... or atleast the algorithm behind it.

What im trying to do is read out the playback time of a counterstrike demo from it's header. You can record a demo of you running around fragging ppl and later play it back, good for learning from your mistakes or simply watch how other people move and aim. Or watching two top clans battle it out :)

Locating the dword containing the playback time is quite easy but turning the value found there into decimal time .. well.. i can't figure it out.

So i created a 11.90s long demo and then hexedited the field containg the playback time. Then i used the console command "listdemo" which shows some general info about the demo (among other things it shows the playback time) and this is the result:



40 3E 62 D8 = 2.97s
41 3E 62 D8 = 11.90s
42 3E 62 D8 = 47.60s
43 3E 62 D8 = 190.39s

40 3E 62 D8 = 2.97s
41 3F 62 D8 = 2.99s
42 40 62 D8 = 3.01s
43 41 62 D8 = 3.02s


Some intersting things:

190.39 / 47.60 = ~4
47.60 / 11.90 = ~4
11.90 / 2.97 = ~4

Now i wonder if any smart people on this board could figure out an algorithm that can convert the playback time into something understandable like milliseconds.... and implement it in asm.

Changing the last two bytes doesn't really make any difference in the output produced by "listdemo" so my guess is that they are not significiant enough to influence the result. They are probably rounded off.

Anyone wanna have a go at it? ;)

ZYNAPS. Please choose you titles a bit more carefully, this forum does not support cracking in ANY form. Otherwise the "furry paw" of fearless leader will come down upon you.
Posted on 2001-11-30 08:31:38 by Zynaps
Have you tried IEEE floating point numbers?

Mirno
Posted on 2001-11-30 08:35:27 by Mirno
After more examination i've found out that it is most likely a simple floating point number :)

Where can i find an asm routine to convert a 4 byte float to ascii?

Anyone?
Posted on 2001-11-30 09:29:54 by Zynaps
try the following code:



includelib msvcrt.lib
sprintf PROTO C :PTR BYTE, :PTR BYTE, :VARARG

.data
fpnum dword 0403E62D8h ;40 3E 62 D8 = 2.97s
fptemp real8 0.0
format db "%.2f",0 ;round to 2 numbers behind decimal
output db 50 dup (0)

.code
start:
fld fpnum ;load the 4 byte float (real4)
fstp fptemp ;convert it to a real8 float for sprintf

invoke sprintf, addr output, addr format, fptemp
;output now contains the string: "2.97"
..


savage
Posted on 2001-11-30 15:51:46 by savage
I'll try that

Thanks
Posted on 2001-12-01 12:46:23 by Zynaps
The word "crack" does not neccsarily mean "crack software"

You can "crack" many things without it beeing illegal in anyway, and i doubt the word "crack" will turn people into software crackers or make the goverment come after you ;)

And i needed someone to crack the algorithm, i.e. figure it out. Not to fix it because that makes no sense at all since nothing was broken. I doubt reversing algorithms by trial and error is illegal?!?

But i admit i formulated the topic to draw your attention :p

You moderators need to lighten up a bit.. :)
Posted on 2001-12-04 14:23:44 by Zynaps