Last active
February 6, 2026 02:23
-
-
Save dbrant/1d1a9ba2a2a41d5ba7be50ccb3d36d6c to your computer and use it in GitHub Desktop.
Disassembly of hardware dongle code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0800:0000 1E PUSH DS // save ds, since we'll be setting it to 0 | |
| 0800:0001 33C9 XOR CX,CX // cx = 0 | |
| 0800:0003 8ED9 MOV DS,ECX // ds = 0 | |
| // Detect parallel port address (from bios data area) | |
| 0800:0005 BB0804 MOV BX,0408 | |
| 0800:0008 B104 MOV CL,04 // try up to 4 addresses | |
| 0800:000A 8B17 MOV DX,WORD PTR [BX] | |
| 0800:000C 0BD2 OR DX,DX | |
| 0800:000E 7506 JNE 0016 // if (DX != 0) break; | |
| 0800:0010 43 INC BX | |
| 0800:0011 43 INC BX | |
| 0800:0012 E2F6 LOOP 000A | |
| // parallel port not found, just return as failed. | |
| 0800:0014 1F POP DS | |
| 0800:0015 CB RETF | |
| // parallel port found... | |
| 0800:0016 1F POP DS | |
| 0800:0017 FA CLI | |
| // read data register | |
| 0800:0018 EC IN AL,DX | |
| 0800:0019 8AE0 MOV AH,AL | |
| // read status register | |
| 0800:001B 42 INC DX | |
| 0800:001C EC IN AL,DX | |
| // save data+status registers | |
| 0800:001D 50 PUSH AX | |
| 0800:001E 4A DEC DX | |
| // write to data register | |
| 0800:001F B082 MOV AL,82 | |
| 0800:0021 E84C00 CALL 0070 | |
| // wait a bit | |
| 0800:0024 B9409C MOV CX,9C40 | |
| 0800:0027 E85000 CALL 007A | |
| // write to data register | |
| 0800:002A B080 MOV AL,80 | |
| 0800:002C E84100 CALL 0070 | |
| // write to data register | |
| 0800:002F B082 MOV AL,82 | |
| 0800:0031 E83C00 CALL 0070 | |
| // wait a bit | |
| 0800:0034 B98038 MOV CX,3880 | |
| 0800:0037 E84000 CALL 007A | |
| 0800:003A 33DB XOR BX,BX // bx = 0 | |
| 0800:003C B97800 MOV CX,0078 // cx = 0x78 | |
| // LOOP: | |
| // write to data register | |
| 0800:003F B0A2 MOV AL,A2 | |
| 0800:0041 E82C00 CALL 0070 | |
| // read status register | |
| 0800:0044 42 INC DX | |
| 0800:0045 EC IN AL,DX | |
| 0800:0046 2440 AND AL,40 // if ((AL & 0x40) != 0) ... | |
| 0800:0048 7508 JNE 0052 | |
| 0800:004A 0ADB OR BL,BL // if (BL != 0) ... | |
| 0800:004C 750B JNE 0059 | |
| 0800:004E 8AD9 MOV BL,CL | |
| 0800:0050 EB07 JMP 0059 | |
| 0800:0052 80F976 CMP CL,76 // if (CL != 0x76) ... | |
| 0800:0055 7502 JNE 0059 | |
| 0800:0057 8AF9 MOV BH,CL // BH = CL | |
| // ...the only value that CL can be here is 0x76 | |
| // ...and therefore BH = 0x76 | |
| // write to data register | |
| 0800:0059 B082 MOV AL,82 | |
| 0800:005B 4A DEC DX | |
| 0800:005C E81100 CALL 0070 | |
| 0800:005F E2DE LOOP 003F | |
| // write to data register | |
| 0800:0061 B000 MOV AL,00 | |
| 0800:0063 E80A00 CALL 0070 | |
| // restore previous values of data and status registers | |
| 0800:0066 58 POP AX | |
| 0800:0067 86E0 XCHG AH,AL | |
| // write to data register | |
| 0800:0069 EE OUT DX,AL | |
| // write to status register | |
| 0800:006A 42 INC DX | |
| 0800:006B 8AC4 MOV AL,AH | |
| 0800:006D EE OUT DX,AL | |
| // return | |
| 0800:006E FB STI | |
| 0800:006F CB RETF | |
| // >>>>>>>>>>> The key seems to be the final value of the BX register. | |
| write_and_wait() { | |
| 0800:0070 EE OUT DX,AL | |
| 0800:0071 51 PUSH CX | |
| 0800:0072 B9409C MOV CX,9C40 | |
| 0800:0075 E80200 CALL 007A | |
| 0800:0078 59 POP CX | |
| 0800:0079 C3 RET | |
| } | |
| wait(?) | |
| { | |
| 0800:007A 51 PUSH CX | |
| 0800:007B B9409C MOV CX,9C40 | |
| 0800:007E 59 POP CX | |
| 0800:007F 0BC9 OR CX,CX | |
| 0800:0081 7402 JE 0085 | |
| 0800:0083 7500 JNE 0085 | |
| 0800:0085 E2F3 LOOP 007A | |
| 0800:0087 C3 RET | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment