View previous topic :: View next topic |
Author |
Message |
Antoshick Advanced Cheater Reputation: 0
Joined: 02 Nov 2018 Posts: 56
|
Posted: Sat Mar 09, 2019 10:04 am Post subject: imul instruction question |
|
|
Hi, if somebody can help,
i cant understand how make calculation for this instruction
Code: | imul eax,[rcx+00000198],B05C6C43 |
[rcx+00000198] - it is static value = (4 bytes hex) BCF2465F
After complete instruction EAX = (float )188.4955597 or in (4 bytes hex)433C7EDD
As i understand imul use this method
Code: | imul ecx,edx,2 // ecx = edx * 2 |
so BCF2465F * B05C6C43 = 822AC75A433C7EDD
822AC75A_433C7EDD this second part of value - value which i want change.
But i cant find solution how convert back new value with using it key B05C6C43
822AC75A433C7EDD / B05C6C43 = BCF2465F but how i can create first part
of 822AC75A433C7EDD (822AC75A)
Last edited by Antoshick on Sun Mar 10, 2019 12:50 am; edited 2 times in total |
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Sat Mar 09, 2019 10:38 am Post subject: |
|
|
there is no (en)decryption, i\mul i\div have endless uses. _________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
Antoshick Advanced Cheater Reputation: 0
Joined: 02 Nov 2018 Posts: 56
|
Posted: Sun Mar 10, 2019 12:39 am Post subject: |
|
|
OldCheatEngineUser wrote: | there is no (en)decryption, i\mul i\div have endless uses. |
Ok, understand.
Do you know how can i calculate new value? |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Sun Mar 10, 2019 11:52 am Post subject: |
|
|
I don't think that's an easy problem to solve. Have you looked at the code that writes to rcx+198?
edit1: instead of dividing, multiplying it by the inverse using fixed point arithmetic might work. I'm a bit busy now but I'll look at this more later if someone else doesn't. _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Antoshick Advanced Cheater Reputation: 0
Joined: 02 Nov 2018 Posts: 56
|
Posted: Sun Mar 10, 2019 10:39 pm Post subject: |
|
|
ParkourPenguin wrote: | I don't think that's an easy problem to solve. Have you looked at the code that writes to rcx+198? |
Repe command writes value to address. And i think it repe just get value from games file.
Yesterday at evening on russian forum about game hacking we found one way to solve it question
Code: |
push eax
push ebx
push ecx
push edx
mov ecx,[Value]
Podbor:
inc ebx
imul eax,ebx,B05C6C43
cmp eax,ecx
je @f
jmp Podbor
@@:
mov [adres],ebx
pop edx
pop ecx
pop ebx
pop eax
|
Value - new float value which i want
adres - converted value for writing to memory
Quote: | edit1: instead of dividing, multiplying it by the inverse using fixed point arithmetic might work. I'm a bit busy now but I'll look at this more later if someone else doesn't. |
Thank you, if you will find more easily way, i am and my friends from russian forum will be very glad, because we very interested of it situation with it instruction. |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Mon Mar 11, 2019 1:18 pm Post subject: |
|
|
I was mistaken- fixed point arithmetic wouldn't be useful. I found a better way, however. Multiply whatever value you want by DA9A406B and the lower dword will give back the original value when multiplied by the key (B05C6C43).
Code: | (float)188.4955597 = 433C7EDD // original value
433C7EDD * DA9A406B mod 2^32 = BCF2465F // encrypt value
BCF2465F * B05C6C43 mod 2^32 = 433C7EDD // decrypt value
|
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Antoshick Advanced Cheater Reputation: 0
Joined: 02 Nov 2018 Posts: 56
|
Posted: Tue Mar 12, 2019 12:14 am Post subject: |
|
|
ParkourPenguin wrote: | I found a better way | Wondering. Sorry if it takes many your time.
ParkourPenguin wrote: | Code: | 433C7EDD * DA9A406B mod 2^32 = BCF2465F |
| How you found it DA9A406B? You used brute force method like we?
Also, game has many anothers addresses, with own imul instructions with own specific keys. I want create small tool for easy testing values in memory (for quick encrypt,decrypt values). Brute force method takes 1-3 seconds for it crypt work. Its too long. So for your method, if i will found new key (like B05C6C43), i need before use brute force for get DA9A406B and only then your method? |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Tue Mar 12, 2019 9:52 am Post subject: |
|
|
Antoshick wrote: | How you found it DA9A406B? You used brute force method like we? | DA9A406B is important because DA9A406B * B05C6C43 = 1 (mod 2^32).
I brute forced the answer, but I think there's a better way of doing it. If I figure it out I'll post it here.
How I brute forced it:
Code: | xor ecx,ecx
mov edx,ecx
mov eax,[encryptKey]
@@:
inc ecx
add edx,eax
cmp edx,1
jne short @b
mov [decryptKey],ecx |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Antoshick Advanced Cheater Reputation: 0
Joined: 02 Nov 2018 Posts: 56
|
Posted: Tue Mar 12, 2019 10:37 am Post subject: |
|
|
ParkourPenguin wrote: | I brute forced the answer, but I think there's a better way of doing it. If I figure it out I'll post it here. |
Ok, thank. |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Tue Mar 12, 2019 6:14 pm Post subject: |
|
|
If you want a more efficient implementation, I found some information online. Search for "modular multiplicative inverse" and "extended Euclidean algorithm." _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Antoshick Advanced Cheater Reputation: 0
Joined: 02 Nov 2018 Posts: 56
|
Posted: Tue Mar 12, 2019 10:26 pm Post subject: |
|
|
ParkourPenguin wrote: | If you want a more efficient implementation, I found some information online. Search for "modular multiplicative inverse" and "extended Euclidean algorithm." |
Yes, it very interesting thing, thank. |
|
Back to top |
|
|
|