Actions

User

User:Evilmoo/IDA Pro

From HacDC Wiki

< User:Evilmoo
Revision as of 20:07, 4 November 2008 by Evilmoo (talk | contribs) (first sector analysis)

Things you need to know going in:

Our source information comes from here: [3]

We obtain the binaries by clicking on the "DOWNLOAD" link.

The .ZIP file contents look like this:

Archive:  Alternate_Reality_The_Dungeon.zip
 Length   Method    Size  Ratio   Date   Time   CRC-32    Name
--------  ------  ------- -----   ----   ----   ------    ----
   92176  Defl:N    65207  29%  10-03-04 16:56  dc960629  Alternate Reality - The Dungeon _ disk 2 _ side B.atr
   92176  Defl:N    54159  41%  10-03-04 16:55  2afec574  Alternate Reality - The Dungeon _ disk 2 _ side A.atr
   92176  Defl:N      348 100%  10-03-04 16:11  58f056d5  Alternate Reality - The Dungeon _ character disk.atr
   92176  Defl:N    56987  38%  10-03-04 16:57  20c4fd02  Alternate Reality - The Dungeon _ disk 3 _ side A.atr
   92176  Defl:N    80533  13%  10-03-04 16:57  7c55f7c4  Alternate Reality - The Dungeon _ disk 3 _ side B.atr
   92176  Defl:N    57507  38%  10-03-04 16:54  b605610d  Alternate Reality - The Dungeon _ disk 1.atr
--------          -------  ---                            -------
  553056           314741  43%                            6 files

We will concentrate on Disk 1 to begin with, since it is the boot disk. It is an .ATR file, so we need to remove the first 16 bytes to convert it into a raw image:

$ dd if="Alternate Reality - The Dungeon _ disk 1.atr" of=ar11.img bs=16 skip=1

We only want the first sector for now, so we will continue with our dd Swiss Army knife:

$ dd if=ar11.img of=11-s001.bin bs=128 count=1

We want to look at it in hex first, so we will use hexdump:

$ hexdump -v -C 11-s001.bin
00000000  01 01 00 06 06 06 a9 40  8d 30 02 a9 06 8d 31 02  |[email protected].|
00000010  a5 14 c5 14 f0 fc ad 01  d3 09 02 8d 01 d3 a9 10  |................|
00000020  8d 0a 03 a9 00 8d c6 02  85 41 8d 04 03 a9 b0 8d  |.........A......|
00000030  05 03 20 53 e4 30 fb ad  00 06 8d ff af 4c 00 b0  |.. S.0.......L..|
00000040  70 41 40 06 9b 41 68 6f  79 20 70 69 72 61 74 65  |[email protected] pirate|
00000050  73 21 20 20 43 68 61 6e  67 65 20 74 68 65 20 66  |s!  Change the f|
00000060  69 72 73 74 20 62 79 74  65 20 69 6e 20 74 68 69  |irst byte in thi|
00000070  73 20 73 65 63 74 6f 72  20 74 6f 20 61 20 30 2e  |s sector to a 0.|