical on March 14, 2007, 02:48:43 PM
I suppose if you are just reading the code, its not as big of a deal but there is a huge difference between stack addressing / extended addressing / relative addressing / etc that can cause all kinds of problems if you don't know which to use when and how to figure out what the effective address of any given operand is.
Yeah, that's not terribly important. I go over relative addressing very briefly, in like one sentence, and I talk about the stack a lot. But I don't talk about any kind of variable storage other than the stack, because when you're reading assembly that's pretty much common sense.
Also, I don't know enough about addressing to confidently talk about that, either.
Maybe I'll add something then when I have the time.
So, I've done up to the end of making a functional hack for Starcraft.
Is anybody still reading? Are there any tough parts/bottlenecks that I should go back and work on?
Are all the explanations clear enough?
I'm going to stop here for awhile till I get some feedback and inspiration.
One major question is: what more do you want? What should I add, or work on? What interests you? I'm willing to teach! :)
<Edit>
Here's a screenshot of the hack I made in the walkthrough:
(http://www.skullsecurity.org/wiki/images/f/f6/Screenshot.jpg)
I'd really like to know the offset for the current version. I thought it was 0x5031B0, but it's not working.
Also, your link to the Injector is broken (it points to skullsecurity.com).
Quote from: rabbit on March 16, 2007, 09:44:06 PM
I'd really like to know the offset for the current version. I thought it was 0x5031B0, but it's not working.
Also, your link to the Injector is broken (it points to skullsecurity.com).
What do you mean by "offset"? There are a lot of offsets.
I had trouble using TSearch with the current version, plus I don't want to stir up legal trouble, but if you follow my guide you should be able to find any of the same functions on the newest version.
Oops @ the link -- I have to run right away, can somebody fix it?
I mean in the final bit of codeint fcnDisplayMessage = 0x469380;I was so sure I had the right address, but it didn't work :\
It may be because Blizzard is being more proactive on anti-hacking stuffs. Can you link me to the latest Starcraft.exe?
<edit> Thanks to Deuce for fixing that link. :)
If anybody wants to learn how to do files nicely (with thumbnails) and wants to do screenshots for some of the tutorials, I'd appreciate it. :)
Quote from: rabbit on March 17, 2007, 07:45:20 AM
I mean in the final bit of codeint fcnDisplayMessage = 0x469380;I was so sure I had the right address, but it didn't work :\
Well, the "Injector" program doesn't seem to work on the latest version of Starcraft, I'm going to have to re-write it or something. Perhaps that's your problem?
<edit> this can be fixed by running the programmer in a debugger, breaking immediately, finding advapi32!SetSecurityInfo, and setting the first 3 bytes of that to c2 1c 00. Then run the program, and you can load whatever you want.
I wrote about that here:
http://www.skullsecurity.org/wiki/index.php/Example_8#Removing_Protection
After reading it, I suggest maybe it could be edited to include links to the relevant sections in parenthesis.
For example when you talk about fastcall calling conventions you could provide a (see: Calling Conventions) next to it so if people want to fully understand it before going on they can.
Quote from: Warriorx86] link=topic=8799.msg112309#msg112309 date=1174178959]
After reading it, I suggest maybe it could be edited to include links to the relevant sections in parenthesis.
For example when you talk about fastcall calling conventions you could provide a (see: Calling Conventions) next to it so if people want to fully understand it before going on they can.
That's a good point. I thought about doing that before, but once I'm on a roll it's hard to stop and find a link, it breaks the chain of thought.
If I get around to proofreading, I might go back and do that.
But if anybody else wants to do it, the syntax is [[SectionLink|texttodisplay]]
I'll see if I can do it