Continue to Site

Welcome to EDAboard.com

Welcome to our site! EDAboard.com is an international Electronics Discussion Forum focused on EDA software, circuits, schematics, books, theory, papers, asic, pld, 8051, DSP, Network, RF, Analog Design, PCB, Service Manuals... and a whole lot more! To participate you need to register. Registration is free. Click here to register now.

Register Log in

Please explain how to eliminate else conditions in this code.

Status
Not open for further replies.
jayanth.devarayanadurga

jayanth.devarayanadurga

Banned
Joined
Dec 4, 2012
Messages
4,280
Helped
822
Reputation
1,654
Reaction score
791
Trophy points
1,393
Location
Bangalore, India
Activity points
0
Please explain how to eliminate the else conditions in this code.

Code C - [expand]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372

void proc1() {
 
 
    if(byteA != 0) {
        if(byteA != 0x0f) {
            return;
        }
        else {
            byteA--;
            goto aadr_0053D984;
        }
    }
    else {
 
        byteA++;
        goto aadr_0053D984;
    }
}
 
 
addr_0053DD85:  byteA = LOCAL_5_2;
        call proc1();
        byteA = LOCAL_4_2
        call proc1();
        byteA = LOCAL_4
        call proc1()
 
 
addr_0053DDAF:  byteA = LOCAL_4_2;
        if(byteA != LOCAL_4) {
            goto addr_0053DDFC;
        }
        else {
            byteA = LOCAL_4_2;
            byteA = byteA ^ 0x0006;
            if(byteA) {
                goto addr_0053DDD4;
            }
            else {
                byteA = LOCAL_4_2;
                byteA = byteA ^ 0x0004;
                LOCAL_4 = byteA;
                goto addr_0053DDFC;
            }
        }
 
 
 
 
addr_0053DDD4:  byteA = LOCAL_4_2;
        byteA = byteA ^ 0x0006;
        if(byteA != 0x0f) {
            goto addr_0053DDF0;
        }
        else {
            byteA = LOCAL_4_2;
            byteA = byteA ^ 0x0004;
            LOCAL_4 = byteA;
            goto addr_0053DDFC;
        }
 
 
 
addr_0053DDF0:  byteA = LOCAL_4_2;
        byteA = byteA ^ 0x0006;
        LOCAL_4 = byteA;
addr_0053DDFC:  byteA = LOCAL_4_2;
        if(byteA != LOCAL_5_2) {
            goto addr_0053DE49;
        }
        else {
            byteA = LOCAL_4_2;
            byteA = byteA ^ 0x0003;
            if(byteA) {
                goto addr_0053DE21;
            }
            else {
                byteA = LOCAL_4_2;
                byteA = byteA ^ 0x0002;
                LOCAL_5_2 = byteA;
                goto addr_0053DE49;
            }
        }
 
 
addr_0053DE21:  byteA = LOCAL_4_2;
        byteA = byteA ^ 0x0003;
        if(byteA != 0x0f) {
            goto addr_0053DE3D;
        }
        else {
            byteA = LOCAL_4_2;
            byteA = byteA ^ 0x0002;
            LOCAL_5_2 = byteA;
            goto addr_0053DE49;
        }
 
addr_0053DE3D:  byteA = LOCAL_4_2;
        byteA = byteA ^ 0x0003;
        LOCAL_5_2 = byteA;
addr_0053DE49:  byteA = LOCAL_4;
        if(byteA != LOCAL_5_2) {
            goto addr_0053DECA;
        }
        else {
            LOCAL_6_2 = 0x02;
            byteA = LOCAL_4_2;
            byteA = byteA ^ LOCAL_4;
            if(byteA != LOCAL_6_2) {
                goto addr_0053DE6D;
            }
            else {
                LOCAL_6_2 = 0x05;
addr_0053DE6D:          LOCAL_5 = 0x07;
                byteA = LOCAL_4_2;
                byteA = byteA ^ LOCAL_4;
                if(byteA != LOCAL_5) {
                    goto addr_0053DE87;
                }
                else {
                    LOCAL_5 = 0x08;
addr_0053DE87:              byteA = LOCAL_4;
                    byteA = byteA ^ LOCAL_6_2;
                    if(byteA) {
                        goto addr_0052DEA2;
                    }
                    else {
 
                        byteA = LOCAL_4;
                        byteA = byteA ^ LOCAL_5;
                        LOCAL_5_2 = byteA;
                        goto addr_0053DECA;
                    }
                }
                
            }
        }
 
addr_0053DEA2:  byteA = LOCAL_4;
        byteA = byteA ^ LOCAL_6_2;
        if(byteA != 0x0f) {
            goto addr_0053DEBE;
        }
        else {
            byteA = LOCAL_4;
            byteA = byteA ^ LOCAL_5;
            LOCAL_5_2 = byteA;
            goto addr_0053DECA;
        }
        
addr_0053DEBE:  byteA = LOCAL_4;
        byteA = byteA ^ LOCAL_6_2;
        LOCAL_5_2 = byteA;
addr_0053DECA:  if(LOCAL_5_2 != 0x00) {
            goto addr_0053DEEE;
        }
        else {
            di = 1;
addr_0053DED5:      if(di == LOCAL_4) {
                goto addr_0053DEE7;
            }
            else {
                if(DI == LOCAL_4_2) {
                    goto addr_0053DEE7;
                }
                else {
                    LOCAL_5_2 = di;
                    goto addr_0053DEEE;
                }
            }
        }
 
addr_0053DEE7:  di++;
        if(di != 0x0f) {
            goto addr_0053DED5;
        }
        else {
addr_0053DEEE:      if(LOCAL_5_2 != 0x0f) {
                goto addr_0053DF12;
            }
            else {
                di = 1;
addr_0053DEF9:          if(di == LOCAL_4) {
                    goto addr_0053DF0B;
                }
                else if(di == LOCAL_4_2) {
                    goto addr_0053DF0B;
                }
                else {
                    LOCAL_5_2 = di;
                    goto addr_0053DF12;
                }
            }           
        }
 
addr_0053DF0B:  di++;
        if(DI != 0x0f) {
            goto addr_0053DEF9;
        }
        else {
addr_0053DF12:      if(!counter) {
                goto addr_0053DFDF
            }
            else {
 
                byteA = counter;
                byteA = byteA * 2;
                byteA = package[byteA * 8 - 0x0f];
                edx = counter;
                edx = edx * 2;
                byteA_2 = byteA & 0xff;
                byteA-2 = byteA_2 ^ package[edx *8 - 0x0e];
                byteA = byteA_2;
                edx = counter;
                edx = edx * 2;
                edx = package[edx * 8 - 0x0d];
                byteA = byteA + edx;
                edx = counter;
                edx = edx * 2;
                edx = package[edx * 8 - 0x0c];
                byteA = byteA + edx;
                LOCAL_3_2 = byteA;
                byteA = counter;
                byteA = byteA * 2;
                byteA = package[byteA * 8 - 0x0b);
                byteA = byteA + LOCAL_3_2;
                edx = counter;
                edx = edx * 2;
                edx = package[edx * 8 - 0x0a];
                byteA = byteA + edx;
                edx = counter;
                edx = edx * 2;
                edx = package[edx * 8 - 9];
                byteA = byteA + edx;
                edx = counter;
                edx = edx * 2;
                edx = package[edx * 8 - 8];
                byteA = byteA + edx;
                LOCAL_3_2 = byteA;
                byteA = counter;
                byteA = byteA * 2;
                byteA = package[byteA * 8 - 7];
                edx = counter;
                edx = edx * 2;
                byteA_2 = byteA & 0x00ff;
                byteA-2 = byteA-2 ^ package[edx * 8 - 6];
                byteA = byteA_2;
                byteA = byteA + LOCAL_3_2;
                edx = counter;
                edx = edx * 2;
                edx = package[edx * 8 - 5];
                byteA = byteA + edx;
                edx = counter;
                edx = edx * 2;
                edx = package[edx * 8 - 4];
                byteA = byteA + edx;
                LOCAL_3_2 = byteA;
                byteA = counter;
                byteA = byteA * 2;
                byteA = package[byteA * 8 - 3];
                byteA = byteA + LOCAL_3_2;
                edx = counter;
                edx = edx * 2;
                edx = package[edx * 8 - 2];
                byteA  = byteA ^ edx;
                LOCAL_3_2 = byteA;
addr_0053DFDF:          byteA = counter;
                byteA = byteA * 2;
                //LEA EAX,[EAX*8+ESI]
                edx = LOCAL_4_2;
                //MOVZX EAX,BYTE PTR DS:[EDX+EAX]
                edx = counter;
                edx = edx * 2;
                ecx = package[255]; //[LOCAL.1] is 005B04C8 which is the
                            //last byte of the package
 
 
                edx_ecx = byteA;    //[EDX+ECX] is taken as a variable
                byteA = counter;
                byteA = byteA * 2;
                byteA = package[byteA * 8]; //LEA EAX,                              //[EAX*8+ESI]
                
                edx = LOCAL_4;
                byteA = package[edx+byteA]; //MOVZX EAX,BYTE                                //PTR DS:[EDX+EAX]
 
                edx = counter;
                edx = edx * 2;
                ecx = package[255]; //[LOCAL.1] is 005B04C8                             //which is the last byte                            //of the package
 
                package[edx+ecx+1] = byteA & 0x00ff; //MOV BYTE PTR DS:[EDX+ECX+1],AL
                byteA = counter;
                byteA = byteA * 2;
                byteA = package[byteA * 8];     //LEA EAX, [EAX*8+ESI]
                edx = LOCAL_4;
                byteA = package[edx + byteA];   //MOVZX EAX,BYTE PTR DS:[EDX+EAX]
 
                edx = counter;
                edx = edx * 2;
                ecx = package[255];
                package[edx + ecx + 1] = byteA & 0x00ff;                            //MOV BYTE PTR DS:[EDX+ECX+1],AL
                        //this will be at one byte after                    //package i.e., at address 005B04C9
                        //which doesn't exixt
                    //package is from 005B03C8 to 005B04C8
                if(!counter) {
                    goto addr_0053E041;
                }
                else {
                    byteA = counter;
                    byteA = byteA * 2;
                    byteA = byteA * 8;  //LEA EAX,[EAX*8+ESI]
                    edx = LOCAL_5_2;
                    byteA = package[edx + byteA];   //MOVZX EAX,BYTE PTR DS:[EDX+EAX]
                    edx = LOCAL_3_2;
                    edx = edx & 0x000f;
                    if(byteA == edx) {
                        goto addr_0053E041;
                    }
                    else {
                        LOCAL_2 = 1;
                        goto addr_0053E051;
                    }
                }
 
            }
        }
 
 
 
addr_0053E041:      counter++;
            if(counter < 16) {
                goto addr_0053DA89;
            }
            else {
                byteA = byteA ^ byteA;
                LOCAL_2 = byteA;
addr_0053E051:          byteA = byteA ^ byteA;
                //below codes not required
                //POP edx
                //POP ecx
                //POP ecx
                //MOV DWORD PTR FS:[EAX],EDX
                //PUSH 0053E066
                return; 
            }   
 
 
 
 
/////////////////////////////////////////////////////*
[LOCAL.1] = 005B04C8 = last byte of package
[LOCAL.2] = 005B06F0 = ????
 
 
0053DFF4  |.  8B4D FC       |MOV ECX,DWORD PTR SS:[LOCAL.1]     
0053DFF7  |.  880411        |MOV BYTE PTR DS:[EDX+ECX],AL
0053DFFA  |.  0FB7C3        |MOVZX EAX,BX
0053DFFD  |.  03C0          |ADD EAX,EAX
0053DFFF  |.  8D04C6        |LEA EAX,[EAX*8+ESI]
0053E002  |.  0FB755 F0     |MOVZX EDX,WORD PTR SS:[LOCAL.4]
0053E006  |.  0FB60410      |MOVZX EAX,BYTE PTR DS:[EDX+EAX]
 
 
ecx = package[255];         //[LOCAL.1] = 005B04C8 address of end of package
                    //[LOCAL.1] doesn't change in the routine
package2[edx+ecx] = byteA & 0x00ff; //MOV BYTE PTR DS:[EDX+ECX],AL
eax = counter;              //MOVZX EAX,BX
eax = eax * 2;              //ADD EAX,EAX
addr_eax = eax * 8;         //LEA EAX,[EAX*8+ESI]
edx = LOCAL_4;              //MOVZX EDX,WORD PTR SS:[LOCAL.4]
eax = package[edx+addr_eax];        //MOVZX EAX,BYTE PTR DS:[EDX+EAX]
 
*////////////////////////////////////////////////
 

It's not clear what you want to achieve. Why avoid else?

The shown snippet doesn't look like legal C code, e.g. goto to labels outside the function context.
 

@ FvM

Lines from 326 onwards is not needed.

e.g. goto to labels outside the function context.
Click to expand...

Can't labels inside a function jump out of function?

It is a algorithm which is in assembly. I have converted it to C. I need to eliminate the else conditions. Somebody asked me to do that. I have used variable names like eax, ecx, LOCAL_1, etc... which is similar to registers names and names local variables on the stack for easy conversion. If needed I can post the asm code also.


I will explain it a little more.

A system sends 256 bytes to another system and then the 2nd system sends back another 256 bytes after performing some mathematics to the first system. The First system then process the 256 bytes sent by 2nd system and then opens up a lock. The code I have posted is of 1st system. I don't have code of 2nd system but have the 2nd system. If else conditions are removed and code reduced then I think it will be easier to analyse what the 1sy system does after it receives processed 256 bytes from 1st system.
 
Last edited:

Can't labels inside a function jump out of function?
Click to expand...
Normally not. Does your C-compiler allow it? Does it clean up the stack on exiting the function?

If else conditions are removed and code reduced then I think it will be easier to analyse what the 1sy system does after it receives processed 256 bytes from 1st system.
Click to expand...
I don't understand the explanation. Either else condition is logically required or not.
 

I will try to explain it in still more detail tomorrow. I have to find the files related to it which is in my old HDD which is not connected to the system right now.

The second system is a hardware with micro. The algo inside it is unknown. The first system generates random 256 bytes and sends to the hardware and the algo inside hardware process the bytes and sends back another 256 bytes back to the 1st system. The 1st system passes it through an algo (algo is the code mentioned in post #1). This finally results in true or false. If true then does some thing else does some other thing. What I want to do is reverse the algo posted above and test if the reversed alog is the algo inside the micro (2nd system).


Edit: And I have 20 such algorithms. only some values used for anding, oring, xoring are different in each algorithm. Here is the assembly code.

Somebody on the net said that "if you are jumping out then you don't need to put else"

Code ASM - [expand]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503

CPU Disasm
Address   Hex dump          Command                                  Comments
0053D984  /$ /66:8338 00    CMP WORD PTR DS:[EAX],0                  ;  void)
0053D988  |. |75 05         JNE SHORT 0053D98F
0053D98A  |. |66:FF00       INC WORD PTR DS:[EAX]
0053D98D  |.^\EB F5         JMP SHORT 0053D984
0053D98F  |> |66:8338 0F    CMP WORD PTR DS:[EAX],0F
0053D993  |. |75 05         JNE SHORT 0053D99A
0053D995  |. |66:FF08       DEC WORD PTR DS:[EAX]
0053D998  |.^\EB EA         JMP SHORT 0053D984
0053D99A  \>  C3            RETN
0053D99B      90            NOP
0053D99C  /$  55            PUSH EBP
0053D99D  |.  8BEC          MOV EBP,ESP
0053D99F  |.  83C4 E8       ADD ESP,-18
0053D9A2  |.  53            PUSH EBX
0053D9A3  |.  56            PUSH ESI
0053D9A4  |.  57            PUSH EDI
0053D9A5  |.  8955 FC       MOV DWORD PTR SS:[LOCAL.1],EDX
0053D9A8  |.  8BF0          MOV ESI,EAX
0053D9AA  |.  33C0          XOR EAX,EAX
0053D9AC  |.  55            PUSH EBP
0053D9AD  |.  68 5FE05300   PUSH 0053E05F
0053D9B2  |.  64:FF30       PUSH DWORD PTR FS:[EAX]
0053D9B5  |.  64:8920       MOV DWORD PTR FS:[EAX],ESP               ; Installs SE handler 53E05F
0053D9B8  |.  33DB          XOR EBX,EBX
0053D9BA  |>  0FB7C3        /MOVZX EAX,BX
0053D9BD  |.  03C0          |ADD EAX,EAX
0053D9BF  |.  0FB654C6 01   |MOVZX EDX,BYTE PTR DS:[EAX*8+ESI+1]
0053D9C4  |.  3254C6 02     |XOR DL,BYTE PTR DS:[EAX*8+ESI+2]
0053D9C8  |.  3254C6 03     |XOR DL,BYTE PTR DS:[EAX*8+ESI+3]
0053D9CC  |.  3254C6 04     |XOR DL,BYTE PTR DS:[EAX*8+ESI+4]
0053D9D0  |.  0FB6D2        |MOVZX EDX,DL
0053D9D3  |.  66:8955 F4    |MOV WORD PTR SS:[LOCAL.3],DX
0053D9D7  |.  0FB654C6 05   |MOVZX EDX,BYTE PTR DS:[EAX*8+ESI+5]
0053D9DC  |.  66:3355 F4    |XOR DX,WORD PTR SS:[LOCAL.3]
0053D9E0  |.  0FB64CC6 06   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+6]
0053D9E5  |.  66:03D1       |ADD DX,CX
0053D9E8  |.  0FB64CC6 07   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+7]
0053D9ED  |.  66:33D1       |XOR DX,CX
0053D9F0  |.  0FB64CC6 08   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+8]
0053D9F5  |.  66:03D1       |ADD DX,CX
0053D9F8  |.  66:8955 F4    |MOV WORD PTR SS:[LOCAL.3],DX
0053D9FC  |.  0FB654C6 09   |MOVZX EDX,BYTE PTR DS:[EAX*8+ESI+9]
0053DA01  |.  3254C6 0A     |XOR DL,BYTE PTR DS:[EAX*8+ESI+0A]
0053DA05  |.  0FB6D2        |MOVZX EDX,DL
0053DA08  |.  66:3355 F4    |XOR DX,WORD PTR SS:[LOCAL.3]
0053DA0C  |.  0FB64CC6 0B   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+0B]
0053DA11  |.  66:03D1       |ADD DX,CX
0053DA14  |.  0FB64CC6 0C   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+0C]
0053DA19  |.  66:33D1       |XOR DX,CX
0053DA1C  |.  66:8955 F4    |MOV WORD PTR SS:[LOCAL.3],DX
0053DA20  |.  0FB654C6 0D   |MOVZX EDX,BYTE PTR DS:[EAX*8+ESI+0D]
0053DA25  |.  66:3355 F4    |XOR DX,WORD PTR SS:[LOCAL.3]
0053DA29  |.  0FB64CC6 0E   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+0E]
0053DA2E  |.  66:33D1       |XOR DX,CX
0053DA31  |.  0FB64CC6 0F   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+0F]
0053DA36  |.  66:33D1       |XOR DX,CX
0053DA39  |.  66:8955 F4    |MOV WORD PTR SS:[LOCAL.3],DX
0053DA3D  |.  0FB604C6      |MOVZX EAX,BYTE PTR DS:[EAX*8+ESI]       ; start from here
0053DA41  |.  0FB755 F4     |MOVZX EDX,WORD PTR SS:[LOCAL.3]
0053DA45  |.  66:83E2 0F    |AND DX,000F
0053DA49  |.  66:3BC2       |CMP AX,DX
0053DA4C  |.  74 2E         |JE SHORT 0053DA7C
0053DA4E  |.  C745 F8 01000 |MOV DWORD PTR SS:[LOCAL.2],1
0053DA55  |.  0FB7C3        |MOVZX EAX,BX
0053DA58  |.  03C0          |ADD EAX,EAX
0053DA5A  |.  0FB604C6      |MOVZX EAX,BYTE PTR DS:[EAX*8+ESI]
0053DA5E  |.  0FB755 F4     |MOVZX EDX,WORD PTR SS:[LOCAL.3]
0053DA62  |.  66:81E2 FF00  |AND DX,00FF
0053DA67  |.  66:3BC2       |CMP AX,DX
0053DA6A  |.  0F84 E1050000 |JE 0053E051
0053DA70  |.  C745 F8 01000 |MOV DWORD PTR SS:[LOCAL.2],1
0053DA77  |.  E9 D5050000   |JMP 0053E051
0053DA7C  |>  43            |INC EBX
0053DA7D  |.  66:83FB 10    |CMP BX,10
0053DA81  |.^ 0F82 33FFFFFF \JB 0053D9BA
0053DA87  |.  33DB          XOR EBX,EBX
0053DA89  |>  0FB7C3        /MOVZX EAX,BX
0053DA8C  |.  B9 06000000   |MOV ECX,6
0053DA91  |.  33D2          |XOR EDX,EDX
0053DA93  |.  F7F1          |DIV ECX
0053DA95  |.  83FA 05       |CMP EDX,5                               ; Switch (cases 0..5, 7 exits)
0053DA98  |.  0F87 F9020000 |JA 0053DD97
0053DA9E  |.  FF2495 A5DA53 |JMP DWORD PTR DS:[EDX*4+53DAA5]
0053DAA5  |.  BDDA5300      |DD 0053DABD
0053DAA9  |.  34DB5300      |DD 0053DB34
0053DAAD  |.  AEDB5300      |DD 0053DBAE
0053DAB1  |.  2EDC5300      |DD 0053DC2E
0053DAB5  |.  ABDC5300      |DD 0053DCAB
0053DAB9  |.  1CDD5300      |DD 0053DD1C
0053DABD  |>  8BC3          |MOV EAX,EBX                             ; Case 0 of switch 
 
 
0053DABF  |.  66:35 B200    |XOR AX,00B2
0053DAC3  |.  0FB696 DF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0DF]
0053DACA  |.  66:33C2       |XOR AX,DX
0053DACD  |.  0FB656 6F     |MOVZX EDX,BYTE PTR DS:[ESI+6F]
0053DAD1  |.  66:03C2       |ADD AX,DX
0053DAD4  |.  0FB696 FF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0FF]
0053DADB  |.  66:33C2       |XOR AX,DX
0053DADE  |.  66:83E0 0F    |AND AX,000F
0053DAE2  |.  66:8945 F2    |MOV WORD PTR SS:[LOCAL.4+2],AX
0053DAE6  |.  8BC3          |MOV EAX,EBX
0053DAE8  |.  66:35 B200    |XOR AX,00B2
0053DAEC  |.  0FB656 5F     |MOVZX EDX,BYTE PTR DS:[ESI+5F]
0053DAF0  |.  66:2BC2       |SUB AX,DX
0053DAF3  |.  0FB656 0F     |MOVZX EDX,BYTE PTR DS:[ESI+0F]
0053DAF7  |.  66:2BC2       |SUB AX,DX
0053DAFA  |.  0FB656 4F     |MOVZX EDX,BYTE PTR DS:[ESI+4F]
0053DAFE  |.  66:33C2       |XOR AX,DX
0053DB01  |.  66:83E0 0F    |AND AX,000F
0053DB05  |.  66:8945 F0    |MOV WORD PTR SS:[LOCAL.4],AX
0053DB09  |.  8BC3          |MOV EAX,EBX
0053DB0B  |.  66:35 B200    |XOR AX,00B2
0053DB0F  |.  0FB656 2F     |MOVZX EDX,BYTE PTR DS:[ESI+2F]
0053DB13  |.  66:03C2       |ADD AX,DX
0053DB16  |.  0FB696 8F0000 |MOVZX EDX,BYTE PTR DS:[ESI+8F]
0053DB1D  |.  66:33C2       |XOR AX,DX
0053DB20  |.  0FB656 7F     |MOVZX EDX,BYTE PTR DS:[ESI+7F]
0053DB24  |.  66:03C2       |ADD AX,DX
0053DB27  |.  66:83E0 0F    |AND AX,000F
0053DB2B  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DB2F  |.  E9 63020000   |JMP 0053DD97
0053DB34  |>  8BC3          |MOV EAX,EBX                             ; Case 1 of switch 
 
0053DB36  |.  66:83F0 2E    |XOR AX,002E
0053DB3A  |.  0FB696 FF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0FF]
0053DB41  |.  66:2BC2       |SUB AX,DX
0053DB44  |.  0FB656 0F     |MOVZX EDX,BYTE PTR DS:[ESI+0F]
0053DB48  |.  66:33C2       |XOR AX,DX
0053DB4B  |.  0FB656 3F     |MOVZX EDX,BYTE PTR DS:[ESI+3F]
0053DB4F  |.  66:03C2       |ADD AX,DX
0053DB52  |.  66:83E0 0F    |AND AX,000F
0053DB56  |.  66:8945 F2    |MOV WORD PTR SS:[LOCAL.4+2],AX
0053DB5A  |.  8BC3          |MOV EAX,EBX
0053DB5C  |.  66:83F0 2E    |XOR AX,002E
0053DB60  |.  0FB656 7F     |MOVZX EDX,BYTE PTR DS:[ESI+7F]
0053DB64  |.  66:33C2       |XOR AX,DX
0053DB67  |.  0FB656 6F     |MOVZX EDX,BYTE PTR DS:[ESI+6F]
0053DB6B  |.  66:03C2       |ADD AX,DX
0053DB6E  |.  0FB696 DF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0DF]
0053DB75  |.  66:2BC2       |SUB AX,DX
0053DB78  |.  66:83E0 0F    |AND AX,000F
0053DB7C  |.  66:8945 F0    |MOV WORD PTR SS:[LOCAL.4],AX
0053DB80  |.  8BC3          |MOV EAX,EBX
0053DB82  |.  66:83F0 2E    |XOR AX,002E
0053DB86  |.  0FB656 3F     |MOVZX EDX,BYTE PTR DS:[ESI+3F]
0053DB8A  |.  66:03C2       |ADD AX,DX
0053DB8D  |.  0FB696 CF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0CF]
0053DB94  |.  66:2BC2       |SUB AX,DX
0053DB97  |.  0FB696 BF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0BF]
0053DB9E  |.  66:33C2       |XOR AX,DX
0053DBA1  |.  66:83E0 0F    |AND AX,000F
0053DBA5  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DBA9  |.  E9 E9010000   |JMP 0053DD97
0053DBAE  |>  8BC3          |MOV EAX,EBX                             ; Case 2 of switch 
 
 
0053DBB0  |.  66:83F0 66    |XOR AX,0066
0053DBB4  |.  0FB696 BF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0BF]
0053DBBB  |.  66:2BC2       |SUB AX,DX
0053DBBE  |.  0FB696 EF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0EF]
0053DBC5  |.  66:2BC2       |SUB AX,DX
0053DBC8  |.  0FB696 EF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0EF]
0053DBCF  |.  66:33C2       |XOR AX,DX
0053DBD2  |.  66:83E0 0F    |AND AX,000F
0053DBD6  |.  66:8945 F2    |MOV WORD PTR SS:[LOCAL.4+2],AX
0053DBDA  |.  8BC3          |MOV EAX,EBX
0053DBDC  |.  66:83F0 66    |XOR AX,0066
0053DBE0  |.  0FB696 DF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0DF]
0053DBE7  |.  66:33C2       |XOR AX,DX
0053DBEA  |.  0FB656 5F     |MOVZX EDX,BYTE PTR DS:[ESI+5F]
0053DBEE  |.  66:03C2       |ADD AX,DX
0053DBF1  |.  0FB656 1F     |MOVZX EDX,BYTE PTR DS:[ESI+1F]
0053DBF5  |.  66:2BC2       |SUB AX,DX
0053DBF8  |.  66:83E0 0F    |AND AX,000F
0053DBFC  |.  66:8945 F0    |MOV WORD PTR SS:[LOCAL.4],AX
0053DC00  |.  8BC3          |MOV EAX,EBX
0053DC02  |.  66:83F0 66    |XOR AX,0066
0053DC06  |.  0FB696 CF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0CF]
0053DC0D  |.  66:03C2       |ADD AX,DX
0053DC10  |.  0FB696 8F0000 |MOVZX EDX,BYTE PTR DS:[ESI+8F]
0053DC17  |.  66:33C2       |XOR AX,DX
0053DC1A  |.  0FB656 2F     |MOVZX EDX,BYTE PTR DS:[ESI+2F]
0053DC1E  |.  66:03C2       |ADD AX,DX
0053DC21  |.  66:83E0 0F    |AND AX,000F
0053DC25  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DC29  |.  E9 69010000   |JMP 0053DD97
0053DC2E  |>  8BC3          |MOV EAX,EBX                             ; Case 3 of switch 
 
 
0053DC30  |.  66:83F0 17    |XOR AX,0017
0053DC34  |.  0FB696 CF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0CF]
0053DC3B  |.  66:03C2       |ADD AX,DX
0053DC3E  |.  0FB696 AF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0AF]
0053DC45  |.  66:2BC2       |SUB AX,DX
0053DC48  |.  0FB696 FF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0FF]
0053DC4F  |.  66:2BC2       |SUB AX,DX
0053DC52  |.  66:83E0 0F    |AND AX,000F
0053DC56  |.  66:8945 F2    |MOV WORD PTR SS:[LOCAL.4+2],AX
0053DC5A  |.  8BC3          |MOV EAX,EBX
0053DC5C  |.  66:83F0 17    |XOR AX,0017
0053DC60  |.  0FB656 1F     |MOVZX EDX,BYTE PTR DS:[ESI+1F]
0053DC64  |.  66:2BC2       |SUB AX,DX
0053DC67  |.  0FB696 BF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0BF]
0053DC6E  |.  66:33C2       |XOR AX,DX
0053DC71  |.  0FB656 7F     |MOVZX EDX,BYTE PTR DS:[ESI+7F]
0053DC75  |.  66:33C2       |XOR AX,DX
0053DC78  |.  66:83E0 0F    |AND AX,000F
0053DC7C  |.  66:8945 F0    |MOV WORD PTR SS:[LOCAL.4],AX
0053DC80  |.  8BC3          |MOV EAX,EBX
0053DC82  |.  66:83F0 17    |XOR AX,0017
0053DC86  |.  0FB656 7F     |MOVZX EDX,BYTE PTR DS:[ESI+7F]
0053DC8A  |.  66:33C2       |XOR AX,DX
0053DC8D  |.  0FB696 9F0000 |MOVZX EDX,BYTE PTR DS:[ESI+9F]
0053DC94  |.  66:2BC2       |SUB AX,DX
0053DC97  |.  0FB656 6F     |MOVZX EDX,BYTE PTR DS:[ESI+6F]
0053DC9B  |.  66:03C2       |ADD AX,DX
0053DC9E  |.  66:83E0 0F    |AND AX,000F
0053DCA2  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DCA6  |.  E9 EC000000   |JMP 0053DD97
0053DCAB  |>  8BC3          |MOV EAX,EBX                             ; Case 4 of switch 
 
 
0053DCAD  |.  66:83F0 33    |XOR AX,0033
0053DCB1  |.  0FB656 4F     |MOVZX EDX,BYTE PTR DS:[ESI+4F]
0053DCB5  |.  66:33C2       |XOR AX,DX
0053DCB8  |.  0FB656 0F     |MOVZX EDX,BYTE PTR DS:[ESI+0F]
0053DCBC  |.  66:2BC2       |SUB AX,DX
0053DCBF  |.  0FB656 3F     |MOVZX EDX,BYTE PTR DS:[ESI+3F]
0053DCC3  |.  66:33C2       |XOR AX,DX
0053DCC6  |.  66:83E0 0F    |AND AX,000F
0053DCCA  |.  66:8945 F2    |MOV WORD PTR SS:[LOCAL.4+2],AX
0053DCCE  |.  8BC3          |MOV EAX,EBX
0053DCD0  |.  66:83F0 33    |XOR AX,0033
0053DCD4  |.  0FB656 5F     |MOVZX EDX,BYTE PTR DS:[ESI+5F]
0053DCD8  |.  66:03C2       |ADD AX,DX
0053DCDB  |.  0FB696 EF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0EF]
0053DCE2  |.  66:03C2       |ADD AX,DX
0053DCE5  |.  0FB656 1F     |MOVZX EDX,BYTE PTR DS:[ESI+1F]
0053DCE9  |.  66:2BC2       |SUB AX,DX
0053DCEC  |.  66:83E0 0F    |AND AX,000F
0053DCF0  |.  66:8945 F0    |MOV WORD PTR SS:[LOCAL.4],AX
0053DCF4  |.  8BC3          |MOV EAX,EBX
0053DCF6  |.  66:83F0 33    |XOR AX,0033
0053DCFA  |.  0FB656 2F     |MOVZX EDX,BYTE PTR DS:[ESI+2F]
0053DCFE  |.  66:2BC2       |SUB AX,DX
0053DD01  |.  0FB656 6F     |MOVZX EDX,BYTE PTR DS:[ESI+6F]
0053DD05  |.  66:33C2       |XOR AX,DX
0053DD08  |.  0FB696 AF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0AF]
0053DD0F  |.  66:03C2       |ADD AX,DX
0053DD12  |.  66:83E0 0F    |AND AX,000F
0053DD16  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DD1A  |.  EB 7B         |JMP SHORT 0053DD97
0053DD1C  |>  8BC3          |MOV EAX,EBX                             ; Case 5 of switch 
 
 
0053DD1E  |.  66:83F0 52    |XOR AX,0052
0053DD22  |.  0FB696 DF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0DF]
0053DD29  |.  66:33C2       |XOR AX,DX
0053DD2C  |.  0FB656 0F     |MOVZX EDX,BYTE PTR DS:[ESI+0F]
0053DD30  |.  66:03C2       |ADD AX,DX
0053DD33  |.  0FB656 3F     |MOVZX EDX,BYTE PTR DS:[ESI+3F]
0053DD37  |.  66:2BC2       |SUB AX,DX
0053DD3A  |.  66:83E0 0F    |AND AX,000F
0053DD3E  |.  66:8945 F2    |MOV WORD PTR SS:[LOCAL.4+2],AX
0053DD42  |.  8BC3          |MOV EAX,EBX
0053DD44  |.  66:83F0 52    |XOR AX,0052
0053DD48  |.  0FB696 FF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0FF]
0053DD4F  |.  66:2BC2       |SUB AX,DX
0053DD52  |.  0FB696 8F0000 |MOVZX EDX,BYTE PTR DS:[ESI+8F]
0053DD59  |.  66:03C2       |ADD AX,DX
0053DD5C  |.  0FB656 5F     |MOVZX EDX,BYTE PTR DS:[ESI+5F]
0053DD60  |.  66:33C2       |XOR AX,DX
0053DD63  |.  66:83E0 0F    |AND AX,000F
0053DD67  |.  66:8945 F0    |MOV WORD PTR SS:[LOCAL.4],AX
0053DD6B  |.  8BC3          |MOV EAX,EBX
0053DD6D  |.  66:83F0 52    |XOR AX,0052
0053DD71  |.  0FB696 AF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0AF]
0053DD78  |.  66:03C2       |ADD AX,DX
0053DD7B  |.  0FB696 BF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0BF]
0053DD82  |.  66:33C2       |XOR AX,DX
0053DD85  |.  0FB696 EF0000 |MOVZX EDX,BYTE PTR DS:[ESI+0EF]
0053DD8C  |.  66:03C2       |ADD AX,DX
0053DD8F  |.  66:83E0 0F    |AND AX,000F
0053DD93  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DD97  |>  8D45 EE       |LEA EAX,[LOCAL.5+2]                     ; Default case of switch 
 
 
0053DD9A  |.  E8 E5FBFFFF   |CALL 0053D984                           ; [
0053DD9F  |.  8D45 F2       |LEA EAX,[LOCAL.4+2]
0053DDA2  |.  E8 DDFBFFFF   |CALL 0053D984                           ; [
0053DDA7  |.  8D45 F0       |LEA EAX,[LOCAL.4]
0053DDAA  |.  E8 D5FBFFFF   |CALL 0053D984                           ; [
0053DDAF  |.  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DDB3  |.  66:3B45 F0    |CMP AX,WORD PTR SS:[LOCAL.4]
0053DDB7  |.  75 43         |JNE SHORT 0053DDFC
0053DDB9  |.  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DDBD  |.  66:83F0 06    |XOR AX,0006
0053DDC1  |.  66:85C0       |TEST AX,AX
0053DDC4  |.  75 0E         |JNZ SHORT 0053DDD4
0053DDC6  |.  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DDCA  |.  66:83F0 04    |XOR AX,0004
0053DDCE  |.  66:8945 F0    |MOV WORD PTR SS:[LOCAL.4],AX
0053DDD2  |.  EB 28         |JMP SHORT 0053DDFC
0053DDD4  |>  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DDD8  |.  66:83F0 06    |XOR AX,0006
0053DDDC  |.  66:83F8 0F    |CMP AX,0F
0053DDE0  |.  75 0E         |JNE SHORT 0053DDF0
0053DDE2  |.  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DDE6  |.  66:83F0 04    |XOR AX,0004
0053DDEA  |.  66:8945 F0    |MOV WORD PTR SS:[LOCAL.4],AX
0053DDEE  |.  EB 0C         |JMP SHORT 0053DDFC
0053DDF0  |>  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DDF4  |.  66:83F0 06    |XOR AX,0006
0053DDF8  |.  66:8945 F0    |MOV WORD PTR SS:[LOCAL.4],AX
0053DDFC  |>  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DE00  |.  66:3B45 EE    |CMP AX,WORD PTR SS:[LOCAL.5+2]
0053DE04  |.  75 43         |JNE SHORT 0053DE49
0053DE06  |.  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DE0A  |.  66:83F0 03    |XOR AX,0003
0053DE0E  |.  66:85C0       |TEST AX,AX
0053DE11  |.  75 0E         |JNZ SHORT 0053DE21
0053DE13  |.  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DE17  |.  66:83F0 02    |XOR AX,0002
0053DE1B  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DE1F  |.  EB 28         |JMP SHORT 0053DE49
0053DE21  |>  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DE25  |.  66:83F0 03    |XOR AX,0003
0053DE29  |.  66:83F8 0F    |CMP AX,0F
0053DE2D  |.  75 0E         |JNE SHORT 0053DE3D
0053DE2F  |.  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DE33  |.  66:83F0 02    |XOR AX,0002
0053DE37  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DE3B  |.  EB 0C         |JMP SHORT 0053DE49
0053DE3D  |>  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DE41  |.  66:83F0 03    |XOR AX,0003
0053DE45  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DE49  |>  0FB745 F0     |MOVZX EAX,WORD PTR SS:[LOCAL.4]
0053DE4D  |.  66:3B45 EE    |CMP AX,WORD PTR SS:[LOCAL.5+2]
0053DE51  |.  75 77         |JNE SHORT 0053DECA
0053DE53  |.  66:C745 EA 02 |MOV WORD PTR SS:[LOCAL.6+2],2
0053DE59  |.  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DE5D  |.  66:3345 F0    |XOR AX,WORD PTR SS:[LOCAL.4]
0053DE61  |.  66:3B45 EA    |CMP AX,WORD PTR SS:[LOCAL.6+2]
0053DE65  |.  75 06         |JNE SHORT 0053DE6D
0053DE67  |.  66:C745 EA 05 |MOV WORD PTR SS:[LOCAL.6+2],5
0053DE6D  |>  66:C745 EC 07 |MOV WORD PTR SS:[LOCAL.5],7
0053DE73  |.  0FB745 F2     |MOVZX EAX,WORD PTR SS:[LOCAL.4+2]
0053DE77  |.  66:3345 F0    |XOR AX,WORD PTR SS:[LOCAL.4]
0053DE7B  |.  66:3B45 EC    |CMP AX,WORD PTR SS:[LOCAL.5]
0053DE7F  |.  75 06         |JNE SHORT 0053DE87
0053DE81  |.  66:C745 EC 08 |MOV WORD PTR SS:[LOCAL.5],8
0053DE87  |>  0FB745 F0     |MOVZX EAX,WORD PTR SS:[LOCAL.4]
0053DE8B  |.  66:3345 EA    |XOR AX,WORD PTR SS:[LOCAL.6+2]
0053DE8F  |.  66:85C0       |TEST AX,AX
0053DE92  |.  75 0E         |JNZ SHORT 0053DEA2
0053DE94  |.  0FB745 F0     |MOVZX EAX,WORD PTR SS:[LOCAL.4]
0053DE98  |.  66:3345 EC    |XOR AX,WORD PTR SS:[LOCAL.5]
0053DE9C  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DEA0  |.  EB 28         |JMP SHORT 0053DECA
0053DEA2  |>  0FB745 F0     |MOVZX EAX,WORD PTR SS:[LOCAL.4]
0053DEA6  |.  66:3345 EA    |XOR AX,WORD PTR SS:[LOCAL.6+2]
0053DEAA  |.  66:83F8 0F    |CMP AX,0F
0053DEAE  |.  75 0E         |JNE SHORT 0053DEBE
0053DEB0  |.  0FB745 F0     |MOVZX EAX,WORD PTR SS:[LOCAL.4]
0053DEB4  |.  66:3345 EC    |XOR AX,WORD PTR SS:[LOCAL.5]
0053DEB8  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DEBC  |.  EB 0C         |JMP SHORT 0053DECA
0053DEBE  |>  0FB745 F0     |MOVZX EAX,WORD PTR SS:[LOCAL.4]
0053DEC2  |.  66:3345 EA    |XOR AX,WORD PTR SS:[LOCAL.6+2]
0053DEC6  |.  66:8945 EE    |MOV WORD PTR SS:[LOCAL.5+2],AX
0053DECA  |>  66:837D EE 00 |CMP WORD PTR SS:[LOCAL.5+2],0
0053DECF  |.  75 1D         |JNE SHORT 0053DEEE
0053DED1  |.  66:BF 0100    |MOV DI,1
0053DED5  |>  66:3B7D F0    |/CMP DI,WORD PTR SS:[LOCAL.4]
0053DED9  |.  74 0C         ||JE SHORT 0053DEE7
0053DEDB  |.  66:3B7D F2    ||CMP DI,WORD PTR SS:[LOCAL.4+2]
0053DEDF  |.  74 06         ||JE SHORT 0053DEE7
0053DEE1  |.  66:897D EE    ||MOV WORD PTR SS:[LOCAL.5+2],DI
0053DEE5  |.  EB 07         ||JMP SHORT 0053DEEE
0053DEE7  |>  47            ||INC EDI
0053DEE8  |.  66:83FF 0F    ||CMP DI,0F
0053DEEC  |.^ 75 E7         |\JNE SHORT 0053DED5
0053DEEE  |>  66:837D EE 0F |CMP WORD PTR SS:[LOCAL.5+2],0F
0053DEF3  |.  75 1D         |JNE SHORT 0053DF12
0053DEF5  |.  66:BF 0100    |MOV DI,1
0053DEF9  |>  66:3B7D F0    |/CMP DI,WORD PTR SS:[LOCAL.4]
0053DEFD  |.  74 0C         ||JE SHORT 0053DF0B
0053DEFF  |.  66:3B7D F2    ||CMP DI,WORD PTR SS:[LOCAL.4+2]
0053DF03  |.  74 06         ||JE SHORT 0053DF0B
0053DF05  |.  66:897D EE    ||MOV WORD PTR SS:[LOCAL.5+2],DI
0053DF09  |.  EB 07         ||JMP SHORT 0053DF12
0053DF0B  |>  47            ||INC EDI
0053DF0C  |.  66:83FF 0F    ||CMP DI,0F
0053DF10  |.^ 75 E7         |\JNE SHORT 0053DEF9
 
0053DF12  |>  66:85DB       |TEST BX,BX
0053DF15  |.  0F86 C4000000 |JBE 0053DFDF
0053DF1B  |.  0FB7C3        |MOVZX EAX,BX
0053DF1E  |.  03C0          |ADD EAX,EAX
0053DF20  |.  0FB644C6 F1   |MOVZX EAX,BYTE PTR DS:[EAX*8+ESI-0F]
0053DF25  |.  0FB7D3        |MOVZX EDX,BX
0053DF28  |.  03D2          |ADD EDX,EDX
0053DF2A  |.  3244D6 F2     |XOR AL,BYTE PTR DS:[EDX*8+ESI-0E]
0053DF2E  |.  0FB6C0        |MOVZX EAX,AL
0053DF31  |.  0FB7D3        |MOVZX EDX,BX
0053DF34  |.  03D2          |ADD EDX,EDX
0053DF36  |.  0FB654D6 F3   |MOVZX EDX,BYTE PTR DS:[EDX*8+ESI-0D]
0053DF3B  |.  66:03C2       |ADD AX,DX
0053DF3E  |.  0FB7D3        |MOVZX EDX,BX
0053DF41  |.  03D2          |ADD EDX,EDX
0053DF43  |.  0FB654D6 F4   |MOVZX EDX,BYTE PTR DS:[EDX*8+ESI-0C]
0053DF48  |.  66:03C2       |ADD AX,DX
0053DF4B  |.  66:8945 F6    |MOV WORD PTR SS:[LOCAL.3+2],AX
0053DF4F  |.  0FB7C3        |MOVZX EAX,BX
0053DF52  |.  03C0          |ADD EAX,EAX
0053DF54  |.  0FB644C6 F5   |MOVZX EAX,BYTE PTR DS:[EAX*8+ESI-0B]
0053DF59  |.  66:0345 F6    |ADD AX,WORD PTR SS:[LOCAL.3+2]
0053DF5D  |.  0FB7D3        |MOVZX EDX,BX
0053DF60  |.  03D2          |ADD EDX,EDX
0053DF62  |.  0FB654D6 F6   |MOVZX EDX,BYTE PTR DS:[EDX*8+ESI-0A]
0053DF67  |.  66:03C2       |ADD AX,DX
0053DF6A  |.  0FB7D3        |MOVZX EDX,BX
0053DF6D  |.  03D2          |ADD EDX,EDX
0053DF6F  |.  0FB654D6 F7   |MOVZX EDX,BYTE PTR DS:[EDX*8+ESI-9]
0053DF74  |.  66:03C2       |ADD AX,DX
0053DF77  |.  0FB7D3        |MOVZX EDX,BX
0053DF7A  |.  03D2          |ADD EDX,EDX
0053DF7C  |.  0FB654D6 F8   |MOVZX EDX,BYTE PTR DS:[EDX*8+ESI-8]
0053DF81  |.  66:03C2       |ADD AX,DX
0053DF84  |.  66:8945 F6    |MOV WORD PTR SS:[LOCAL.3+2],AX
0053DF88  |.  0FB7C3        |MOVZX EAX,BX
0053DF8B  |.  03C0          |ADD EAX,EAX
0053DF8D  |.  0FB644C6 F9   |MOVZX EAX,BYTE PTR DS:[EAX*8+ESI-7]
0053DF92  |.  0FB7D3        |MOVZX EDX,BX
0053DF95  |.  03D2          |ADD EDX,EDX
0053DF97  |.  3244D6 FA     |XOR AL,BYTE PTR DS:[EDX*8+ESI-6]
0053DF9B  |.  0FB6C0        |MOVZX EAX,AL
0053DF9E  |.  66:0345 F6    |ADD AX,WORD PTR SS:[LOCAL.3+2]
0053DFA2  |.  0FB7D3        |MOVZX EDX,BX
0053DFA5  |.  03D2          |ADD EDX,EDX
0053DFA7  |.  0FB654D6 FB   |MOVZX EDX,BYTE PTR DS:[EDX*8+ESI-5]
0053DFAC  |.  66:03C2       |ADD AX,DX
0053DFAF  |.  0FB7D3        |MOVZX EDX,BX
0053DFB2  |.  03D2          |ADD EDX,EDX
0053DFB4  |.  0FB654D6 FC   |MOVZX EDX,BYTE PTR DS:[EDX*8+ESI-4]
0053DFB9  |.  66:03C2       |ADD AX,DX
0053DFBC  |.  66:8945 F6    |MOV WORD PTR SS:[LOCAL.3+2],AX
0053DFC0  |.  0FB7C3        |MOVZX EAX,BX
0053DFC3  |.  03C0          |ADD EAX,EAX
0053DFC5  |.  0FB644C6 FD   |MOVZX EAX,BYTE PTR DS:[EAX*8+ESI-3]
0053DFCA  |.  66:0345 F6    |ADD AX,WORD PTR SS:[LOCAL.3+2]
0053DFCE  |.  0FB7D3        |MOVZX EDX,BX
0053DFD1  |.  03D2          |ADD EDX,EDX
0053DFD3  |.  0FB654D6 FE   |MOVZX EDX,BYTE PTR DS:[EDX*8+ESI-2]
0053DFD8  |.  66:33C2       |XOR AX,DX
0053DFDB  |.  66:8945 F6    |MOV WORD PTR SS:[LOCAL.3+2],AX
 
0053DFDF  |>  0FB7C3        |MOVZX EAX,BX
0053DFE2  |.  03C0          |ADD EAX,EAX
0053DFE4  |.  8D04C6        |LEA EAX,[EAX*8+ESI]
0053DFE7  |.  0FB755 F2     |MOVZX EDX,WORD PTR SS:[LOCAL.4+2]
0053DFEB  |.  0FB60410      |MOVZX EAX,BYTE PTR DS:[EDX+EAX]
0053DFEF  |.  0FB7D3        |MOVZX EDX,BX
0053DFF2  |.  03D2          |ADD EDX,EDX
0053DFF4  |.  8B4D FC       |MOV ECX,DWORD PTR SS:[LOCAL.1]
0053DFF7  |.  880411        |MOV BYTE PTR DS:[EDX+ECX],AL
0053DFFA  |.  0FB7C3        |MOVZX EAX,BX
0053DFFD  |.  03C0          |ADD EAX,EAX
0053DFFF  |.  8D04C6        |LEA EAX,[EAX*8+ESI]
0053E002  |.  0FB755 F0     |MOVZX EDX,WORD PTR SS:[LOCAL.4]
0053E006  |.  0FB60410      |MOVZX EAX,BYTE PTR DS:[EDX+EAX]
0053E00A  |.  0FB7D3        |MOVZX EDX,BX
0053E00D  |.  03D2          |ADD EDX,EDX
0053E00F  |.  8B4D FC       |MOV ECX,DWORD PTR SS:[LOCAL.1]
0053E012  |.  884411 01     |MOV BYTE PTR DS:[EDX+ECX+1],AL
0053E016  |.  66:85DB       |TEST BX,BX
0053E019  |.  76 26         |JBE SHORT 0053E041
0053E01B  |.  0FB7C3        |MOVZX EAX,BX
0053E01E  |.  03C0          |ADD EAX,EAX
0053E020  |.  8D04C6        |LEA EAX,[EAX*8+ESI]
0053E023  |.  0FB755 EE     |MOVZX EDX,WORD PTR SS:[LOCAL.5+2]
0053E027  |.  0FB60410      |MOVZX EAX,BYTE PTR DS:[EDX+EAX]
0053E02B  |.  0FB755 F6     |MOVZX EDX,WORD PTR SS:[LOCAL.3+2]
0053E02F  |.  66:83E2 0F    |AND DX,000F
0053E033  |.  66:3BC2       |CMP AX,DX
0053E036  |.  74 09         |JE SHORT 0053E041
0053E038  |.  C745 F8 01000 |MOV DWORD PTR SS:[LOCAL.2],1
0053E03F  |.  EB 10         |JMP SHORT 0053E051
0053E041  |>  43            |INC EBX
0053E042  |.  66:83FB 10    |CMP BX,10
0053E046  |.^ 0F82 3DFAFFFF \JB 0053DA89
0053E04C  |.  33C0          XOR EAX,EAX
0053E04E  |.  8945 F8       MOV DWORD PTR SS:[LOCAL.2],EAX
0053E051  |>  33C0          XOR EAX,EAX
0053E053  |.  5A            POP EDX
0053E054  |.  59            POP ECX
0053E055  |.  59            POP ECX
0053E056  |.  64:8910       MOV DWORD PTR FS:[EAX],EDX
0053E059  |.  68 66E05300   PUSH 0053E066                            ; Entry point
0053E05E  \>  C3            RETN
 
Last edited:

is your goto statements works outside of function bcoz as i tried it gives error.
 

What error it gives. The algo doesn't work for all bytes. The 256 bytes pass through a checksum routine (not posted) first and if the bytes pass the checksum routine then only it goes into the above algo otherwise it will fail in the algo. I will post the checksum routine. I have to find it fro my old HDD. All the checksum routine does is it XOR the values and if result is 0 then bytes pass the checksum else fail.
 

I think it would be helpful if you describe the algorithm to be implemented without referring to specific C or assembly language constructs.
 

The ASM code shown is the algorithm. If has a switch case statement. I have converted that into C code which is posted in post #1. All I know is that the algorithm in the microcontrller is the reverse of the algorithm posted above in asm and C codes. All I need is the reverse of the code (algorithm) posted in previous posts above (C code or asm). I am 100% sure that the algorithm in the microcontroller is the reverse of the posted algorithm.

This is the checksum routine in asm and C.



Edit: I don't have the hardware with me now. I will try to get it by next week and then I will post the random 256 bytes that the System1 sends to System2 and also the 256 bytes that the system2 sends back to system1. I hope those 2 sets of 256 bytes will help in understanding what the algorithm posted above does to the 256 bytes received from system2.



Code ASM - [expand]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

CPU Disasm
Address   Hex dump          Command                                  Comments
0053D9B8  |.  33DB          XOR EBX,EBX
0053D9BA  |>  0FB7C3        /MOVZX EAX,BX
0053D9BD  |.  03C0          |ADD EAX,EAX
0053D9BF  |.  0FB654C6 01   |MOVZX EDX,BYTE PTR DS:[EAX*8+ESI+1]
0053D9C4  |.  3254C6 02     |XOR DL,BYTE PTR DS:[EAX*8+ESI+2]
0053D9C8  |.  3254C6 03     |XOR DL,BYTE PTR DS:[EAX*8+ESI+3]
0053D9CC  |.  3254C6 04     |XOR DL,BYTE PTR DS:[EAX*8+ESI+4]
0053D9D0  |.  0FB6D2        |MOVZX EDX,DL
0053D9D3  |.  66:8955 F4    |MOV WORD PTR SS:[LOCAL.3],DX
0053D9D7  |.  0FB654C6 05   |MOVZX EDX,BYTE PTR DS:[EAX*8+ESI+5]
0053D9DC  |.  66:3355 F4    |XOR DX,WORD PTR SS:[LOCAL.3]
0053D9E0  |.  0FB64CC6 06   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+6]
0053D9E5  |.  66:03D1       |ADD DX,CX
0053D9E8  |.  0FB64CC6 07   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+7]
0053D9ED  |.  66:33D1       |XOR DX,CX
0053D9F0  |.  0FB64CC6 08   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+8]
0053D9F5  |.  66:03D1       |ADD DX,CX
0053D9F8  |.  66:8955 F4    |MOV WORD PTR SS:[LOCAL.3],DX
0053D9FC  |.  0FB654C6 09   |MOVZX EDX,BYTE PTR DS:[EAX*8+ESI+9]
0053DA01  |.  3254C6 0A     |XOR DL,BYTE PTR DS:[EAX*8+ESI+0A]
0053DA05  |.  0FB6D2        |MOVZX EDX,DL
0053DA08  |.  66:3355 F4    |XOR DX,WORD PTR SS:[LOCAL.3]
0053DA0C  |.  0FB64CC6 0B   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+0B]
0053DA11  |.  66:03D1       |ADD DX,CX
0053DA14  |.  0FB64CC6 0C   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+0C]
0053DA19  |.  66:33D1       |XOR DX,CX
0053DA1C  |.  66:8955 F4    |MOV WORD PTR SS:[LOCAL.3],DX
0053DA20  |.  0FB654C6 0D   |MOVZX EDX,BYTE PTR DS:[EAX*8+ESI+0D]
0053DA25  |.  66:3355 F4    |XOR DX,WORD PTR SS:[LOCAL.3]
0053DA29  |.  0FB64CC6 0E   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+0E]
0053DA2E  |.  66:33D1       |XOR DX,CX
0053DA31  |.  0FB64CC6 0F   |MOVZX ECX,BYTE PTR DS:[EAX*8+ESI+0F]
0053DA36  |.  66:33D1       |XOR DX,CX
0053DA39  |.  66:8955 F4    |MOV WORD PTR SS:[LOCAL.3],DX
0053DA3D  |.  0FB604C6      |MOVZX EAX,BYTE PTR DS:[EAX*8+ESI]       ; start from here
0053DA41  |.  0FB755 F4     |MOVZX EDX,WORD PTR SS:[LOCAL.3]
0053DA45  |.  66:83E2 0F    |AND DX,000F
0053DA49  |.  66:3BC2       |CMP AX,DX
0053DA4C  |.  74 2E         |JE SHORT 0053DA7C
0053DA4E  |.  C745 F8 01000 |MOV DWORD PTR SS:[LOCAL.2],1
0053DA55  |.  0FB7C3        |MOVZX EAX,BX
0053DA58  |.  03C0          |ADD EAX,EAX
0053DA5A  |.  0FB604C6      |MOVZX EAX,BYTE PTR DS:[EAX*8+ESI]
0053DA5E  |.  0FB755 F4     |MOVZX EDX,WORD PTR SS:[LOCAL.3]
0053DA62  |.  66:81E2 FF00  |AND DX,00FF
0053DA67  |.  66:3BC2       |CMP AX,DX
0053DA6A  |.  0F84 E1050000 |JE 0053E051
0053DA70  |.  C745 F8 01000 |MOV DWORD PTR SS:[LOCAL.2],1
0053DA77  |.  E9 D5050000   |JMP 0053E051
0053DA7C  |>  43            |INC EBX
0053DA7D  |.  66:83FB 10    |CMP BX,10
0053DA81  |.^ 0F82 33FFFFFF \JB 0053D9BA


Code C - [expand]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

read_buff[256] is assigned value of USB_Read_Buffer[64] X 4
 
void checksum();
void subroutine1();
 
void subroutine1(int x) {
 
    byte1 = read_buff[x];
    byte1 = byte ^ temp;
    byte2 = read_buff[x+1];
    byte1 = byte1 ^ byte2;
    byte2 = read_buff[x+2];
    byte1 = byte1 ^ byte2;
 
}
 
 
 
void checksum() {
    
        
    counter = 0;
    dummy = 0;
    i = 0;
 
start:
    byte1 = 0;
    byte2 = 0;
    temp = 0;
    result = 0;
    checksum = 0;
    
    counter = counter * 2;
        
    byte1 = read_buff[counter * 8 + 1];
    byte1 = byte1 ^ read_buff[counter * 8 + 2]);
    byte1 = byte1 ^ read_buff[counter * 8 + 3]);
    byte1 = byte1 ^ read_buff[counter * 8 + 4]);
    byte1 = byte1 & 00000011;
    temp = byte1;
 
    subroutine1(counter * 8 + 5);
 
    byte2 = read_buff[counter * 8 + 8];
    byte1 = byte1 + byte2;
    temp = byte1;
    byte1 = read_buff[counter * 8 + 9];
    byte1 = byte1 ^ read_buff[counter * 8 + 10]);
 
    byte1 = byte1 & 00000011;
    byte1 = byte1 ^ temp);
    byte2 = read_buff[counter * 8 + 11];
    byte1 = byte1 + byte2;
    byte2 = read_buff[counter * 8 + 12];
    byte1 = byte1 ^ byte2);
 
    temp = byte1;
 
    subroutine1(counter * 8 + 13);
 
    temp = byte1;
    checksum = read_buff[counter * 8 + 0];
    byte1 = temp;
    byte1 = byte1 & 0x000F;
    
    if(checksum == byte1) {
        counter++;
        if(counter < 16) {  // Should I use < 4
            goto start;
        }
    }
        
 
}
 
 
int byte1, byte2, temp, result, checksum, counter, dummy, i;
 
 
void main(){
 
    checksum();
 
}


Another version of checksum routine

Code C - [expand]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

read_buff[256] is assigned value of USB_Read_Buffer[64] X 4
 
void checksum();
void subroutine1();
 
void subroutine1(int x) {
 
    byte1 = read_buff[x];
    byte1 = byte ^ temp;
    byte2 = read_buff[x+1];
    byte1 = byte1 ^ byte2;
    byte2 = read_buff[x+2];
    byte1 = byte1 ^ byte2;
 
}
 
 
 
void checksum() {
    
        
    counter = 0;
    i = 0;
 
start:
    byte1 = 0;
    byte2 = 0;
    temp = 0;
    result = 0;
    checksum = 0;
    
    counter = counter * 2;
        
    byte1 = read_buff[counter * 8 + 1];
    byte1 = byte1 ^ read_buff[counter * 8 + 2]);
    byte1 = byte1 ^ read_buff[counter * 8 + 3]);
    byte1 = byte1 ^ read_buff[counter * 8 + 4]);
    temp = byte1;
    byte1 = read_buff[counter * 8 + 5];
    byte1 = byte ^ temp;
    byte2 = read_buff[counter * 8 + 6];
    byte1 = byte1 + byte2;
    byte2 = read_buff[counter * 8 + 7];
    byte1 = byte1 ^ byte2;
    byte2 = read_buff[counter * 8 + 8];
    byte1 = byte1 + byte2;
    temp = byte1;
    byte1 = read_buff[counter * 8 + 9];
    byte1 = byte1 ^ read_buff[counter * 8 + 10]);
    byte1 = byte1 ^ temp;
    byte2 = read_buff[counter * 8 + 11];
    byte1 = byte1 + byte2;
    byte2 = read_buff[counter * 8 + 12];
    byte1 = byte1 ^ byte2;
    temp = byte1;
    byte1 = read_buff[counter * 8 + 13];
    byte1 = byte ^ temp;
    byte2 = read_buff[counter * 8 + 14];
    byte1 = byte1 ^ byte2;
    byte2 = read_buff[counter * 8 + 15];
    byte1 = byte1 ^ byte2;
    
        
    if(read_buff[counter * 8] == (byte1 & 0x000F)) {
        counter++;
        if(counter < 16) {  // Should I use < 4
            goto start;
        }
    }
        
 
}
 
 
int byte1, byte2, temp, result, counter, i;
 
 
void main(){
 
    checksum();
 
}



Example of random 256 bytes generated by system1.

PHP: 
CPU Dump
Address   Hex dump                                         ASCII
005B05F8  0B 7D E8 07|85 F8 0E F1|C7 C6 BD 03|9C 9F D9 4A| 
005B0608  0D 19 12 69|59 01 44 A2|38 5C BB 6B|19 2A 21 61| 
005B0618  01 03 E1 61|D6 A2 00 4F|91 B1 2B 2A|30 B7 0D 46| 
005B0628  05 0B C8 D1|BC 0D 0B EF|E1 31 4F 1A|AF B1 69 94| 
005B0638  0C B4 30 15|D1 E1 AC FE|CE 0F 04 09|C4 39 56 64| 
005B0648  05 FA 2C E0|97 90 8A 6C|02 5F E3 34|AE 8B C0 39|
005B0658  06 12 AC 31|F6 0E 01 0E|20 3D 7F 7C|6D 82 EB F2| 
005B0668  07 36 03 3A|D3 EC CA 06|04 55 89 6B|74 F3 2A BD|
005B0678  07 BD E5 59|A1 81 0A E7|76 2E 09 C0|55 2A 0F 02| 
005B0688  07 0F 76 14|70 98 9D 12|AA 9F 86 77|74 87 9B 55|
005B0698  0D 7D 72 B6|88 4B 23 FD|19 02 3E 0C|B7 F1 72 68| 
005B06A8  0A C9 62 22|3D EC 45 A2|BB 03 51 68|36 49 02 F7| 
005B06B8  00 3E C8 03|0F 7F AD E1|20 93 F1 DA|E6 CE 4D BE|  
005B06C8  02 02 54 12|22 25 9D D5|9F 1A 96 08|AD 9E 93 62| 
005B06D8  07 0D 05 41|6B 8D 1D B4|FE BF 0C AE|46 E0 81 63| 
005B06E8  05 6C 06 37|78 64 2C 88|2F D9 39 00|7A 00 1A 11|
005B06F8  90 AE 54 01|82 53 34 00|                         


This is another code for checksum that I used for testing checksum algorithm. The 256 bytes used for testing is also included in the code. This I got from my old email. This is the package sent by system2 for some random package sent by system1. It will be difficult to analyze because package returned by system2 depends upon the package sent by system1. Next week I will try to post the package pairs so that one can try to understand what system2 does to the random 256 bytes package sent by system1 after understanding and implementing the reverse of the algorithm in post #1.

The checksum routine is in system1 and only if the 256 bytes package sent by system2 pass the checksum test then only system1 will pass the 256 bytes through the algorithm containing switch case statements and some more mathematical operations.

Code C - [expand]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

int byte1, byte2, temp, result, counter, index, i, cnt, set, readcnt;
 
char package[256] = {
  0x00, 0xE2, 0x34, 0x71, 0x63, 0xE7, 0xA6, 0xAC, 0xF0, 0xE7, 0x7E, 0x20, 0x50, 0x68, 0xC3, 0xC7,
  0x06, 0xA4, 0x4D, 0x87, 0x6B, 0x4B, 0xD4, 0x61, 0x07, 0x30, 0x77, 0x86, 0xDF, 0x36, 0xB8, 0x24,
  0x0A, 0x67, 0x7C, 0x01, 0x56, 0xB2, 0xAB, 0x51, 0xF7, 0xA4, 0x6D, 0x4D, 0xC5, 0xD6, 0x0C, 0x76,
  0x07, 0x23, 0x5B, 0xA3, 0xFC, 0xBE, 0x7E, 0x04, 0x0C, 0x91, 0x65, 0xAE, 0x18, 0x1E, 0x84, 0xCC,
  0x06, 0x0F, 0x7D, 0x65, 0xC1, 0x34, 0x08, 0x8D, 0x4C, 0x40, 0xD2, 0x49, 0x7D, 0xAC, 0x5C, 0x31,
  0x07, 0x33, 0xA0, 0xF2, 0x3D, 0x09, 0x98, 0x27, 0x1F, 0xD1, 0x0D, 0x07, 0x9B, 0xDF, 0xB8, 0x97,
  0x0E, 0x61, 0xDE, 0x73, 0xF4, 0xBC, 0x48, 0x74, 0x5C, 0xB3, 0x50, 0x15, 0x5E, 0xC1, 0x0E, 0xD3,
  0x0A, 0x09, 0xDE, 0xA6, 0x06, 0xCC, 0x27, 0xF5, 0x04, 0x0B, 0x58, 0xCF, 0x18, 0x39, 0x0F, 0x83,
  0x08, 0xB7, 0x01, 0x3A, 0xD5, 0x25, 0x6C, 0x7D, 0xEA, 0x0D, 0xA1, 0xB5, 0x5E, 0x53, 0x0C, 0x01,
  0x0F, 0x2B, 0x8F, 0x75, 0xC3, 0x8F, 0x8F, 0xE7, 0x68, 0xF8, 0xA3, 0x52, 0x70, 0x03, 0x55, 0x53,
  0x0E, 0x9C, 0xF2, 0x27, 0xDA, 0x25, 0xE8, 0x38, 0x0C, 0x70, 0xAF, 0x34, 0x41, 0x6C, 0x0C, 0x1E,
  0x03, 0x40, 0xDC, 0x98, 0x7A, 0x47, 0x02, 0xD9, 0x0C, 0xFE, 0x51, 0xD8, 0xA4, 0x5D, 0xAC, 0x8F,
  0x05, 0xA6, 0x7B, 0x77, 0x0F, 0x56, 0xA5, 0x92, 0x08, 0xFD, 0x9D, 0x9D, 0x09, 0x6A, 0xFD, 0x54,
  0x07, 0x6C, 0xA6, 0xCD, 0x05, 0x9A, 0x9E, 0x65, 0x01, 0x22, 0x7E, 0xB1, 0x1E, 0x4A, 0xB9, 0x83,
  0x0D, 0x0D, 0x14, 0x06, 0x14, 0x39, 0xFE, 0xB9, 0x0B, 0x64, 0xC2, 0x03, 0x08, 0x26, 0x46, 0x90,
  0x00, 0x00, 0x81, 0x58, 0xB8, 0x60, 0x50, 0x4C, 0x00, 0x0C, 0xE2, 0x03, 0x5D, 0x86, 0xA0, 0x3D
};
 
 
void checksum() {
        counter = 0;
        i = 0;
        index = 0;
 
start:
        byte1 = 0;
        byte2 = 0;
        temp = 0;
        result = 0;
 
        index = counter * 2;
 
        byte1 = package[index * 8 + 1];
        byte1 = byte1 ^ package[index * 8 + 2];
        byte1 = byte1 ^ package[index * 8 + 3];
        byte1 = byte1 ^ package[index * 8 + 4];
        temp = byte1;
        byte1 = package[index * 8 + 5];
        byte1 = byte1 ^ temp;
        byte2 = package[index * 8 + 6];
        byte1 = byte1 + byte2;
        byte2 = package[index * 8 + 7];
        byte1 = byte1 ^ byte2;
        byte2 = package[index * 8 + 8];
        byte1 = byte1 + byte2;
        temp = byte1;
        byte1 = package[index * 8 + 9];
        byte1 = byte1 ^ package[index * 8 + 10];
        byte1 = byte1 ^ temp;
        byte2 = package[index * 8 + 11];
        byte1 = byte1 + byte2;
        byte2 = package[index * 8 + 12];
        byte1 = byte1 ^ byte2;
        temp = byte1;
        byte1 = package[index * 8 + 13];
        byte1 = byte1 ^ temp;
        byte2 = package[index * 8 + 14];
        byte1 = byte1 ^ byte2;
        byte2 = package[index * 8 + 15];
        byte1 = byte1 ^ byte2;
 
 
        if(package[index * 8] == (byte1 & 0x000F)) {
                if(counter < 16) {
                       if(set == 0) {
                       PORTB.F2 = 1;
                       Delay_ms(500);
                       PORTB.F2 = 0;
                       Delay_ms(500);
                       counter++;
 
                       }
                       PORTB.F1 = 0;
                       Delay_ms(500);
                       PORTB.F1 = 1;
                       Delay_ms(500);
                    goto start;
                }
                else{
                    set = 1;
                }
       }
}
 
 
void main(void){
 
        checksum();
}
 
Last edited:

If I understand right, you are trying to reverse-engineer a key checker.

But it doesn't look like the C-codes are reproducing the assembly code operation correctly.

The ASM code shown is the algorithm.
Click to expand...
It's the implementaion of an algorithm. The algorithm is apparently unknown to you.
 

Something like that. The only info I have is the algorithm in system2 is just the reverse of the algorithm in system1 which I have posted as ASM and C codes.

- - - Updated - - -

If 256 bytes package from system2 passes the checksum routine test then bytes are processed by the ASM or C code (which might be incorrect) posted in previous post. That is the code which has to be implemented in reverse.
 

I don't see a reversing problem, or is the code comparing original and processed data? Apparently it's only checking a parameter (checksum or hash) of the processed data.
 

Checksum routine checks the checksum of 256 byte package sent by system2. If the package pass the checksum test then each byte of the package (I don't remember the exact way the bytes are read. I will debug again post info) maybe like this 1st, 8th, 16th, 24th, 32nd... upto end of package are used in the implementation of algorithm posted above. The result of the first pass will decide the switch case condition for the next pass. In 2nd pass, 2nd, 9th, 17th, 25th, 33rd ... upto 256 bytes are used. The process repeats till all the bytes are passed in the implementation of the algorithm. I don't remember much of it. I worked on it 8 months back. I will debug the system again next week and post the exact functioning of the implementation of algorithm.
 

@ FvM

Here are the packages. Please tell how to reverse the above posted asm routine.

PHP: 
Package generated by System1 and sent to System2 for processing

CPU Dump
Address   Hex dump                                         
005B05F8  06 73 02 4A|51 CF 52 23|08 93 D4 74|7B FA C5 CD| 
005B0608  0F A2 9D 29|3D B4 03 AC|60 95 0D 66|71 0F 7E 13| 
005B0618  04 F3 CA 05|5C 7B D0 08|87 28 29 42|0E A0 CF F8| 
005B0628  0D CD 4F 0A|D1 94 A5 FE|96 07 C8 18|AC D1 77 52|
005B0638  04 09 A0 CD|EE 52 BD 16|0B B3 B3 00|CF AF D0 AA| 
005B0648  0F DD 30 76|21 6E 18 BC|58 62 DA 48|02 62 DB 6C| 
005B0658  0F 78 FD 03|E0 6A E4 C5|20 09 D0 A6|F9 23 51 16| 
005B0668  00 83 13 6D|A4 E6 F7 07|A2 F6 78 B2|28 41 5D 6B|  
005B0678  0E A4 A5 E1|CD BD 35 C1|D4 B2 F6 A0|F5 0D 78 A2|
005B0688  0D 82 31 E9|9A 12 05 EB|6A 91 04 5C|DF BB D4 92| 
005B0698  0B 09 E8 9E|D5 D6 C0 71|BE B6 34 CE|BA BF D0 E9|
005B06A8  0F B3 26 D7|04 C7 24 58|C3 45 7F 81|57 02 C4 55|
005B06B8  05 EA D7 5F|DA 79 BD C5|F4 61 AA 0E|3D 82 D1 B9| 
005B06C8  0A 33 F2 1A|A6 93 5E 26|46 0C 17 A4|F2 7C C6 5D| 
005B06D8  04 CF E3 3F|05 FA 88 64|0D 72 56 A5|65 DA F2 17|
005B06E8  05 77 FB 00|0C C0 E0 09|10 AE D7 00|5E 88 66 85|


Package sent by System2 to System1 which is passed through the above ASM routine.

CPU Dump
Address   Hex dump                                         
005B05F8  02 A8 02 DD|51 CF 52 23|08 93 D4 74|7B FA C5 CD|
005B0608  05 A2 9D 29|3D B4 03 AC|60 45 01 66|71 59 7E 13|
005B0618  0A F3 CA 05|5C 7B D0 02|87 28 29 42|0E A0 CF F8|
005B0628  07 CD 4F 00|D1 94 A5 FE|96 07 C8 18|AC D1 77 52|
005B0638  0E 03 A0 CD|EE 52 BD 16|0B B3 B3 00|CF AF D0 AA| 
005B0648  01 DD 30 76|21 6E 18 BC|58 62 DA 48|0C 62 DB 6C| 
005B0658  05 78 FD 03|E0 6A E4 C5|20 07 D0 A6|F9 23 51 16|
005B0668  02 83 13 6D|A4 E6 F7 05|A2 F6 78 B2|28 41 5D 6B|
005B0678  00 A4 A5 E1|CD BD 35 C1|D4 B2 F6 A0|F5 03 78 A2| 
005B0688  0B 82 31 E9|9A 12 05 EB|6A 91 0A 5C|DF BB D4 92|
005B0698  0D 07 E8 9E|D5 D6 C0 71|BE B6 34 CE|BA BF D0 E9|
005B06A8  0D B3 26 D7|04 C7 24 58|C3 45 7F 81|57 00 C4 55| 
005B06B8  07 EA D7 5F|DA 79 BD C5|F4 61 AA 0C|3D 82 D1 B9|
005B06C8  04 33 F2 1A|A6 93 5E 26|46 0A 17 A4|F2 7C C6 5D|
005B06D8  0E CF E3 3F|05 FA 88 64|0B 72 56 A5|65 DA F2 17|
005B06E8  07 77 FB 00|0C C0 E0 0B|10 AE D7 00|5E 88 66 85|
 
Last edited:

I made a mistake in my last post. Here is the actual data. The first 256 bytes is the data sent from System1 to System2 for processing. After System 2 returns 256 bytes it is passed through the algorithm and the second 256 bytes are obtained.


In the second set of bytes only the 1st column is changed. Probably it is a checksum.

PHP: 
CPU Dump
Address   Hex dump                                         ASCII
00574624  0F 2E 8D 04|07 CD 1F 53|F0 84 A6 15|7D DC 9F 13| .ÍSð„¦}ÜŸ
00574634  00 7D A3 18|55 B6 A0 32|71 27 62 02|1B 97 CD 5E|  }£U¶*2q'b—Í^
00574644  0E D9 4C 00|92 02 3D A6|7B D8 EF FC|1C 76 00 60| ÙL ’=¦{Øïüv `
00574654  0F B0 0F E0|BF 37 0F 51|EF 4D 0C A1|AC 23 7A 62| °à¿7QïM¡¬#zb
00574664  02 0F 65 F8|9C 19 F2 E9|8F 0E 1B 85|04 7E 9C 2B| eøœò鏅~œ+
00574674  0F 9A 72 DF|20 28 36 63|01 9D C1 79|94 91 8E 70| šrß (6cÁy”‘Žp
00574684  0E 51 AA 11|6F 6E 49 0D|CA D0 3F 9B|3C 7C 3E 47| QªonIÊÐ?›<|>G
00574694  0F 8F 89 21|6E A0 6B 67|F2 A9 52 BC|73 05 93 90| ‰!n*kgò©R¼s“
005746A4  0A 15 41 31|0B 5C 5C 07|BD 45 48 0B|7F 78 15 6E| A1\\½EHxn
005746B4  01 18 0E 58|22 BB 11 96|18 CA AC E6|9F B5 A3 AE| X"»–ʬ柵£®
005746C4  01 28 A3 1C|A1 37 5E 09|ED 62 F5 31|3F 02 A7 3E| (£¡7^	íbõ1?§>
005746D4  0C 23 6B D9|BD 97 A6 31|5A 0B 89 67|23 08 90 98| #kÙ½—¦1Z‰g#˜
005746E4  03 F3 A1 3A|99 E3 92 1E|D4 12 DA B7|9D 0A 41 38| ó¡:™ã’ÔÚ·A8
005746F4  0D CD 52 9F|01 57 D1 03|69 7B 38 CE|BA 74 3C 03| ÍRŸWÑi{8κt<
00574704  0B 09 5D 96|8D 5F 53 14|DF 53 5E 9A|73 D3 0E C0| 	]–_SßS^šsÓÀ
00574714  0F 76 27 47|E0 22 EA C4|EE 8E B8 00|07 92 00 84| v'Gà"êÄ ’ „



CPU Dump
Address   Hex dump                                         ASCII
00574624  08 2E 8D 04|07 CD 1F 53|F0 84 A6 37|7D 7D 9F 13| .ÍSð„¦7}}Ÿ
00574634  01 7D A3 18|DD B6 A0 32|71 27 B8 0F|1B 97 CD 5E| }£ݶ*2q'¸—Í^
00574644  0B D9 4C 01|92 02 3D A6|7B D8 EF FC|1C 76 00 60| ÙL’=¦{Øïüv `
00574654  00 B0 0F E0|BF 37 0F 51|EF 4D 0D A1|AC 23 7A 62|  °à¿7QïM¡¬#zb
00574664  07 0E 65 F8|9C 19 F2 E9|8F 0E 1B 85|04 7E 9C 2B| eøœò鏅~œ+
00574674  06 9A 72 DF|20 28 36 63|02 9D C1 79|94 91 8E 70| šrß (6cÁy”‘Žp
00574684  0B 51 AA 11|6F 6E 49 0A|CA D0 3F 9B|3C 7C 3E 47| QªonIÊÐ?›<|>G
00574694  0C 8F 89 21|6E A0 6B 67|F2 A9 52 BC|73 06 93 90| ‰!n*kgò©R¼s“
005746A4  0F 15 41 31|0A 5C 5C 07|BD 45 48 0B|7F 78 15 6E| A1\\½EHxn
005746B4  02 18 0F 58|22 BB 11 96|18 CA AC E6|9F B5 A3 AE| X"»–ʬ柵£®
005746C4  00 28 A3 1C|A1 37 5E 08|ED 62 F5 31|3F 02 A7 3E|  (£¡7^íbõ1?§>
005746D4  05 23 6B D9|BD 97 A6 31|5A 0C 89 67|23 08 90 98| #kÙ½—¦1Z‰g#˜
005746E4  04 F3 A1 3A|99 E3 92 1E|D4 12 DA B7|9D 0D 41 38| ó¡:™ã’ÔÚ·A8
005746F4  0C CD 52 9F|01 57 D1 04|69 7B 38 CE|BA 74 3C 03| ÍRŸWÑi{8κt<
00574704  0A 09 5D 96|8D 5F 53 14|DF 53 5E 9A|73 D3 0F C0| 	]–_SßS^šsÓÀ
00574714  0E 76 27 47|E0 22 EA C4|EE 8E B8 00|06 92 00 84| v'Gà"êÄ ’ „
 

Hello!

Indeed, you can often get rid of the else statements.
For example, in this part of your code:

Code C - [expand]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

void proc1() {
    if(byteA != 0) {
        if(byteA != 0x0f) {
            return;
        }
        else {
            byteA--;
            goto aadr_0053D984;
        }
    }
    else {
        byteA++;
        goto aadr_0053D984;
    }
}


There are 2 else statements.
The first one: if byteA is not 0x0F, then you return where the function proc1 was called.
Therefore you don't need the else statement because at that point byteA *IS* 0x0F.

Next, similarly you don't need the second else statement because in the 2 above cases,
you already went somewhere else by return or goto.
You can therefore rewrite your code as:

Code C - [expand]
1
2
3
4
5
6
7
8
9
10
11
12

void proc1() {
    if(byteA != 0) {
        if(byteA != 0x0f) return;
        // At this point you don't need a else because if byteA was not 0x0F, you're already out by the above return.
        byteA--;
        goto aadr_0053D984;
    }
    // At this point you don't need a else because if byteA was not 0, you're already out, either
    // by return or goto.
    byteA++;
    goto aadr_0053D984;
}


Dora.
 
Thank you doraemon.

I understood what you said but I need to remove else statements from the code in post #1. Please take out one of your gadgets and show me an example related to code in post #1.
 

Hello!

I understood what you said but I need to remove else statements from the code in post #1.
Please take out one of your gadgets and show me an example related to code in post #1.
Click to expand...

Well, this IS actually an example from your post 1.
And instead of trying to get rid of else statements, you may consider trying to get rid of
goto statements, that would be a lot more useful.

Dora.
 
Status
Not open for further replies.

Similar threads

Part and Inventory Search

Welcome to EDABoard.com

Sponsor

Back
Top