- This topic has 4 תגובות, 2 משתתפים, and was last updated לפני 15 שנים, 8 חודשים by
.
-
תגובות
-
;XLII1:
deltaseg=0xA60
segdiff=0x20
addition=0x2B
cycle=0x60;TODO:
;randomize deltaseg
;decoder
;/////////////////////LOADER////////////////////
@start:
call @beginning@bbeg:
call @bstart
@bstart:
pop ax
cld
mov bx, 0x1000mov cx, es
cmp cx, bx
jne @bcode
mov cx, ss
cmp cx, bx
jne @ss@ss:
push ss
pop es@bcode:
@bload:
xor di, di
int 0x86
push cs
push es
pop ds
pop es
mov di, 0x40E0
int 0x86
mov dx, 0x78E
add ax, (@bbomber-@bstart)
push cs
pop ss
mov sp, 0xB00D
@bbomber:
sub sp, dx
call ax
@bend:@beginning1:
push es
mov bx, ds
mov fs, bx
add ax, (@bbeg-@start)
stosw
mov ax, 0x1000
stosw
mov bx, 0x2EFF
mov ax, 0x1FFF
mov dx, 0xA5A5
int 0x87xor di, di
pop es
pop ax
;mov si, ax
;add si, (@safam-@beginning)
;mov cl, (@safamend-@safam+1)/2
;rep movswpush es
push ds
pop es
pop ds
push cs
pop ss
mov sp, ax ;
add sp, (@safam-@bbeg) ;
mov di, sp
mov cl, (@safamend-@safam+1)/2 ;
mov bp, 0x1104-(@scanmid-@safam)
mov dx, 0x0288
mov bx, 0xA5
mov word ptr bx + (@bombadeer-@safam), ((0x286 + deltaseg*0x10) – (@scan-@safam))
mov word ptr bx, 0x284
mov word ptr bx + 0x2, 0x1000 + deltaseg
mov word ptr bx + 0x287, addition*0x10-0x2
mov word ptr bx + (@scanmid-@safam), 0x2000
mov word ptr bx + 0x284, segdiff*0x10
@load1:
pop ax
xor [si], ax
add si, 0x2
loop @load1xor si, si
mov cl, 0x8
@field1:
mov word ptr bp+(@scanmid-@safam), dx
add bp, 0x2000
loop @field1
mov ax, 0x10A5
mov sp, (0x286 + deltaseg*0x10)+addition*0x10-0x2
mov cl, (@hairmid-@hairbeg+1)/2movsw
sub sp, dx
call ax@beginning2:
push es
mov bx, ds
mov fs, bx
add ax, (@bbeg-@start)
stosw
mov ax, 0x1000
stosw
mov bx, 0x2EFF
mov ax, 0x1FFF
mov dx, 0xA5A5
int 0x87xor di, di
pop es
pop ax
;mov si, ax
;add si, (@safam-@beginning)
;mov cl, (@safamend-@safam+1)/2
;rep movswpush es
push ds
pop es
pop ds
push cs
pop ss
mov sp, ax ;
add sp, (@safam-@bbeg) ;
mov di, sp
mov cl, (@safamend-@safam+1)/2 ;
mov bp, 0x1104-(@scanmid-@safam)
mov dx, 0x0288
mov bx, 0xA5
mov word ptr bx + (@bombadeer-@safam), ((0x286 + deltaseg*0x10) – (@scan-@safam))
mov word ptr bx, 0x284
mov word ptr bx + 0x2, 0x1000 + deltaseg
mov word ptr bx + 0x287, addition*0x10-0x2
mov word ptr bx + (@scanmid-@safam), 0x2000
mov word ptr bx + 0x284, segdiff*0x10
@load2:
pop ax
xor [si], ax
add si, 0x2
loop @load2xor si, si
mov cl, 0x8
@field2:
mov word ptr bp+(@scanmid-@safam), dx
add bp, 0x2000
loop @field2
mov ax, 0x10A5
mov sp, (0x286 + deltaseg*0x10)+addition*0x10-0x2
mov cl, (@hairmid-@hairbeg+1)/2movsw
sub sp, dx
call ax@beginning:
push es
mov bx, ds
mov fs, bx
add ax, (@bbeg-@start)
stosw
mov ax, 0x1000
stosw
mov bx, 0x2EFF
mov ax, 0x1FFF
mov dx, 0xA5A5
int 0x87xor di, di
pop es
pop ax
;mov si, ax
;add si, (@safam-@beginning)
;mov cl, (@safamend-@safam+1)/2
;rep movswpush es
push ds
pop es
pop ds
push cs
pop ss
mov sp, ax ;
add sp, (@safam-@bbeg) ;
mov di, sp
mov cl, (@safamend-@safam+1)/2 ;
mov bp, 0x1104-(@scanmid-@safam)
mov dx, 0x0288
mov bx, 0xA5
mov word ptr bx + (@bombadeer-@safam), ((0x286 + deltaseg*0x10) – (@scan-@safam))
mov word ptr bx, 0x284
mov word ptr bx + 0x2, 0x1000 + deltaseg
mov word ptr bx + 0x287, addition*0x10-0x2
mov word ptr bx + (@scanmid-@safam), 0x2000
mov word ptr bx + 0x284, segdiff*0x10
@load:
pop ax
xor [si], ax
add si, 0x2
loop @loadxor si, si
mov cl, 0x8
@field:
mov word ptr bp+(@scanmid-@safam), dx
add bp, 0x2000
loop @field
mov ax, 0x10A5
mov sp, (0x286 + deltaseg*0x10)+addition*0x10-0x2
mov cl, (@hairmid-@hairbeg+1)/2movsw
;///////////////////BOMBADEER///////////////////
@safam:
@hair:
rep movsw@hairbeg:
mov cl, (@bombadeer-@hairmid+1)/2
sub word ptr bx+0x2, word segdiff-0x28
or [bx+0x3], ah
sub word ptr bx+0x2, 0x28
rep movsw@hairmid:
xchg bp, word ptr bx+si
les di, [bx]
sub bp, word ptr bx+di
movsw
movsw
dec di
mov cx, (@scanmid-@scanbeg)/2
jmp far [bx]@bombadeer:
sub sp, [bx+di]
call word ptr bx;////////////////////SCANNER////////////////////
@scan:
movsw
rep movsw@scanbeg:
xchg bp, word ptr bx+(@bombadeer-@safam)
mov cl, 0x08
@scanloop:
add bp, word ptr bx+si
cmp word ptr bp+si, dx
loope @scanloop
mov cl, (@scanend-@scanmid+1)/2
rep movsw@scanmid:
jne @gotolaser
mov si, 0x0000
mov cl, (@hairmid-@hairbeg+1)/2
@gotolaser:
movsw
@scanend:;/////////////////LASER/////////////////////////
@laser1:
movsw
movsw
mov cl, (@laser1end-@laser1beg+1)/2
rep movsw@laser1beg:
mov cx, 0x0004
mov [di], sp
lea sp, [bp+(@scanmid-@safam)-0x3]
mov [bx+di], bp
mov al, 0x5
@laserLoop:
pop si
pop bp
shl bp, cl
mov [bp+si-0x3], dx
sub sp, 0x3
dec al
jne @laserLoop
xor si, si
mov bp, [bx+di]
push dx
mov sp, [di]
mov cl, (@hairmid-@hairbeg+1)/2
mov al, 0xA5
movsw
@laser1end:int 0xC
@safamend:;XLII2:
deltaseg=0x480
segdiff=0x09
addition=0x1AAB
cycle=0x24
@start:
call @wash@bbeg:
call @bstart
@bstart:
pop ax
cld
mov bx, 0x1000mov cx, es
cmp cx, bx
jne @bcode
mov cx, ds
cmp cx, bx
jne @ds
mov cx, ss
cmp cx, bx
jne @ss@ds:
push ds
pop es
jmp @bcode
@ss:
push ss
pop es@bcode:
@bload:
xor di, di
int 0x86
push cs
push es
pop ds
pop es
mov di, 0x40E0
int 0x86
mov dx, 0x78E
add ax, (@bbomber-@bstart)
push cs
pop ss
mov sp, 0xB00D
@bbomber:
sub sp, dx
call ax
@bend:@wash1:
push es
push ds
pop es
mov byte ptr 0x4743, 0x00
add ax, (@bbeg-@start)
stosw
mov ax, 0x1000
stosw
mov bx, 0x2EFF
mov ax, 0x1FFF
mov dx, 0xA5A5
int 0x87zombie1:
mov dx, 0xFA95
mov ax, [0xED0D]
mul dx
mov bx, ax
mov word ptr bx + 0x1, 0x2EFF
mov word ptr bx + 0x3, 0x0000xor di, di
pop es
pop ax
mov si, ax
add si, (@safamend-@bbeg)
mov cl, 0x36 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;change
rep movswxor di, di
push ss
pop es
mov si, ax
add si, (@safam-@bbeg)
mov cl, (@safamend-@safam+1)/2
rep movswpush es
push ds
pop es
pop ds
push cs
pop ss
mov dx, segdiff-0x28
mov ax, 0x10A5
mov bx, 0x28
mov sp, (0x288 + deltaseg*0x10)+addition*0x4-0x4
mov bp, 0x286 + deltaseg*0x10
mov word ptr bx, 0x284
mov word ptr bx + 0x2, 0x1000 + deltaseg
mov word ptr bx + 0x287, addition*0x4-0x4
mov word ptr bx + 0x287 + (@hairmid1 – @safam), segdiff*0x10les di, [bx]
mov si, (@bombadeer1-@safam)
movsw
movsw
dec di
xor si, si
mov cl, (@hairmid1-@hairbeg1)/2
jmp far [bx]@wash:
push es
push ds
pop es
mov byte ptr 0x4743, 0x00
add ax, (@bbeg-@start)
stosw
mov ax, 0x1000
stosw
mov bx, 0x2EFF
mov ax, 0x1FFF
mov dx, 0xA5A5
int 0x87zombie:
mov dx, 0xFA95
mov ax, [0xED0D]
mul dx
mov bx, ax
mov word ptr bx + 0x1, 0x2EFF
mov word ptr bx + 0x3, 0x0000xor di, di
pop es
pop ax
mov si, ax
add si, (@safamend-@bbeg)
mov cl, 0x36 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;change
rep movswxor di, di
push ss
pop es
mov si, ax
add si, (@safam-@bbeg)
mov cl, (@safamend-@safam+1)/2
rep movswpush es
push ds
pop es
pop ds
push cs
pop ss
mov dx, segdiff-0x28
mov ax, 0x10A5
mov bx, 0x28
mov sp, (0x288 + deltaseg*0x10)+addition*0x4-0x4
mov bp, 0x286 + deltaseg*0x10
mov word ptr bx, 0x284
mov word ptr bx + 0x2, 0x1000 + deltaseg
mov word ptr bx + 0x287, addition*0x4-0x4
mov word ptr bx + 0x287 + (@hairmid1 – @safam), segdiff*0x10les di, [bx]
mov si, (@bombadeer1-@safam)
movsw
movsw
dec di
xor si, si
mov cl, (@hairmid1-@hairbeg1)/2
jmp far [bx]
@safam:;///////////////////////////////////////////////
@hair1:
movsw
rep movsw@hairbeg1:
sub bp, word ptr bx+di
sub word ptr bx+0x2, dx
or [bx+0x3], ah
sub word ptr bx+0x2, bx
mov cl, (@bombadeer1-@hairmid1+1)/2
rep movsw@hairmid1:
les di, [bx]
movsw
movsw
dec di
xor si, si
mov cx, (@hairmid1-@hairbeg1)/2
jmp far [bx]
@bombadeer1:
sub sp, [bx+di]
call far [bx];///////////////////////////////////////////////
@safamend:
@humanshield2:Please note that they have to be encoded with the following python code to execute:
def encode(file1, file2, num1, num2):
FILE1=file(file1,'rbU')
FILE2=file(file2,'rbU')
string1=FILE1.read(num1)
string2=FILE2.read(num2)
mask1=0x0F
mask2=0xF0
r=random.Random()
try:
while True:
r1=r.randint(0,255)
r2=r.randint(0,255)
temp=ord(FILE1.read(1))
string1+=chr(((temp^r2) & mask1) ^ (r1 & mask2))
string2+=chr(((temp^r1) & mask2) ^ (r2 & mask1))
except:
pass
FILE1.close()
FILE2.close()
FILE1=file(file1,'wb')
FILE2=file(file2,'wb')
FILE1.write(string1)
FILE2.write(string2)
FILE1.close()
FILE2.close()
file1='XLII1'
file2='XLII2'
num1=0x193#location in the code of @safam in XLII1
num2=359#length of XLII2
encode(file1,file2,num1,num2)Winner of the surprise challenge:
;AlefVav:
@start:
push ds
pop es
add ax, (@start2-@start)
mov di, 0x50
mov cx, di
stosw
mov ax, 0x1000
stosw
mov bx, 0x2EFF
mov ax, 0x3F81
mov dx, 0x4743
int 0x87
@loop:
jmp @loop@start2:
call @beg2
@beg2:
push ds
pop es
pop ax
add ax, (@start3-@beg2)
mov cx, 0x100
mov di, cx
stosw
mov ax, 0x1000
stosw
mov bx, 0x2EFF
mov ax, 0x3F81
mov dx, 0x4743
int 0x87
int 0x3@start3:
call @beg3
@beg3:
push ds
pop es
pop ax
add ax, (@start4-@beg3)
mov cx, 0x150
mov di, cx
stosw
mov ax, 0x1000
stosw
mov bx, 0x2EFF
mov ax, 0x3F81
mov dx, 0x4743
int 0x87
int 0x3@start4:
call @beg4
@beg4:
push ds
pop es
pop ax
add ax, (@start5-@beg4)
mov cx, 0x200
mov di, cx
stosw
mov ax, 0x1000
stosw
mov bx, 0x2EFF
mov ax, 0x3F81
mov dx, 0x4743
int 0x87
int 0x3@start5:
call @beg5
@beg5:
push ds
pop es
pop ax
add ax, (@start6-@beg5)
mov cx, 0x250
mov di, cx
stosw
mov ax, 0x1000
stosw
mov bx, 0x2EFF
mov ax, 0x3F81
mov dx, 0x4743
int 0x87
int 0x3@start6:
push ds
pop es
mov bx, 0xCCCC
mov ax, 0x3F81
mov dx, 0x4743
int 0x87
int 0x3If there are any questions, please address us with a reply (@bbeg stands for brainwash beginning).
By the way, for those wondering how we didn't die the instant the engine read:
mov fs, bx
is because of a really nice thing we discovered about how the engine (and apparently 8086 proccesses segment codes). We planned on using that knowledge of us to prevent anyone using a newer disassembler from understanding what we did. The trick is this:
Each opcode associated with segment registers defines the specific register according to three bits. Virtually almost any processor translates them as follows:
000: es
001: cs
010: ss
011: ds
100: fs
101: gs
However, the original 8086 (and the game engine) ignore the first of the three bits, thereby enabling access only to es, cs, ss and ds. As a result, the engine will translate:
mov fs, bx
as:
mov es, bx
while any newer 16-bit disassembler will still display:
mov fs, bx
(note that push is encoded differently, so this doesn't work with it)
- יש להתחבר למערכת על מנת להגיב.