cRACKER's n0TES - A Compilation Of Knowledge

Bitmanipulation (Cruehead)

First of all, let's talk about what a byte really is...for many of you this is nothing new, so you can skip this part if you wish. A byte consists of 8 bits which all can hold a value of either 0 or 1. For example, here is how the letter 'X' looks like in binary form:

X - 01011000

How do I know this? You can get this information pretty quickly ... First you need either the HEX value of the letter 'X' or the DEC value. A very comfortable way of getting the value is using our beloved debugger - SoftICE. First of all enter SoftICE (Ctrl-D) and on the commandline enter:

? 'X'

Now you'll see something like '00000058 0000000088'.That means that 58 is the hex value of the letter X and that 88 is the decimal value. You can get this information in other ways as well, looking it up using an ASCII table is perhaps the best way. Now that you know the dec value of the letter you can load up the calculator that comes along with windows. It's one of the few programs that microsoft has developed that actually can be usefull. So, now that you're in the calculator, make sure that you have choosed the 'advanced' setting in the menu and enter the dec value that you previously got - 88 in this case. Now click on the 'bin' check box .. and voila - You got the binary form of the letter 'X' ... nice, huh?

Ok, now let's move on to the part that you all have been waiting for - the bitmanipulation instructions!

There are a couple of these instructions, and you'll very often see these when you're on the 'cracking highway'. We'll talk about the most common ones, beginning with ...

·XOR·
This instructions is a very important one, and perhaps the biggest reason to why this essay is written. What kind of information can we get about this? First of all, let's take a look what PcHelp has to say about it:

'Performs a bitwise exclusive OR of the operands and returns the result in the destination.'

Ok, did that brighten things up for you? Well, didnt think so either, so I'll try to explain it. Let's go back to our example again and use the letter 'X'. What do you think an instruction like 'XOR 88,65' would do? As you already know - 88 is the dec value of the letter 'X' and 65 is the dec value of the letter 'A' (you should be able to figure that out by now). Let's take a look what happends:


  Character     Dec Value         Binary form
  X             88                01011000
  A             65                01000001

  Result after XOR 85, 65:
                25                00011001

Ok, Let's focus on the binary part. What XOR really does it that it compares one bit at a time. If they are the same, the result bit is set to 0, if they are different the result bit is set to 1. We can show it like this instead:

  0011
  0101
  ----
  0110

Ok, now that you (hopefully) understand how it works, your next question will problaby be something like 'What can it be used for?'. As you might now, XOR is used quite alot when it comes to simple encryption needs. I'll show you why here:

XOR 88,65 = 25 (from our example)
XOR 25,88 = 65
XOR 25,65 = 88

You see how easy it is to get the original value? Take a look at this:

  X XOR'ed with 57 is 89 (note that X stands for 'unknown' here)

And now you want to know what X is ... then you can simply use XOR 57,89 and you'll get the value of X. Another thing that this instruction can be good for is if you want to set anything to zero ... let's say that you want to empty the EAX register. There are a few ways of doing this, including:

  SUB EAX,EAX
  MOV EAX,0

Sure, both of these instructions works fine, but we can use XOR instead. .. but how and why?

  XOR EAX,EAX

That also sets EAX to zero ... the only difference is that this method is faster (ie takes less CPU time) than the others and that's why it's commonly used. So now when you see this while cracking, you'll know what's going on. All the other bitmanipulation instructions works simular, lets take a look at ...

·AND·
Now that you know how XOR works, It's easy to understand how AND works ... We'll use our example once again:


  Character     Dec Value         Binary form
  X             88                01011000
  A             65                01000001

  Result after AND 85, 65:
                64                01000000

Also AND compares all the bits one by one.
If both are set to 1, the result bit is also set to 1, otherwise the result bit is set to 0. Ok, let's quickly move on to another instruction.

·OR·
Once again our example is used:


  Character     Dec Value         Binary form
  X             88                01011000
  A             65                01000001

  Result after OR 85, 65:
                89                01011001

As like the others, also OR compares the bits one by one. If both bits are 0, set the result bit to 0, otherwise set it to 1.

The cRACKER's n0tES are divided into 10 main parts:

00. INDEX

01. Assembly for Crackers (CoRN2)

02. SoftICE (Boot Menu, Setup, Commands)

03. Breakpoints & Win API Details

04. Jump Instructions

05. SET Instructions

06. Tips & Tricks for Cracking

07. Window Messages For Crackers

08. Identifying Functions, Arguments, and Variables (Rhayader)

09. Commercial Protection Systems

10. Bitmanipulation (Cruehead)

11. General Cracking Theory

12. FAQ

+A. How to contact me

+B. What's New?