#!/usr/bin/env python3
"""
Dynamic analysis tool to extract password by tracing memory/comparisons
"""
import sys

# The password is compared character by character at these offsets in the disassembly:
# 0xED0: 66 68 B8 D3 - push word at 0xD3B8
# 0xEE0: 66 68 B9 D3 - push word at 0xD3B9  
# 0xF00: 66 68 BA D3 - push word at 0xD3BA
# 0xF20: 66 68 BB D3 - push word at 0xD3BB

# But these point to error message strings, not the password itself!
# The password comparison is happening differently.

# Let me analyze the comparison pattern more carefully
binary_path = r"C:\Users\Roose\Downloads\peace.com"

with open(binary_path, 'rb') as f:
    data = f.read()

print("[*] Analyzing password comparison logic...\n")

# The pattern at 0xEC0 shows:
# 66 6A 01 66 68 B8 D3 - push 1, push address 0xD3B8
# This is calling a string comparison function

# Looking at the comparison calls:
# They're comparing input against strings at 0xD3B8, D3B9, D3BA, D3BB
# But these are single-byte comparisons or string addresses

# Let's look for the actual password string by finding single-char comparisons
print("[*] Looking for character-by-character comparison pattern...")
print()

# The password is likely stored as individual characters being compared
# Let's extract what's actually at those addresses more carefully

# Actually, looking at the code pattern:
# 66 6A 01 66 68 XX D3 00 00 - this pushes 1 and an address
# This is memcmp(input, password, 1) for each character

# So the password characters are at 0xD3B8, 0xD3B9, 0xD3BA, 0xD3BB
# But we got "oad " which doesn't make sense

# Let me check if there's a different password string
print("[*] Searching for common passwords in binary...")
passwords_to_check = [
    b'rust', b'rustinpeace', b'peace', b'megadeth', 
    b'hangar', b'archivist', b'admin', b'password',
    b'1990', b'2087', b'flag', b'cyber'
]

for pwd in passwords_to_check:
    offset = data.find(pwd)
    if offset != -1:
        print(f"  Found '{pwd.decode()}' at offset 0x{offset:X}")

print("\n[*] Manual testing required!")
print("[*] Try these passwords in DOSBox:")
print()
candidates = ['rust', 'r', 'rustinpeace', 'peace', 'megadeth', 'hangar18', 'admin']
for i, pwd in enumerate(candidates, 1):
    print(f"  {i}. {pwd}")

print("\n[*] Best guess based on theme: 'rust' (4 chars, matches Rust programming language)")