IC卡密码校验函数
1000DA46 53 PUSH EBX ;密码长度
1000DA47 56 PUSH ESI ;密码
1000DA48 66:8B9C24 50010>MOV BX,WORD PTR SS:[ESP+150]
1000DA50 57 PUSH EDI ;设备号
1000DA51 66:83FB 03 CMP BX,3
1000DA55 74 09 JE SHORT MWIC_32.1000DA60
1000DA57 66:B8 71FF MOV AX,0FF71
1000DA5B E9 AF000000 JMP MWIC_32.1000DB0F
1000DA60 33C0 XOR EAX,EAX
1000DA62 8D4B 05 LEA ECX,DWORD PTR DS:[EBX+5]
1000DA65 884424 0E MOV BYTE PTR SS:[ESP+E],AL
1000DA69 884C24 0F MOV BYTE PTR SS:[ESP+F],CL
1000DA6D 884424 11 MOV BYTE PTR SS:[ESP+11],AL
1000DA71 884424 12 MOV BYTE PTR SS:[ESP+12],AL
1000DA75 884424 13 MOV BYTE PTR SS:[ESP+13],AL
1000DA79 884424 14 MOV BYTE PTR SS:[ESP+14],AL
1000DA7D C64424 0C AA MOV BYTE PTR SS:[ESP+C],0AA
1000DA82 C64424 0D 64 MOV BYTE PTR SS:[ESP+D],64
1000DA87 C64424 10 79 MOV BYTE PTR SS:[ESP+10],79
1000DA8C 66:85DB TEST BX,BX
1000DA8F 7E 1C JLE SHORT MWIC_32.1000DAAD
1000DA91 8D7C24 15 LEA EDI,DWORD PTR SS:[ESP+15]
1000DA95 8BB424 58010000 MOV ESI,DWORD PTR SS:[ESP+158]
1000DA9C 0FB7C3 MOVZX EAX,BX
1000DA9F 8BC8 MOV ECX,EAX
1000DAA1 C1E9 02 SHR ECX,2
1000DAA4 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
1000DAA6 8BC8 MOV ECX,EAX
1000DAA8 83E1 03 AND ECX,3
1000DAAB F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
1000DAAD 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+C]
1000DAB1 50 PUSH EAX
1000DAB2 66:8BC3 MOV AX,BX
1000DAB5 66:05 0900 ADD AX,9
1000DAB9 50 PUSH EAX
1000DABA E8 F137FFFF CALL MWIC_32.100012B0
1000DABF 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+C]
1000DAC3 8BB424 50010000 MOV ESI,DWORD PTR SS:[ESP+150]
1000DACA 0FBFCB MOVSX ECX,BX
1000DACD 66:83C3 0A ADD BX,0A
1000DAD1 52 PUSH EDX
1000DAD2 88440C 19 MOV BYTE PTR SS:[ESP+ECX+19],AL
1000DAD6 53 PUSH EBX
1000DAD7 56 PUSH ESI
1000DAD8 E8 8341FFFF CALL MWIC_32.10001C60
1000DADD 66:85C0 TEST AX,AX
1000DAE0 75 2D JNZ SHORT MWIC_32.1000DB0F
1000DAE2 8D8424 AC000000 LEA EAX,DWORD PTR SS:[ESP+AC]
1000DAE9 50 PUSH EAX
1000DAEA 56 PUSH ESI
1000DAEB E8 F043FFFF CALL MWIC_32.10001EE0
1000DAF0 66:85C0 TEST AX,AX
1000DAF3 75 1A JNZ SHORT MWIC_32.1000DB0F
1000DAF5 80BC24 AD000000>CMP BYTE PTR SS:[ESP+AD],0
1000DAFD 66:B8 0000 MOV AX,0
1000DB01 74 0C JE SHORT MWIC_32.1000DB0F
1000DB03 66:0FB68424 AD0>MOVZX AX,BYTE PTR SS:[ESP+AD]
1000DB0C 66:F7D8 NEG AX
1000DB0F 5F POP EDI
1000DB10 5E POP ESI
1000DB11 5B POP EBX
各位大哥看看,我该从什么地方入手??
[课程]Linux pwn 探索篇!