Friday, August 07, 2009

nasm in Mac OS X

I was trying to compile a simple assembly program in Mac OS X (Leopard).

I was getting an error message

ld: could not find entry point "_start" (perhaps missing crt1.o) for inferred architecture i386

A simple asm program for FreeBSD and MacOS
(we have to use the stack for system call, from http://asm.sourceforge.net//howto/Assembly-HOWTO.rtf)

section     .text
global _start ;must be declared for linker (ld)

_syscall:
int 0x80 ;system call
ret

_start: ;tell linker entry point

push dword len ;message length
push dword msg ;message to write
push dword 1 ;file descriptor (stdout)
mov eax,0x4 ;system call number (sys_write)
call _syscall ;call kernel

;the alternate way to call kernel:
;push eax
;call 7:0

add esp,12 ;clean stack (3 arguments * 4)

push dword 0 ;exit code
mov eax,0x1 ;system call number (sys_exit)
call _syscall ;call kernel

;we do not return from sys_exit,
;there's no need to clean stack
section .data

msg db "Hello, world!",0xa ;our dear string
len equ $ - msg ;length of our dear string

In Mac OS X we should use format macho
nasm -f macho hello.asm

and for the linker (we need to specify the entry point)
ld -e _start -o hello hello.o



resources:
http://asm.sourceforge.net//howto/Assembly-HOWTO.rtf
http://zathras.de/angelweb/blog-intel-assembler-on-mac-os-x.htm

Saturday, April 18, 2009

recover kopete password

I was trying to recover a password from a kopeterc file.

Open the kopeterc file in a hex editor
In the password location you will find three-byte chunks: [EF][BE][XX]. The first two bytes stay most of the time same.
Just subtract each third byte from 0x1001F then you will get the character value from ASCII table.

everything was working fine as mentioned in Raphman's blog

But I had a little problem with numeric value. My combination was "EF BE XX" but before the numeric value it was "EF BF XX".

For the numeric value I have to subtract 0x40 again to get the original value.

It worked for me at last...

src: http://my.opera.com/raphman/blog/2008/02/01/kde-pasword-obfuscation?cid=7484288