004031D9 |>MOV EAX,DWORD PTR SS:[EBP+8] ; code 51 = Q (arg) 004031DC |>MOVSX EAX,BYTE PTR DS:[EAX+1] ; decrypt command and process 004031E0 |>CMP EAX,20 004031E3 |>JNZ exe11554.004032A9 004031E9 |>MOV EAX,DWORD PTR SS:[EBP+8] ; command 004031EC |>INC EAX ; skip two chars 004031ED |>INC EAX 004031EE |>MOV DWORD PTR SS:[EBP-40C],EAX ; 40c = ptr to start 004031F4 |>AND DWORD PTR SS:[EBP-408],0 ; offset 004031FB |>AND DWORD PTR SS:[EBP-404],0 00403202 |>JMP SHORT exe11554.00403212 00403204 |>/MOV EAX,DWORD PTR SS:[EBP-408] ; loop start 0040320A |>|INC EAX 0040320B |>|INC EAX 0040320C |>|MOV DWORD PTR SS:[EBP-408],EAX 00403212 |> MOV EAX,DWORD PTR SS:[EBP-40C] ; ptr to start 00403218 |>|ADD EAX,DWORD PTR SS:[EBP-408] ; offset 0040321E |>|MOVSX EAX,BYTE PTR DS:[EAX] ; got some content? 00403221 |>|TEST EAX,EAX 00403223 |>|JE SHORT exe11554.0040328C ; jump if not 00403225 |>|MOV EAX,DWORD PTR SS:[EBP-40C] ; ptr 0040322B |>|ADD EAX,DWORD PTR SS:[EBP-408] ; +offset 00403231 |>|MOVSX EAX,BYTE PTR DS:[EAX] ; first dword 00403234 |>|SUB EAX,61 ; subtract 61 00403237 |>|SHL EAX,4 ; << 4 0040323A |>|MOV ECX,DWORD PTR SS:[EBP-404] ; storage 00403240 |>|MOV BYTE PTR SS:[EBP+ECX-400],AL ; store lower byte 00403247 |>|MOV EAX,DWORD PTR SS:[EBP-40C] ; ptr 0040324D |>|ADD EAX,DWORD PTR SS:[EBP-408] ; +offset 00403253 |>|MOVSX EAX,BYTE PTR DS:[EAX+1] ; +1 00403257 |>|SUB EAX,61 ; sub 61 0040325A |>|MOVSX EAX,AL ; get it 0040325D |>|MOV ECX,DWORD PTR SS:[EBP-404] ; storage 00403263 |>|MOVSX ECX,BYTE PTR SS:[EBP+ECX-400] ; grab stored byte 0040326B |>|ADD ECX,EAX ; add result 0040326D |>|MOV EAX,DWORD PTR SS:[EBP-404] 00403273 |>|MOV BYTE PTR SS:[EBP+EAX-400],CL 0040327A |>|MOV EAX,DWORD PTR SS:[EBP-404] 00403280 |>|INC EAX 00403281 |>|MOV DWORD PTR SS:[EBP-404],EAX 00403287 |>\JMP exe11554.00403204
#!/usr/bin/perl my $crypt = $ARGV[0]; die "Usage: $0 <Mocbot crypted command>\n" unless $crypt =~ /^[a-z]+$/; for (my $i = 0; $i < length($crypt); $i+=2) { print chr((ord(substr($crypt, $i, 1)) - 0x61 << 4) + (ord(substr($crypt, $i+1, 1)) - 0x61)); } print "\n";
./decode.pl gjcaekepejeocacdha i JOIN #p
There are 31,314 total registered users.
[+] expand