About | Software | Manuals | Key of Death Bypass | Replacing Images | Purchase | Contact Us | arcade-cabinets.com

Force 2011 - Extracting /tmp/dstart

To extract /tmp/dstart the program /usr/local/bin/start does the following

• opens /proc/self/exe
• seek to offset 0x187C
• Read 1 byte, verify the byte is 0x01
• While there is data left to read:
  1. Read 8 bytes, ignore the top 4 bytes
  2. Low 4 bytes is an unsigned integer (size)
  3. Read size bytes
  4. For each byte do a position based XOR

     encValue = 0
     for byte in buffer[]:
     xorValue = (encValue & 0x1F) + 
                (encValue & 0xF) + 
                 encValue % 0x14 + 0x23
     if( (encValue % 0x14) == 0 ): xorValue = 0 
     encValue += 1
     

• Write file to /tmp/dstart

© 2009-2017 arcade-cabinets.com. All rights reserved. All other products, trademarks, and copyrights are owned by their respective owners.