flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > OS Construction > Just for the H@CK of it
Author
Thread Post new topic Reply to topic
Mike Gonta



Joined: 26 Dec 2010
Posts: 241
Mike Gonta 10 Jan 2017, 23:36
Just for the H@CK of it here is an x86 (but not x64) executable signature which is essentially a nop in that it only
modifies the flags (but not the carry flag). An executable signature can be easily located and also run as code
without ill effect.
Code:
  db "H@CK"

disassembles as:
Code:
  dec ax ; 'H'
  inc ax ; '@'
  inc bx ; 'C'
  dec bx ; 'K'

The interesting thing is that the same register pair of inc / dec in close proximity to each other (they don't
necessarily have to follow each other, or be any particular order) will not normally be found in working code.
Because of this, really only the first two (or 4 in 32 bit) need to be located and the rest of the "word" makes
a nice "Easter Egg" for H@CKers disassembling the code.

_________________
Mike Gonta
the-idiom - journey of discovery

https://the-idiom.com
Post 10 Jan 2017, 23:36
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 12229
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 12 Jan 2017, 09:48
online assembler wrote:

0: 66 48 dec ax
2: 66 40 inc ax
4: 66 43 inc bx
6: 66 4b dec bx


48,40,43,4b hex ascii is H@CK

very cool indeed, definitely not coincidence Idea
Post 12 Jan 2017, 09:48
View user's profile Send private message Reply with quote
Mike Gonta



Joined: 26 Dec 2010
Posts: 241
Mike Gonta 12 Jan 2017, 10:05
sleepsleep wrote:
online assembler wrote:
0: 66 48 dec ax
2: 66 40 inc ax
4: 66 43 inc bx
6: 66 4b dec bx
48,40,43,4b hex ascii is H@CK

Actually, that's "fHf@fCfK".
In 32 bit asm it's:
Code:
  dec eax ; 'H'
  inc eax ; '@'
  inc ebx ; 'C'
  dec ebx ; 'K'

_________________
Mike Gonta
the-idiom - journey of discovery

https://the-idiom.com
Post 12 Jan 2017, 10:05
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8268
Location: Kraków, Poland
Tomasz Grysztar 12 Jan 2017, 10:22
For 64-bit mode you may try this one:
Code:
db 'ASM['
Code:
0:  41 53  push r11
2:  4D 5B  pop r11
Or perhaps you can find something better?
Post 12 Jan 2017, 10:22
View user's profile Send private message Visit poster's website Reply with quote
Mike Gonta



Joined: 26 Dec 2010
Posts: 241
Mike Gonta 12 Jan 2017, 10:57
Tomasz Grysztar wrote:
For 64-bit mode you may try this one:
Code:
db 'ASM['
Code:
0:  41 53  push r11
2:  4D 5B  pop r11
Or perhaps you can find something better?
There's nothing better than this!
Code:
use32
  inc esi
  inc ecx
  push ebx
  dec ebp
  dec esi
  dec ecx
  pop ebx
  inc ebp
Code:
  db "FASM"

_________________
Mike Gonta
the-idiom - journey of discovery

https://the-idiom.com
Post 12 Jan 2017, 10:57
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 12229
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 12 Jan 2017, 11:00
Mike Gonta wrote:
sleepsleep wrote:
online assembler wrote:
0: 66 48 dec ax
2: 66 40 inc ax
4: 66 43 inc bx
6: 66 4b dec bx
48,40,43,4b hex ascii is H@CK

Actually, that's "fHf@fCfK".
In 32 bit asm it's:
Code:
  dec eax ; 'H'
  inc eax ; '@'
  inc ebx ; 'C'
  dec ebx ; 'K'


idk why the online assembler prepend 66 there, i tried another online assembler,

Image

you are correct, definitely H@CK using xxd dump

Embarassed Embarassed Embarassed
just realize i am using ax and bx, Embarassed Embarassed Embarassed my low end cheap processor Laughing Laughing Laughing
Post 12 Jan 2017, 11:00
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 12229
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 12 Jan 2017, 11:06
Mike Gonta wrote:
Tomasz Grysztar wrote:
For 64-bit mode you may try this one:
Code:
db 'ASM['
Code:
0:  41 53  push r11
2:  4D 5B  pop r11
Or perhaps you can find something better?
There's nothing better than this!
Code:
use32
  inc esi
  inc ecx
  push ebx
  dec ebp
  dec esi
  dec ecx
  pop ebx
  inc ebp
Code:
  db "FASM"


wow! amazing!
Post 12 Jan 2017, 11:06
View user's profile Send private message Reply with quote
Mike Gonta



Joined: 26 Dec 2010
Posts: 241
Mike Gonta 12 Jan 2017, 11:07
Mike Gonta wrote:
There's nothing better than this!
Code:
  db "FASM"
Of course, to be fair to the "other" assemblers, these are just as good.

_________________
Mike Gonta
the-idiom - journey of discovery

https://the-idiom.com
Post 12 Jan 2017, 11:07
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19876
Location: In your JS exploiting you and your system
revolution 12 Jan 2017, 14:14
Mike Gonta wrote:
There's nothing better than this!
Code:
use32
  inc esi
  inc ecx
  push ebx
  dec ebp
  dec esi
  dec ecx
  pop ebx
  inc ebp
Code:
  db "FASM"
I get this: FASMNI[E
Post 12 Jan 2017, 14:14
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2023, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.