Author Topic: xor encryption and reversing in C  (Read 4650 times)

karlzorn

  • Guest
xor encryption and reversing in C
« on: June 21, 2013, 07:21:31 AM »
Hi,

I have this asm code to analyze, this is 16 bit code.

I understand this is Xor operation between two buffers, one is the Xor key and the other is the data to cipher. I know that the XOR decyprion decrypt sectors of a hard drive but I cannot understand where the key comes from?

If some experts in asm could help me and give me hints, I would be extremely obliged.


Code: [Select]
arg_0= WORD ptr 4
push    bp
mov bp, sp
push    si
push    di
mov si, [bp+arg_0]
cmp WORD  ptr [si], 0
jge short loc_213D
mov dx, [si+6]
add dx, [si]
inc dx
mov di, dx
jmp short loc_2148

loc_213D:
mov ax, [si]
cwd
xor ax, dx
sub ax, dx
mov dx, ax
mov di, ax

loc_2148:
test    WORD ptr  [si+2], 40h
jnz short loc_217B
mov cx, [si+0Ah]
cmp WORD ptr  [si], 0
jge short loc_2174
jmp short loc_2162

I get this from hopper disassembler:

Code: [Select]
function EntryPoint {
if (*(int16_t *)var_12 >= 0x0) {
        asm{ cwd         };
        eax = (*esi ^ edx) - edx;
}
if (((*(esi + 0x2) & 0x40) == 0x0) && (*esi < 0x0)) {
}
return 0x0;

Rockphorr

  • Member
  • **
  • Posts: 55
Re: xor encryption and reversing in C
« Reply #1 on: June 22, 2013, 03:14:42 AM »
Reversing alien code is violation of forum rules.
Admins and moderators will alert you.

dedndave

  • Member
  • *****
  • Posts: 8823
  • Still using Abacus 2.0
    • DednDave
Re: xor encryption and reversing in C
« Reply #2 on: June 22, 2013, 05:13:01 AM »
 :biggrin:

"alien code"

Dword to Ascii routine:



notice the use of "leave" at the end - lol

Rockphorr

  • Member
  • **
  • Posts: 55
Re: xor encryption and reversing in C
« Reply #3 on: June 22, 2013, 07:46:24 AM »
:biggrin:

"alien code"



The game of the words. -- непереводимая игра слов -- lol

goofprog

  • Guest
Re: xor encryption and reversing in C
« Reply #4 on: September 15, 2013, 07:33:46 PM »
xor is fun but why not try floating point. Everyone thinks whole number variables.  I had to break out of this because floating point is precise (get it)

jj2007

  • Member
  • *****
  • Posts: 9743
  • Assembler is fun ;-)
    • MasmBasic
Re: xor encryption and reversing in C
« Reply #5 on: September 15, 2013, 08:12:46 PM »
Hi goofprog,

Interesting idea. Can you give an example? Especially for "floating point is precise" ;-)

P.S.: Welcome to the Forum :icon14: