您的位置:360文档中心› PIC单片机芯片的解密原理介绍(程序补充)

PIC单片机芯片的解密原理介绍(程序补充)

PIC单片机芯片的解密原理介绍(程序补充)
-------------------------------------------------------------------------------
Dejan Kaljevic 1998.







start_crack_pic:

_printm 8,0,1eh,'Pass 1: Reading...'
;====================================== pass 1
call start_pic

mov edi,bafer_1
mov ecx,pic_size

__nex_vc: mov bl,4
call send_cmd
call read_data

shr bx,1
and bh,not 0c0h
mov [edi],bx
add edi,2
mov bl,6
call send_cmd
loop __nex_vc

call end_pic
;--------------------------------------
_printm 9,0,1eh,'Writing to file: DEX_PIC1.HEX'

mov esi,bafer_1
mov edi,bafer_6
mov ecx,pic_size
lea edx,file_1
call baf_2_hex ;save in HEX


_printm 10,0,1eh,'Pass 2: R&W...'
;====================================== ;pass 2
call start_pic

mov bl,2
call send_cmd ;Load data
mov bx,3f80h
call send_data
mov bl,8
call send_cmd ;Begin prog

mov edi,bafer_2
mov ecx,pic_size

;--------------------------------------
x__nex_vc: mov bl,4 ;Read data
call send_cmd
call read_data

shr bx,1
and bh,not 0c0h
mov [edi],bx
add edi,2
mov bl,6
call send_cmd ;Inc addr
loop x__nex_vc

call itime_h
call end_pic
;--------------------------------------
_printm 11,0,1eh,'Writing to file: DEX_PIC2.HEX'

mov esi,bafer_2
mov edi,bafer_6
mov ecx,pic_size
lea edx,file_2
call baf_2_hex ;Save in HEX


_printm 12,0,1eh,'Pass 3: Reading...'

;-------------------------------------- pass 3
call itime_h
call start_pic

mov edi,bafer_3
mov ecx,pic_size

xx__nex_vc: mov bl,4
call send_cmd
call read_data

shr bx,1
and bh,not 0c0h
mov [edi],bx
add edi,2
mov bl,6
call send_cmd
loop xx__nex_vc

call end_pic

_printm 13,0,1eh,'Writing to file: DEX_PIC3.HEX'

mov esi,bafer_3
mov edi,bafer_6
mov ecx,pic_size
lea edx,file_3
call baf_2_hex

;======================================
_printm 14,0,1eh,'Decoding...'

xor edx,edx
mov ecx,pic_size
mov esi,bafer_1
mov ebx,bafer_3
mov edi,bafer_4
mov ebp,bafer_5

zre1: mov ax,[ebx]

cmp dword ptr brojac_1,40h
jb nisu_isti

push eax
xor al,[esi]
and al,40h
pop eax
jz isti_su


nisu_isti: mov dx,ax
not ax
and ax,7fh
xor dx,[esi]
and dx,7fh
shl ax,7
or ax,dx
stosw
mov ax,-1
jmp izl1

isti_su: mov dx,ax
not ax
and ax,7fh
xor dx,[esi]
and dx,7fh
shl ax,7
or ax,dx
stosw
test ah,20h
jnz nula_b
or word ptr es:[edi-2],2040h
and ax,not 2040h
jmp izl1

nula_b: or byte ptr es:[edi-1],20h
and byte ptr es:[edi-2],not 40h
or al,40h
and ah,not 20h

izl1: mov word ptr es:[ebp],ax
add esi,2
add ebx,2
add ebp,2
inc dword ptr brojac_1
loop zre1

;--------------------------------------
_printm 15,0,1eh,'Writing to file: DEX_COD1.HEX'

mov esi,bafer_4
mov edi,bafer_6
mov ecx,pic_size
lea edx,file_4
call baf_2_hex

_printm 16,0,1eh,'Writing to file: DEX_COD2.HEX'

mov esi,bafer_5
mov edi,bafer_6
mov ecx,pic_size
lea edx,file_5
call baf_2_hex
;======================================

_prin

tm 17,0,1eh,'Disassembling...'


mov ecx,pic_size
xor esi,esi
mov edi,bafer_6

lea ebx,info
call copy_string
dec edi

next_dis: mov eax,brojac
call ax_2_hex
mov eax,' :'
stosw
inc dword ptr brojac

mov ebx,bafer_1
mov ax,word ptr [esi+ebx]
call ax_2_hex
mov ax,' '
stosw
mov ebx,bafer_2
mov ax,word ptr [esi+ebx]
call ax_2_hex
mov ax,' '
stosw
mov ebx,bafer_3
mov ax,word ptr [esi+ebx]
call ax_2_hex
mov eax,' '
stosd
;stosw

mov ebx,bafer_4
mov ax,word ptr [esi+ebx]
call ax_2_hex
mov ax,' '
stosw

push ecx
push edi
push esi
lea esi,[esi+ebx]
call decode
pop esi
mov eax,edi
pop ecx
sub eax,ecx
mov ecx,25
sub ecx,eax
mov al,' '
rep stosb

mov ebx,bafer_5
mov ax,word ptr [esi+ebx]
cmp ax,-1
je ok_oo

call ax_2_hex
mov ax,' '
stosw

push esi
lea esi,[esi+ebx]
call decode
pop esi
ok_oo: mov ax,0a0dh
stosw
pop ecx
add esi,2
loop next_dis
;--------------------------------------
_printm 18,0,1eh,'Writing to file: DEX.LST'


lea edx,file_6
call createfile
mov bx,ax

mov ecx,edi
mov edx,bafer_6
sub ecx,edx
call writefile
call closefile

_printm 19,0,1eh,'Done!'

ret






ax_2_hex: push eax
push eax
mov al,ah
call hexax
xchg al,ah
stosw
pop eax
call hexax
xchg al,ah
stosw
pop eax
ret





;--------------------------------------
start_pic: mov dx,port_dx

call mclr_0
call itime
call clk_0
call data_0

call itime_h
call mclr_13

call itime_h
ret


;--------------------------------------
end_pic: call mclr_0
call itime_h
call clk_3
call data_3
call itime_h
ret

;--------------------------------------
read_data: push ecx
call itime
mov ecx,16

_nex_cmds: call clk_1
call itime
call clk_0

inc dx
in al,dx
dec dx
shr al,7
rcr bx,1

call itime

loop _nex_cmds

call data_3

call itime
pop ecx
ret

;--------------------------------------
send_data: shl bx,1
and bh,not 80h

send_data_16: push ecx
call itime
mov ecx,16

jmp nex_cmds

;--------------------------------------
send_cmd: push ecx
call clk_0
call data_0

call itime

mov ecx,6

nex_cmds: shr bx,1
jc cm_o
call data_0
jmp cm_oo
cm_o: call data_1
cm_oo:

call clk_1
call itime
call clk_0
call itime

loop nex_cmds

call data_3

call itime
pop ecx
ret

;---------------------------------------
clk_0: and byte ptr port_x,0ddh
mov al,byte ptr port_x
out dx,al
ret

clk_1: and byte ptr port_x,0ddh
or byte ptr port_x,2
mov al,byte ptr port_x
out dx,al
ret


clk_3: or byte ptr port_x,22h
mov al,byte ptr port_x
out dx,al
ret
;---------------------------------------

data_0: and byte ptr port_x,0fah
mov al,byte ptr port_x
out dx,al
ret

data_1: and byte ptr port_x,0fah
or byte ptr port_x,1
mov al,byte ptr port_x
out dx,al
ret

data_3: or byte ptr port_x,5h
mov al,byte ptr port_x
out dx,al
ret

;---------------------------------------
mclr_5: and byte ptr port_x,0e7h
mov al,byte pt

r port_x
out dx,al
ret

mclr_0: and byte ptr port_x,0e7h
or byte ptr port_x,10h
mov al,byte ptr port_x
out dx,al
ret

mclr_13: and byte ptr port_x,0e7h
or byte ptr port_x,8h
mov al,byte ptr port_x
out dx,al
ret
;---------------------------------------



;--------------------------------------
itime: push ecx
mov ecx,400
loop $
pop ecx
ret
;--------------------------------------
itime_h: push ecx
mov ecx,100
n_it: call itime
loop n_it
pop ecx
ret
;--------------------------------------


相关主题
相关文档
最新文档