понедельник, 14 января 2008
Исходник.
читать дальше
; revision history:
; 17 April 1998 - Just started :-)
; 21 April 1998 - First public release
; 29 April 1998 - Minor changes
; 30 July 1998 - Added password for 0xAAAA chechsum
;tasm /ml /m9 /zn award_cr.asm
;tlink /t/x award_cr.obj
.MODEL Tiny,C
LOCALS
.CODE
org 100h
P386
GETCRC macro
xor bx,bx
xor ah,ah
mov bl,cl
or ch,ch
jz _ret0
mov al,ch
rol bx,2
add bx,ax
rol ecx,16
or cl,cl
jz _ret1
mov al,cl
rol bx,2
add bx,ax
or ch,ch
jz _ret1
mov al,ch
rol bx,2
add bx,ax
or dl,dl
jz _ret1
mov al,dl
rol bx,2
add bx,ax
or dh,dh
jz _ret1
mov al,dh
rol bx,2
add bx,ax
rol edx,16
or dl,dl
jz _ret2
mov al,dl
rol bx,2
add bx,ax
or dh,dh
_ret2
mov al,dh
rol bx,2
add bx,ax
_ret2:
rol edx,16
_ret1:
rol ecx,16
_ret0:
endm
start:
mov dx,offset msg
mov ah,9
int 21h
cld
mov ax,0F000h
mov es,ax
xor bx,bx
_loop:
mov di,bx
mov si,offset pattern
mov cx,18
rep cmpsw
jcxz _award
inc bx
cmp bx,0FFFFh-36
jne _loop
mov dx,offset badbios
mov ah,9
jmp _p
_award:
mov cx,es:[0EC60h]
mov ah,9
mov dx,offset m1eaa
cmp cx,01EAAh
je _p
mov dx,offset m0604
cmp cx,00604h
je _p
mov dx,offset mfea3
cmp cx,0FEA3h
je _p
mov dx,offset mbea2
cmp cx,0BEA2h
je _p
mov dx,offset maaaa
cmp cx,0AAAAh
je _p
mov word ptr _label+2,cx
xor ecx,ecx
xor edx,edx
mov cl,xlat[0]
rol ecx,16
_proc2:
rol edx,16
_proc1:
rol ecx,16
_proc:
GETCRC
_label:
dw 0FB81h,0
je _found
xor bx,bx
mov bl,cl
mov cl,xlat[bx]
cmp cl,'.'
jne _proc
mov cl,xlat[0]
mov bl,ch
mov ch,xlat[bx]
cmp ch,'.'
jne _proc
mov ch,cl
rol ecx,16
mov bl,cl
mov cl,xlat[bx]
cmp cl,'.'
jne _proc1
mov cl,xlat[0]
mov bl,ch
mov ch,xlat[bx]
cmp ch,'.'
jne _proc1
mov ch,cl
mov bl,dl
mov dl,xlat[bx]
cmp dl,'.'
jne _proc1
mov dl,xlat[0]
mov bl,dh
mov dh,xlat[bx]
cmp dh,'.'
jne _proc1
mov dh,dl
rol edx,16
mov bl,dl
mov dl,xlat[bx]
cmp dl,'.'
jne _proc2
mov dl,xlat[0]
mov bl,dh
mov dh,xlat[bx]
cmp dh,'.'
jne _proc2
_fail:
ret
_found:
push edx
mov ah,2
mov dl,cl
or dl,dl
jz _ok1
int 21h
mov dl,ch
or dl,dl
jz _ok1
int 21h
rol ecx,16
mov dl,cl
or dl,dl
jz _ok1
int 21h
mov dl,ch
or dl,dl
jz _ok1
int 21h
pop ecx
mov dl,cl
or dl,dl
jz _ok0
int 21h
mov dl,ch
or dl,dl
jz _ok0
int 21h
rol ecx,16
mov dl,cl
or dl,dl
jz _ok0
int 21h
mov dl,ch
or dl,dl
jz _ok0
_p:
int 21h
_ok0:
ret
_ok1:
pop eax
ret
msg db 'Resolving AWARD BIOS default passwords',13,10
db 'Version as of July 30 1996',13,10
db 'Copyleft Award Software :-)',13,10
db 'Co-authors: Alex Bachin ',13,10
db ' Alexey Novojilov
',13,10
db 'Note: pre-computed passwords are: KDD, ZBAAACA, ZAAADA, ZJAAADC,
UAABBA',13,10
db 'Wait, please...$'
badbios db 13,10,'Unknown or non-AWARD bios. Contact authors, please!$'
m0604 db 'KDD$'
mfea3 db 'ZBAAACA$'
mbea2 db 'ZAAADA$'
m1eaa db 'ZJAAADC$'
maaaa db 'UAABBA$'
pattern db 056h,053h,051h,052h,033h,0F6h,033h,0DBh
db 032h,0E4h,0B9h,008h,000h,08Ah,082h,0A2h
db 000h,00Ah,0C0h,074h,009h,0D1h,0C3h,0D1h
db 0C3h,003h,0D8h,046h,0E2h,0EFh,093h,05Ah
db 059h,05Bh,05Eh,0C3h
xlat db
'A...............................................................'
db '.BCDEFGHIJKLMNOPQRSTUVWXYZ.'
end start
Hа PS/2 можно попытаться сделать так:
;------------ ps2psw.asm
Ideal
Model Tiny
CodeSeg
Org 100h
Start:
Mov si,OffSet MsCopRt
Call PutSt
In al,92h
Test al,08h
Jnz @@Crk
Mov si,OffSet MsPsw1
Call PutSt
Call PutPsw
Mov si,OffSet MsPsw2
Call PutSt
Mov bl,0Eh
Mov ah,0
Mov al,bl
Call SetCMOS
Ret
@@Crk:
Mov si,OffSet MsCrk1
Call PutSt
Mov bl,0Eh
Mov ah,80h
Mov al,bl
Call SetCMOS
Mov si,OffSet MsCrk2
Call PutSt
Ret
MsCopRt Db 'PS/2 PassWord Cracker v1.00 by Alex Yakovlev.', 13, 10, 13,
10, 0
Proc PutPsw
Push ax bx cx dx
Mov cx,7
Mov dl,38h
@@1: Mov al,dl
Call GetCMOS
And al,7Fh
Mov bx,OffSet Tabl
Xlat
Call PutCh
Inc dl
Loop @@1
Pop dx cx bx ax
Ret
EndP
Tabl Db 0, 0 ; 00 .. 01 - ?, ESC
Db '+1234567890=' ; 02 .. 13 - 1st row
Db 0, 0 ; 14 .. 15 - BS, Tab
Db 'QWERTYUIOP[]' ; 16 .. 27 - 2nd row
Db 0, 0 ; 28 .. 29 - Enter, Ctrl
Db 'ASDFGHJKL', 0, 0 ; 30 .. 40 - 3rd row
Db '#' ; 41 .. 41 - ...
Db 0 ; 42 .. 42 - LShift
Db ';' ; 43 .. 43 - ...
Db 'ZXCVBNM', 0, 0 ; 44 .. 52 - 4th row
MsPsw1 Db "The PassWord is: '", 0
MsPsw2 Db "'.", 13, 10, 0
MsCrk1 Db 'Cracking CMOS password checking...', 13, 10, 0
MsCrk2 Db 'And now, please, turn the computer off and on,', 13, 10
Db ' ... and run this program again.', 13, 10, 0
Proc PutCh
; In: AL - Char
;
Push ax dx
Mov ah,2
Mov dl,al
Int 21h
Pop dx ax
Ret
EndP
Proc PutSt
; In: DS:SI - String
;
Push ax si
@@1:
LodSb
Or al,al
Jz @@2
Call PutCh
Jmp @@1
@@2:
Pop si ax
Ret
EndP
Proc GetCMOS
; In: AL = Index
; Out: AL = Value
;
Cli
Out 70h,al
Jmp Short $+2
In al,71h
Sti
RetN
EndP
Proc SetCMOS
; In: AL = Index, AH = Value
;
Cli
Out 70h,al
Jmp Short $+2
Mov al,ah
Out 71h,al
Sti
RetN
EndP
Proc CrcCMOS
Push ax bx cx dx
Mov bl,10h
Mov bh,32h
;;;
Mov dx,0FFFFh
Xor ah,ah
Mov cl,4
@@1:
Mov al,bl
Call GetCMOS
;;;;;
Xor dh,al
Mov al,dh
Rol ax,cl
Xor dx,ax
Rol ax,1
Xchg dh,dl
Xor dx,ax
Ror ax,cl
And al,0E0h
Xor dx,ax
Ror ax,1
Xor dh,al
;;;;;
Inc bl
Cmp bl,bh
Jne @@1
;;;
Mov al,32h
Mov ah,dh
Call SetCMOS
Mov al,33h
Mov ah,dl
Call SetCMOS
Pop dx cx bx ax
Ret
EndP
End Start
-
-
14.01.2008 в 08:50Попробуйте хоть немного измениться, может люди потянутся )))
-
-
14.01.2008 в 12:16-
-
15.01.2008 в 09:33-
-
16.01.2008 в 07:17-
-
16.01.2008 в 08:30