News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

xor encryption and reversing in C

Started by karlzorn, June 21, 2013, 07:21:31 AM

Previous topic - Next topic

karlzorn

Hi,

I have this asm code to analyze, this is 16 bit code.

I understand this is Xor operation between two buffers, one is the Xor key and the other is the data to cipher. I know that the XOR decyprion decrypt sectors of a hard drive but I cannot understand where the key comes from?

If some experts in asm could help me and give me hints, I would be extremely obliged.


arg_0= WORD ptr 4
push    bp
mov bp, sp
push    si
push    di
mov si, [bp+arg_0]
cmp WORD  ptr [si], 0
jge short loc_213D
mov dx, [si+6]
add dx, [si]
inc dx
mov di, dx
jmp short loc_2148

loc_213D:
mov ax, [si]
cwd
xor ax, dx
sub ax, dx
mov dx, ax
mov di, ax

loc_2148:
test    WORD ptr  [si+2], 40h
jnz short loc_217B
mov cx, [si+0Ah]
cmp WORD ptr  [si], 0
jge short loc_2174
jmp short loc_2162


I get this from hopper disassembler:


function EntryPoint {
if (*(int16_t *)var_12 >= 0x0) {
        asm{ cwd         };
        eax = (*esi ^ edx) - edx;
}
if (((*(esi + 0x2) & 0x40) == 0x0) && (*esi < 0x0)) {
}
return 0x0;

Rockphorr

Reversing alien code is violation of forum rules.
Admins and moderators will alert you.

dedndave

 :biggrin:

"alien code"

Dword to Ascii routine:



notice the use of "leave" at the end - lol

Rockphorr

Quote from: dedndave on June 22, 2013, 05:13:01 AM
:biggrin:

"alien code"



The game of the words. -- непереводимая игра слов -- lol

goofprog

xor is fun but why not try floating point. Everyone thinks whole number variables.  I had to break out of this because floating point is precise (get it)

jj2007

Hi goofprog,

Interesting idea. Can you give an example? Especially for "floating point is precise" ;-)

P.S.: Welcome to the Forum :icon14: