[HELP] ASM - Tibia Sprite Reading

[Cestari]

Hello, I'm trying to break a edited sprite file. Since my asm knowledge is poor, i'm asking for help, but i'm not asking you to give me the full solution, just give some tips and answers if you can.

That's is what I have atm..

Main sprite reader block (left is original client, right edited)


Another block, the edited block in image 1 jumps here (left is original client, right edited)


original client = add 3 to EBX and go on
edited client = jumps to another edited block, mess with EAX, EBX and ECX, add 3 to EBX, jumps back to original block

What I guess, the edited block in second image was nothing to do with sprites, it's edited to act like a "pixel encryptor".

I can't figure out how those AL, BL, CL registers behave.
AL = EAX?
BL = EBX?
CL = ECX?
0A7 is a "key" combined with operations?

Note: I can open the sprite file with common tibia tools, but the colors are all messy

[Cestari]

I found some answers here: http://www.cs.virginia.edu/~evans/cs216/guides/x86.html

"For the EAX, EBX, ECX, and EDX registers, subsections may be used. For example, the least significant 2 bytes of EAX can be treated as a 16-bit register called AX. The least significant byte of AX can be used as a single 8-bit register called AL, while the most significant byte of AX can be used as a single 8-bit register called AH. These names refer to the same physical register. When a two-byte quantity is placed into DX, the update affects the value of DH, DL, and EDX. These sub-registers are mainly hold-overs from older, 16-bit versions of the instruction set. However, they are sometimes convenient when dealing with data that are smaller than 32-bits (e.g. 1-byte ASCII characters)."

The following code below almost break the "encryption", but the colors are not correctly yet

Code:

	//MOV AH,0A7	
						
	r = r ^ 0xA7; //XOR AL,AH
	g = g ^ r;    //XOR BL,AL
	???           //MOV BH,AL
	???           //ADD BH,BL
	b = b ^ g;    //XOR CL,BH

Can someone help me with a c++ example that emulate the asm operations above?

[jo3bingham]

When I get home, if I have time, I'll take a look at it. Would you mind linking me to the client and sprite file you're working with?

[Cestari]

When I get home, if I have time, I'll take a look at it. Would you mind linking me to the client and sprite file you're working with?

Thanks --------

[DarkstaR]

Just copy the code using inline assembly.

Code:

BYTE R, G, B = read from file broski;
__asm
{
  MOV AL, R    ; get R, G, and B to registers
  MOV BL, G
  MOV CL, B
  
  MOV AH, 0A7 ; setup XOR key


  XOR AL, AH   ; R = R XOR key
  XOR BL, AL   ; G = G XOR R
  MOV BH, AL   ; key2 = red
  ADD BH, BL   ; key2 += green
  XOR CL, BH   ; B = B XOR key2

  
  MOV B, CL     ; put unencrypted shit back into vars
  MOV G, BL
  MOV R, AL
}

[Cestari]

Thanks DarkstaR, but I want to open the sprite file in a C# tool without the need to use inline assembly. That way I would have to create a unmanaged dll to use with C#.

That's the way I tried with bitwise, but no success

Code:

MOV AH,0A7 // r = (r & 0x0f) | (0xA7 << 4);
XOR AL,AH  // r = (r & 0xf0) | ((r & 0xf) ^ ((r & 0xf0) >> 4));
....

Do you know how to convert it to a high level language?

Edit: If it's too complex/hard to convert, I'll use a unmanaged dll with inline assembly as you suggested, thanks

[DarkstaR]

I converted it as comments next to the assembly into high-level psuedo-code. Just use that as a guide

[Cestari]

I converted it as comments next to the assembly into high-level psuedo-code. Just use that as a guide

Doesn't work that way, they're using sub-registers.

For example, EAX = Red value, when the key is set (MOV AH, 0A7), EAX value changes.



-------------------
Edit:

Sry, you were right!

Just a few changes and I got it

Code:

var newR = r ^ 0xA7;
var newG = g ^ newR;
var k = newR + newG;
var newB = (b ^ k);
if (newB > 255) {
    newB =+ newB % 256;
}

Thanks!!

[DarkstaR]

I know what sub registers are, lol.

Glad you got it working.