DakienDX
September 16th, 2001, 05:32
Hello anybody !
New messageboard, new reversing problems...
Well, we need to register now. Why not?
I've a little problem. I want to reverse an encryption algorithm, but don't know how this should be done in this chase. I've a feeling that it's an easy one, but my mind is out of order for this algo. I've tried two days to reverse it, but without any results.
Below is the decryption loop. The first 8 bytes of the encrypted data are unencrypted. They're used as start values for the other data blocks in a kind of CBC mode. My problem is: Only 4 bytes are read, but 8 bytes are written. In reversing, I should look like this
But I don't have the old values of the memory locations.
Here's the Decryption Loop:
I would be thankfull if somebody could give me a clue.
New messageboard, new reversing problems...
Well, we need to register now. Why not?
I've a little problem. I want to reverse an encryption algorithm, but don't know how this should be done in this chase. I've a feeling that it's an easy one, but my mind is out of order for this algo. I've tried two days to reverse it, but without any results.
Below is the decryption loop. The first 8 bytes of the encrypted data are unencrypted. They're used as start values for the other data blocks in a kind of CBC mode. My problem is: Only 4 bytes are read, but 8 bytes are written. In reversing, I should look like this
Code:
Mov EAX, [ESI]
Mov EDX, [ESI+4]
Xor EAX, [ESI+4] ; I don't know the old values
Xor EAX, [ESI] ; as above
But I don't have the old values of the memory locations.
Here's the Decryption Loop:
Code:
Mov ESI, CryptedData
Mov EDI, LengthOfCryptedData
Shr EDI, 3
Crypt1:
Mov EBX, [ESI+4]
Add EBX, [32BitPassword]
Xor EBX, [ESI]
Add ESI, 8
Mov ECX, 0Eh
Crypt2:
Mov EAX, [ESI]
Mov EDX, EAX
Ror EBX, 4
Xor EAX, EBX
Add EAX, 0A235832Ch
Add EAX, ECX
Rol EAX, CL
Sub EAX, EBX
Xor EAX, [ESI]
Xor EAX, [ESI+4]
Mov [ESI+4], EDX
Mov [ESI], EAX
Dec ECX
Dec ECX
Jnl Crypt2
Dec EDI
Jne Crypt1
I would be thankfull if somebody could give me a clue.