Difference between revisions of "Talk:Blackra1n"

From The iPhone Wiki
Jump to: navigation, search
(Payload)
m
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
  +
{{lowercase}}
  +
== Why no AFC2? ==
 
Is there any reason why even RC3 doesn't add afc2 to services.plist? --[[User:Redart|Redart]] 13:40, 4 November 2009 (UTC)
 
Is there any reason why even RC3 doesn't add afc2 to services.plist? --[[User:Redart|Redart]] 13:40, 4 November 2009 (UTC)
   
 
== Payload ==
 
== Payload ==
 
 
I notice pages like the one for [[ultrasn0w]] contain the payload. Is there any chance that the payload for blackra1n or an old jailbreak like [[purplera1n]] will be published? [[User:MaybachMan|MaybachMan]] 08:25, 1 August 2010 (UTC)
 
I notice pages like the one for [[ultrasn0w]] contain the payload. Is there any chance that the payload for blackra1n or an old jailbreak like [[purplera1n]] will be published? [[User:MaybachMan|MaybachMan]] 08:25, 1 August 2010 (UTC)
  +
:That would be really awesome to see. Anyone able to <del>negotiate</del> communicate with geohot? [[User:Iemit737|Iemit737]] 09:07, 1 August 2010 (UTC)
 
  +
:I don't know what will get published by him. But why don't you just disassemble it and publish it here? I assume this won't be a problem, as the same happened for [[Spirit]]. -- [[User:Http|http]] 09:51, 1 August 2010 (UTC)
 
  +
:I have blackra1n open in IDA right now, here's what it gave me (I hope I did this right).
That would be really awesome to see. Anyone able to <del>negotiate</del> communicate with geohot? [[User:Iemit737|Iemit737]] 09:07, 1 August 2010 (UTC)
 
  +
<pre>
  +
UPX1:004E9A40 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
  +
UPX1:004E9A40
  +
UPX1:004E9A40
  +
UPX1:004E9A40 public start
  +
UPX1:004E9A40 start proc near
  +
UPX1:004E9A40
  +
UPX1:004E9A40 var_AC = dword ptr -0ACh
  +
UPX1:004E9A40
  +
UPX1:004E9A40 pusha
  +
UPX1:004E9A41 mov esi, offset byte_455015
  +
UPX1:004E9A46 lea edi, [esi-54015h]
  +
UPX1:004E9A4C push edi
  +
UPX1:004E9A4D jmp short loc_4E9A5A
  +
UPX1:004E9A4D ; ---------------------------------------------------------------------------
  +
UPX1:004E9A4F align 10h
  +
UPX1:004E9A50
  +
UPX1:004E9A50 loc_4E9A50: ; CODE XREF: start:loc_4E9A61�j
  +
UPX1:004E9A50 mov al, [esi]
  +
UPX1:004E9A52 inc esi
  +
UPX1:004E9A53 mov [edi], al
  +
UPX1:004E9A55 inc edi
  +
UPX1:004E9A56
  +
UPX1:004E9A56 loc_4E9A56: ; CODE XREF: start+CF�j
  +
UPX1:004E9A56 ; start+E5�j
  +
UPX1:004E9A56 add ebx, ebx
  +
UPX1:004E9A58 jnz short loc_4E9A61
  +
UPX1:004E9A5A
  +
UPX1:004E9A5A loc_4E9A5A: ; CODE XREF: start+D�j
  +
UPX1:004E9A5A mov ebx, [esi]
  +
UPX1:004E9A5C sub esi, 0FFFFFFFCh
  +
UPX1:004E9A5F adc ebx, ebx
  +
UPX1:004E9A61
  +
UPX1:004E9A61 loc_4E9A61: ; CODE XREF: start+18�j
  +
UPX1:004E9A61 jb short loc_4E9A50
  +
UPX1:004E9A63 mov eax, 1
  +
UPX1:004E9A68
  +
UPX1:004E9A68 loc_4E9A68: ; CODE XREF: start+52�j
  +
UPX1:004E9A68 add ebx, ebx
  +
UPX1:004E9A6A jnz short loc_4E9A73
  +
UPX1:004E9A6C mov ebx, [esi]
  +
UPX1:004E9A6E sub esi, 0FFFFFFFCh
  +
UPX1:004E9A71 adc ebx, ebx
  +
UPX1:004E9A73
  +
UPX1:004E9A73 loc_4E9A73: ; CODE XREF: start+2A�j
  +
UPX1:004E9A73 adc eax, eax
  +
UPX1:004E9A75 add ebx, ebx
  +
UPX1:004E9A77 jnb short loc_4E9A84
  +
UPX1:004E9A79 jnz short loc_4E9AA3
  +
UPX1:004E9A7B mov ebx, [esi]
  +
UPX1:004E9A7D sub esi, 0FFFFFFFCh
  +
UPX1:004E9A80 adc ebx, ebx
  +
UPX1:004E9A82 jb short loc_4E9AA3
  +
UPX1:004E9A84
  +
UPX1:004E9A84 loc_4E9A84: ; CODE XREF: start+37�j
  +
UPX1:004E9A84 dec eax
  +
UPX1:004E9A85 add ebx, ebx
  +
UPX1:004E9A87 jnz short loc_4E9A90
  +
UPX1:004E9A89 mov ebx, [esi]
  +
UPX1:004E9A8B sub esi, 0FFFFFFFCh
  +
UPX1:004E9A8E adc ebx, ebx
  +
UPX1:004E9A90
  +
UPX1:004E9A90 loc_4E9A90: ; CODE XREF: start+47�j
  +
UPX1:004E9A90 adc eax, eax
  +
UPX1:004E9A92 jmp short loc_4E9A68
  +
UPX1:004E9A94 ; ---------------------------------------------------------------------------
  +
UPX1:004E9A94
  +
UPX1:004E9A94 loc_4E9A94: ; CODE XREF: start:loc_4E9AC6�j
  +
UPX1:004E9A94 ; start:loc_4E9AD4�j
  +
UPX1:004E9A94 add ebx, ebx
  +
UPX1:004E9A96 jnz short loc_4E9A9F
  +
UPX1:004E9A98 mov ebx, [esi]
  +
UPX1:004E9A9A sub esi, 0FFFFFFFCh
  +
UPX1:004E9A9D adc ebx, ebx
  +
UPX1:004E9A9F
  +
UPX1:004E9A9F loc_4E9A9F: ; CODE XREF: start+56�j
  +
UPX1:004E9A9F adc ecx, ecx
  +
UPX1:004E9AA1 jmp short loc_4E9AF5
  +
UPX1:004E9AA3 ; ---------------------------------------------------------------------------
  +
UPX1:004E9AA3
  +
UPX1:004E9AA3 loc_4E9AA3: ; CODE XREF: start+39�j
  +
UPX1:004E9AA3 ; start+42�j
  +
UPX1:004E9AA3 xor ecx, ecx
  +
UPX1:004E9AA5 sub eax, 3
  +
UPX1:004E9AA8 jb short loc_4E9ABB
  +
UPX1:004E9AAA shl eax, 8
  +
UPX1:004E9AAD mov al, [esi]
  +
UPX1:004E9AAF inc esi
  +
UPX1:004E9AB0 xor eax, 0FFFFFFFFh
  +
UPX1:004E9AB3 jz short loc_4E9B2A
  +
UPX1:004E9AB5 sar eax, 1
  +
UPX1:004E9AB7 mov ebp, eax
  +
UPX1:004E9AB9 jmp short loc_4E9AC6
  +
UPX1:004E9ABB ; ---------------------------------------------------------------------------
  +
UPX1:004E9ABB
  +
UPX1:004E9ABB loc_4E9ABB: ; CODE XREF: start+68�j
  +
UPX1:004E9ABB add ebx, ebx
  +
UPX1:004E9ABD jnz short loc_4E9AC6
  +
UPX1:004E9ABF mov ebx, [esi]
  +
UPX1:004E9AC1 sub esi, 0FFFFFFFCh
  +
UPX1:004E9AC4 adc ebx, ebx
  +
UPX1:004E9AC6
  +
UPX1:004E9AC6 loc_4E9AC6: ; CODE XREF: start+79�j
  +
UPX1:004E9AC6 ; start+7D�j
  +
UPX1:004E9AC6 jb short loc_4E9A94
  +
UPX1:004E9AC8 inc ecx
  +
UPX1:004E9AC9 add ebx, ebx
  +
UPX1:004E9ACB jnz short loc_4E9AD4
  +
UPX1:004E9ACD mov ebx, [esi]
  +
UPX1:004E9ACF sub esi, 0FFFFFFFCh
  +
UPX1:004E9AD2 adc ebx, ebx
  +
UPX1:004E9AD4
  +
UPX1:004E9AD4 loc_4E9AD4: ; CODE XREF: start+8B�j
  +
UPX1:004E9AD4 jb short loc_4E9A94
  +
UPX1:004E9AD6
  +
UPX1:004E9AD6 loc_4E9AD6: ; CODE XREF: start+A5�j
  +
UPX1:004E9AD6 ; start+B0�j
  +
UPX1:004E9AD6 add ebx, ebx
  +
UPX1:004E9AD8 jnz short loc_4E9AE1
  +
UPX1:004E9ADA mov ebx, [esi]
  +
UPX1:004E9ADC sub esi, 0FFFFFFFCh
  +
UPX1:004E9ADF adc ebx, ebx
  +
UPX1:004E9AE1
  +
UPX1:004E9AE1 loc_4E9AE1: ; CODE XREF: start+98�j
  +
UPX1:004E9AE1 adc ecx, ecx
  +
UPX1:004E9AE3 add ebx, ebx
  +
UPX1:004E9AE5 jnb short loc_4E9AD6
  +
UPX1:004E9AE7 jnz short loc_4E9AF2
  +
UPX1:004E9AE9 mov ebx, [esi]
  +
UPX1:004E9AEB sub esi, 0FFFFFFFCh
  +
UPX1:004E9AEE adc ebx, ebx
  +
UPX1:004E9AF0 jnb short loc_4E9AD6
  +
UPX1:004E9AF2
  +
UPX1:004E9AF2 loc_4E9AF2: ; CODE XREF: start+A7�j
  +
UPX1:004E9AF2 add ecx, 2
  +
UPX1:004E9AF5
  +
UPX1:004E9AF5 loc_4E9AF5: ; CODE XREF: start+61�j
  +
UPX1:004E9AF5 cmp ebp, 0FFFFFB00h
  +
UPX1:004E9AFB adc ecx, 2
  +
UPX1:004E9AFE lea edx, [edi+ebp]
  +
UPX1:004E9B01 cmp ebp, 0FFFFFFFCh
  +
UPX1:004E9B04 jbe short loc_4E9B14
  +
UPX1:004E9B06
  +
UPX1:004E9B06 loc_4E9B06: ; CODE XREF: start+CD�j
  +
UPX1:004E9B06 mov al, [edx]
  +
UPX1:004E9B08 inc edx
  +
UPX1:004E9B09 mov [edi], al
  +
UPX1:004E9B0B inc edi
  +
UPX1:004E9B0C dec ecx
  +
UPX1:004E9B0D jnz short loc_4E9B06
  +
UPX1:004E9B0F jmp loc_4E9A56
  +
UPX1:004E9B14 ; ---------------------------------------------------------------------------
  +
UPX1:004E9B14
  +
UPX1:004E9B14 loc_4E9B14: ; CODE XREF: start+C4�j
  +
UPX1:004E9B14 ; start+E1�j
  +
UPX1:004E9B14 mov eax, [edx]
  +
UPX1:004E9B16 add edx, 4
  +
UPX1:004E9B19 mov [edi], eax
  +
UPX1:004E9B1B add edi, 4
  +
UPX1:004E9B1E sub ecx, 4
  +
UPX1:004E9B21 ja short loc_4E9B14
  +
UPX1:004E9B23 add edi, ecx
  +
UPX1:004E9B25 jmp loc_4E9A56
  +
UPX1:004E9B2A ; ---------------------------------------------------------------------------
  +
UPX1:004E9B2A
  +
UPX1:004E9B2A loc_4E9B2A: ; CODE XREF: start+73�j
  +
UPX1:004E9B2A pop esi
  +
UPX1:004E9B2B mov edi, esi
  +
UPX1:004E9B2D mov ecx, 0F1h
  +
UPX1:004E9B32
  +
UPX1:004E9B32 loc_4E9B32: ; CODE XREF: start+F9�j
  +
UPX1:004E9B32 ; start+FE�j
  +
UPX1:004E9B32 mov al, [edi]
  +
UPX1:004E9B34 inc edi
  +
UPX1:004E9B35 sub al, 0E8h
  +
UPX1:004E9B37
  +
UPX1:004E9B37 loc_4E9B37: ; CODE XREF: start+11C�j
  +
UPX1:004E9B37 cmp al, 1
  +
UPX1:004E9B39 ja short loc_4E9B32
  +
UPX1:004E9B3B cmp byte ptr [edi], 1
  +
UPX1:004E9B3E jnz short loc_4E9B32
  +
UPX1:004E9B40 mov eax, [edi]
  +
UPX1:004E9B42 mov bl, [edi+4]
  +
UPX1:004E9B45 shr ax, 8
  +
UPX1:004E9B49 rol eax, 10h
  +
UPX1:004E9B4C xchg al, ah
  +
UPX1:004E9B4E sub eax, edi
  +
UPX1:004E9B50 sub bl, 0E8h
  +
UPX1:004E9B53 add eax, esi
  +
UPX1:004E9B55 mov [edi], eax
  +
UPX1:004E9B57 add edi, 5
  +
UPX1:004E9B5A mov al, bl
  +
UPX1:004E9B5C loop loc_4E9B37
  +
UPX1:004E9B5E lea edi, [esi+0E7000h]
  +
UPX1:004E9B64
  +
UPX1:004E9B64 loc_4E9B64: ; CODE XREF: start+146�j
  +
UPX1:004E9B64 mov eax, [edi]
  +
UPX1:004E9B66 or eax, eax
  +
UPX1:004E9B68 jz short loc_4E9BA6
  +
UPX1:004E9B6A mov ebx, [edi+4]
  +
UPX1:004E9B6D lea eax, [eax+esi+0EA164h]
  +
UPX1:004E9B74 add ebx, esi
  +
UPX1:004E9B76 push eax
  +
UPX1:004E9B77 add edi, 8
  +
UPX1:004E9B7A call dword ptr [esi+0EA1C8h]
  +
UPX1:004E9B80 xchg eax, ebp
  +
UPX1:004E9B81
  +
UPX1:004E9B81 loc_4E9B81: ; CODE XREF: start+15E�j
  +
UPX1:004E9B81 mov al, [edi]
  +
UPX1:004E9B83 inc edi
  +
UPX1:004E9B84 or al, al
  +
UPX1:004E9B86 jz short loc_4E9B64
  +
UPX1:004E9B88 mov ecx, edi
  +
UPX1:004E9B8A push edi
  +
UPX1:004E9B8B dec eax
  +
UPX1:004E9B8C repne scasb
  +
UPX1:004E9B8E push ebp
  +
UPX1:004E9B8F call dword ptr [esi+0EA1CCh]
  +
UPX1:004E9B95 or eax, eax
  +
UPX1:004E9B97 jz short loc_4E9BA0
  +
UPX1:004E9B99 mov [ebx], eax
  +
UPX1:004E9B9B add ebx, 4
  +
UPX1:004E9B9E jmp short loc_4E9B81
  +
UPX1:004E9BA0 ; ---------------------------------------------------------------------------
  +
UPX1:004E9BA0
  +
UPX1:004E9BA0 loc_4E9BA0: ; CODE XREF: start+157�j
  +
UPX1:004E9BA0 call dword ptr [esi+0EA1DCh]
  +
UPX1:004E9BA6
  +
UPX1:004E9BA6 loc_4E9BA6: ; CODE XREF: start+128�j
  +
UPX1:004E9BA6 mov ebp, [esi+0EA1D0h]
  +
UPX1:004E9BAC lea edi, [esi-1000h]
  +
UPX1:004E9BB2 mov ebx, 1000h
  +
UPX1:004E9BB7 push eax
  +
UPX1:004E9BB8 push esp
  +
UPX1:004E9BB9 push 4
  +
UPX1:004E9BBB push ebx
  +
UPX1:004E9BBC push edi
  +
UPX1:004E9BBD call ebp
  +
UPX1:004E9BBF lea eax, [edi+19Fh]
  +
UPX1:004E9BC5 and byte ptr [eax], 7Fh
  +
UPX1:004E9BC8 and byte ptr [eax+28h], 7Fh
  +
UPX1:004E9BCC pop eax
  +
UPX1:004E9BCD push eax
  +
UPX1:004E9BCE push esp
  +
UPX1:004E9BCF push eax
  +
UPX1:004E9BD0 push ebx
  +
UPX1:004E9BD1 push edi
  +
UPX1:004E9BD2 call ebp
  +
UPX1:004E9BD4 pop eax
  +
UPX1:004E9BD5 popa
  +
UPX1:004E9BD6 lea eax, [esp+2Ch+var_AC]
  +
UPX1:004E9BDA
  +
UPX1:004E9BDA loc_4E9BDA: ; CODE XREF: start+19E�j
  +
UPX1:004E9BDA push 0
  +
UPX1:004E9BDC cmp esp, eax
  +
UPX1:004E9BDE jnz short loc_4E9BDA
  +
UPX1:004E9BE0 sub esp, 0FFFFFF80h
  +
UPX1:004E9BE3 jmp near ptr dword_401240
  +
UPX1:004E9BE3 start endp
  +
UPX1:004E9BE3
  +
UPX1:004E9BE3 ; ---------------------------------------------------------------------------
  +
UPX1:004E9BE8 dd 6 dup(0)
  +
UPX1:004E9C00 dd 100h dup(?)
  +
UPX1:004E9C00 UPX1 ends
  +
UPX1:004E9C00
  +
UPX1:004E9C00
  +
UPX1:004E9C00 end start
  +
</pre>
  +
:--[[User:MaybachMan|MaybachMan]] 17:37, 3 August 2010 (UTC)

Latest revision as of 03:33, 30 January 2013

Why no AFC2?

Is there any reason why even RC3 doesn't add afc2 to services.plist? --Redart 13:40, 4 November 2009 (UTC)

Payload

I notice pages like the one for ultrasn0w contain the payload. Is there any chance that the payload for blackra1n or an old jailbreak like purplera1n will be published? MaybachMan 08:25, 1 August 2010 (UTC)

That would be really awesome to see. Anyone able to negotiate communicate with geohot? Iemit737 09:07, 1 August 2010 (UTC)
I don't know what will get published by him. But why don't you just disassemble it and publish it here? I assume this won't be a problem, as the same happened for Spirit. -- http 09:51, 1 August 2010 (UTC)
I have blackra1n open in IDA right now, here's what it gave me (I hope I did this right).
UPX1:004E9A40 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
UPX1:004E9A40
UPX1:004E9A40
UPX1:004E9A40                 public start
UPX1:004E9A40 start           proc near
UPX1:004E9A40
UPX1:004E9A40 var_AC          = dword ptr -0ACh
UPX1:004E9A40
UPX1:004E9A40                 pusha
UPX1:004E9A41                 mov     esi, offset byte_455015
UPX1:004E9A46                 lea     edi, [esi-54015h]
UPX1:004E9A4C                 push    edi
UPX1:004E9A4D                 jmp     short loc_4E9A5A
UPX1:004E9A4D ; ---------------------------------------------------------------------------
UPX1:004E9A4F                 align 10h
UPX1:004E9A50
UPX1:004E9A50 loc_4E9A50:                             ; CODE XREF: start:loc_4E9A61�j
UPX1:004E9A50                 mov     al, [esi]
UPX1:004E9A52                 inc     esi
UPX1:004E9A53                 mov     [edi], al
UPX1:004E9A55                 inc     edi
UPX1:004E9A56
UPX1:004E9A56 loc_4E9A56:                             ; CODE XREF: start+CF�j
UPX1:004E9A56                                         ; start+E5�j
UPX1:004E9A56                 add     ebx, ebx
UPX1:004E9A58                 jnz     short loc_4E9A61
UPX1:004E9A5A
UPX1:004E9A5A loc_4E9A5A:                             ; CODE XREF: start+D�j
UPX1:004E9A5A                 mov     ebx, [esi]
UPX1:004E9A5C                 sub     esi, 0FFFFFFFCh
UPX1:004E9A5F                 adc     ebx, ebx
UPX1:004E9A61
UPX1:004E9A61 loc_4E9A61:                             ; CODE XREF: start+18�j
UPX1:004E9A61                 jb      short loc_4E9A50
UPX1:004E9A63                 mov     eax, 1
UPX1:004E9A68
UPX1:004E9A68 loc_4E9A68:                             ; CODE XREF: start+52�j
UPX1:004E9A68                 add     ebx, ebx
UPX1:004E9A6A                 jnz     short loc_4E9A73
UPX1:004E9A6C                 mov     ebx, [esi]
UPX1:004E9A6E                 sub     esi, 0FFFFFFFCh
UPX1:004E9A71                 adc     ebx, ebx
UPX1:004E9A73
UPX1:004E9A73 loc_4E9A73:                             ; CODE XREF: start+2A�j
UPX1:004E9A73                 adc     eax, eax
UPX1:004E9A75                 add     ebx, ebx
UPX1:004E9A77                 jnb     short loc_4E9A84
UPX1:004E9A79                 jnz     short loc_4E9AA3
UPX1:004E9A7B                 mov     ebx, [esi]
UPX1:004E9A7D                 sub     esi, 0FFFFFFFCh
UPX1:004E9A80                 adc     ebx, ebx
UPX1:004E9A82                 jb      short loc_4E9AA3
UPX1:004E9A84
UPX1:004E9A84 loc_4E9A84:                             ; CODE XREF: start+37�j
UPX1:004E9A84                 dec     eax
UPX1:004E9A85                 add     ebx, ebx
UPX1:004E9A87                 jnz     short loc_4E9A90
UPX1:004E9A89                 mov     ebx, [esi]
UPX1:004E9A8B                 sub     esi, 0FFFFFFFCh
UPX1:004E9A8E                 adc     ebx, ebx
UPX1:004E9A90
UPX1:004E9A90 loc_4E9A90:                             ; CODE XREF: start+47�j
UPX1:004E9A90                 adc     eax, eax
UPX1:004E9A92                 jmp     short loc_4E9A68
UPX1:004E9A94 ; ---------------------------------------------------------------------------
UPX1:004E9A94
UPX1:004E9A94 loc_4E9A94:                             ; CODE XREF: start:loc_4E9AC6�j
UPX1:004E9A94                                         ; start:loc_4E9AD4�j
UPX1:004E9A94                 add     ebx, ebx
UPX1:004E9A96                 jnz     short loc_4E9A9F
UPX1:004E9A98                 mov     ebx, [esi]
UPX1:004E9A9A                 sub     esi, 0FFFFFFFCh
UPX1:004E9A9D                 adc     ebx, ebx
UPX1:004E9A9F
UPX1:004E9A9F loc_4E9A9F:                             ; CODE XREF: start+56�j
UPX1:004E9A9F                 adc     ecx, ecx
UPX1:004E9AA1                 jmp     short loc_4E9AF5
UPX1:004E9AA3 ; ---------------------------------------------------------------------------
UPX1:004E9AA3
UPX1:004E9AA3 loc_4E9AA3:                             ; CODE XREF: start+39�j
UPX1:004E9AA3                                         ; start+42�j
UPX1:004E9AA3                 xor     ecx, ecx
UPX1:004E9AA5                 sub     eax, 3
UPX1:004E9AA8                 jb      short loc_4E9ABB
UPX1:004E9AAA                 shl     eax, 8
UPX1:004E9AAD                 mov     al, [esi]
UPX1:004E9AAF                 inc     esi
UPX1:004E9AB0                 xor     eax, 0FFFFFFFFh
UPX1:004E9AB3                 jz      short loc_4E9B2A
UPX1:004E9AB5                 sar     eax, 1
UPX1:004E9AB7                 mov     ebp, eax
UPX1:004E9AB9                 jmp     short loc_4E9AC6
UPX1:004E9ABB ; ---------------------------------------------------------------------------
UPX1:004E9ABB
UPX1:004E9ABB loc_4E9ABB:                             ; CODE XREF: start+68�j
UPX1:004E9ABB                 add     ebx, ebx
UPX1:004E9ABD                 jnz     short loc_4E9AC6
UPX1:004E9ABF                 mov     ebx, [esi]
UPX1:004E9AC1                 sub     esi, 0FFFFFFFCh
UPX1:004E9AC4                 adc     ebx, ebx
UPX1:004E9AC6
UPX1:004E9AC6 loc_4E9AC6:                             ; CODE XREF: start+79�j
UPX1:004E9AC6                                         ; start+7D�j
UPX1:004E9AC6                 jb      short loc_4E9A94
UPX1:004E9AC8                 inc     ecx
UPX1:004E9AC9                 add     ebx, ebx
UPX1:004E9ACB                 jnz     short loc_4E9AD4
UPX1:004E9ACD                 mov     ebx, [esi]
UPX1:004E9ACF                 sub     esi, 0FFFFFFFCh
UPX1:004E9AD2                 adc     ebx, ebx
UPX1:004E9AD4
UPX1:004E9AD4 loc_4E9AD4:                             ; CODE XREF: start+8B�j
UPX1:004E9AD4                 jb      short loc_4E9A94
UPX1:004E9AD6
UPX1:004E9AD6 loc_4E9AD6:                             ; CODE XREF: start+A5�j
UPX1:004E9AD6                                         ; start+B0�j
UPX1:004E9AD6                 add     ebx, ebx
UPX1:004E9AD8                 jnz     short loc_4E9AE1
UPX1:004E9ADA                 mov     ebx, [esi]
UPX1:004E9ADC                 sub     esi, 0FFFFFFFCh
UPX1:004E9ADF                 adc     ebx, ebx
UPX1:004E9AE1
UPX1:004E9AE1 loc_4E9AE1:                             ; CODE XREF: start+98�j
UPX1:004E9AE1                 adc     ecx, ecx
UPX1:004E9AE3                 add     ebx, ebx
UPX1:004E9AE5                 jnb     short loc_4E9AD6
UPX1:004E9AE7                 jnz     short loc_4E9AF2
UPX1:004E9AE9                 mov     ebx, [esi]
UPX1:004E9AEB                 sub     esi, 0FFFFFFFCh
UPX1:004E9AEE                 adc     ebx, ebx
UPX1:004E9AF0                 jnb     short loc_4E9AD6
UPX1:004E9AF2
UPX1:004E9AF2 loc_4E9AF2:                             ; CODE XREF: start+A7�j
UPX1:004E9AF2                 add     ecx, 2
UPX1:004E9AF5
UPX1:004E9AF5 loc_4E9AF5:                             ; CODE XREF: start+61�j
UPX1:004E9AF5                 cmp     ebp, 0FFFFFB00h
UPX1:004E9AFB                 adc     ecx, 2
UPX1:004E9AFE                 lea     edx, [edi+ebp]
UPX1:004E9B01                 cmp     ebp, 0FFFFFFFCh
UPX1:004E9B04                 jbe     short loc_4E9B14
UPX1:004E9B06
UPX1:004E9B06 loc_4E9B06:                             ; CODE XREF: start+CD�j
UPX1:004E9B06                 mov     al, [edx]
UPX1:004E9B08                 inc     edx
UPX1:004E9B09                 mov     [edi], al
UPX1:004E9B0B                 inc     edi
UPX1:004E9B0C                 dec     ecx
UPX1:004E9B0D                 jnz     short loc_4E9B06
UPX1:004E9B0F                 jmp     loc_4E9A56
UPX1:004E9B14 ; ---------------------------------------------------------------------------
UPX1:004E9B14
UPX1:004E9B14 loc_4E9B14:                             ; CODE XREF: start+C4�j
UPX1:004E9B14                                         ; start+E1�j
UPX1:004E9B14                 mov     eax, [edx]
UPX1:004E9B16                 add     edx, 4
UPX1:004E9B19                 mov     [edi], eax
UPX1:004E9B1B                 add     edi, 4
UPX1:004E9B1E                 sub     ecx, 4
UPX1:004E9B21                 ja      short loc_4E9B14
UPX1:004E9B23                 add     edi, ecx
UPX1:004E9B25                 jmp     loc_4E9A56
UPX1:004E9B2A ; ---------------------------------------------------------------------------
UPX1:004E9B2A
UPX1:004E9B2A loc_4E9B2A:                             ; CODE XREF: start+73�j
UPX1:004E9B2A                 pop     esi
UPX1:004E9B2B                 mov     edi, esi
UPX1:004E9B2D                 mov     ecx, 0F1h
UPX1:004E9B32
UPX1:004E9B32 loc_4E9B32:                             ; CODE XREF: start+F9�j
UPX1:004E9B32                                         ; start+FE�j
UPX1:004E9B32                 mov     al, [edi]
UPX1:004E9B34                 inc     edi
UPX1:004E9B35                 sub     al, 0E8h
UPX1:004E9B37
UPX1:004E9B37 loc_4E9B37:                             ; CODE XREF: start+11C�j
UPX1:004E9B37                 cmp     al, 1
UPX1:004E9B39                 ja      short loc_4E9B32
UPX1:004E9B3B                 cmp     byte ptr [edi], 1
UPX1:004E9B3E                 jnz     short loc_4E9B32
UPX1:004E9B40                 mov     eax, [edi]
UPX1:004E9B42                 mov     bl, [edi+4]
UPX1:004E9B45                 shr     ax, 8
UPX1:004E9B49                 rol     eax, 10h
UPX1:004E9B4C                 xchg    al, ah
UPX1:004E9B4E                 sub     eax, edi
UPX1:004E9B50                 sub     bl, 0E8h
UPX1:004E9B53                 add     eax, esi
UPX1:004E9B55                 mov     [edi], eax
UPX1:004E9B57                 add     edi, 5
UPX1:004E9B5A                 mov     al, bl
UPX1:004E9B5C                 loop    loc_4E9B37
UPX1:004E9B5E                 lea     edi, [esi+0E7000h]
UPX1:004E9B64
UPX1:004E9B64 loc_4E9B64:                             ; CODE XREF: start+146�j
UPX1:004E9B64                 mov     eax, [edi]
UPX1:004E9B66                 or      eax, eax
UPX1:004E9B68                 jz      short loc_4E9BA6
UPX1:004E9B6A                 mov     ebx, [edi+4]
UPX1:004E9B6D                 lea     eax, [eax+esi+0EA164h]
UPX1:004E9B74                 add     ebx, esi
UPX1:004E9B76                 push    eax
UPX1:004E9B77                 add     edi, 8
UPX1:004E9B7A                 call    dword ptr [esi+0EA1C8h]
UPX1:004E9B80                 xchg    eax, ebp
UPX1:004E9B81
UPX1:004E9B81 loc_4E9B81:                             ; CODE XREF: start+15E�j
UPX1:004E9B81                 mov     al, [edi]
UPX1:004E9B83                 inc     edi
UPX1:004E9B84                 or      al, al
UPX1:004E9B86                 jz      short loc_4E9B64
UPX1:004E9B88                 mov     ecx, edi
UPX1:004E9B8A                 push    edi
UPX1:004E9B8B                 dec     eax
UPX1:004E9B8C                 repne scasb
UPX1:004E9B8E                 push    ebp
UPX1:004E9B8F                 call    dword ptr [esi+0EA1CCh]
UPX1:004E9B95                 or      eax, eax
UPX1:004E9B97                 jz      short loc_4E9BA0
UPX1:004E9B99                 mov     [ebx], eax
UPX1:004E9B9B                 add     ebx, 4
UPX1:004E9B9E                 jmp     short loc_4E9B81
UPX1:004E9BA0 ; ---------------------------------------------------------------------------
UPX1:004E9BA0
UPX1:004E9BA0 loc_4E9BA0:                             ; CODE XREF: start+157�j
UPX1:004E9BA0                 call    dword ptr [esi+0EA1DCh]
UPX1:004E9BA6
UPX1:004E9BA6 loc_4E9BA6:                             ; CODE XREF: start+128�j
UPX1:004E9BA6                 mov     ebp, [esi+0EA1D0h]
UPX1:004E9BAC                 lea     edi, [esi-1000h]
UPX1:004E9BB2                 mov     ebx, 1000h
UPX1:004E9BB7                 push    eax
UPX1:004E9BB8                 push    esp
UPX1:004E9BB9                 push    4
UPX1:004E9BBB                 push    ebx
UPX1:004E9BBC                 push    edi
UPX1:004E9BBD                 call    ebp
UPX1:004E9BBF                 lea     eax, [edi+19Fh]
UPX1:004E9BC5                 and     byte ptr [eax], 7Fh
UPX1:004E9BC8                 and     byte ptr [eax+28h], 7Fh
UPX1:004E9BCC                 pop     eax
UPX1:004E9BCD                 push    eax
UPX1:004E9BCE                 push    esp
UPX1:004E9BCF                 push    eax
UPX1:004E9BD0                 push    ebx
UPX1:004E9BD1                 push    edi
UPX1:004E9BD2                 call    ebp
UPX1:004E9BD4                 pop     eax
UPX1:004E9BD5                 popa
UPX1:004E9BD6                 lea     eax, [esp+2Ch+var_AC]
UPX1:004E9BDA
UPX1:004E9BDA loc_4E9BDA:                             ; CODE XREF: start+19E�j
UPX1:004E9BDA                 push    0
UPX1:004E9BDC                 cmp     esp, eax
UPX1:004E9BDE                 jnz     short loc_4E9BDA
UPX1:004E9BE0                 sub     esp, 0FFFFFF80h
UPX1:004E9BE3                 jmp     near ptr dword_401240
UPX1:004E9BE3 start           endp
UPX1:004E9BE3
UPX1:004E9BE3 ; ---------------------------------------------------------------------------
UPX1:004E9BE8                 dd 6 dup(0)
UPX1:004E9C00                 dd 100h dup(?)
UPX1:004E9C00 UPX1            ends
UPX1:004E9C00
UPX1:004E9C00
UPX1:004E9C00                 end start
--MaybachMan 17:37, 3 August 2010 (UTC)