LaptoniC
October 10th, 2003, 09:40
I have came accross interesting target.It has SMC inside.Before running "critical" functions it decrypts code blocks like below.
I have decrypted by simple program and pasted to dissambly; but I gone further and tried to make idc script.
I am not familiar with IDC scripting.I have searched the board and found some examples.Here is what I did but it didnt worked
My error I guess related to rol and ror.
Code:
loc_5A3ADE:
mov ebx, offset unk_5A3C46
mov eax, 5A7A5067h
mov ecx, 138h
loc_5A3AF0:
xor [ebx], al
ror eax, 2
dec ebx
xor eax, 0EA92B810h
add eax, 4A87A691h
xor eax, 4AF2A30Dh
add eax, 2FBAA063h
rol eax, 12h
loop loc_5A3AF0
I have decrypted by simple program and pasted to dissambly; but I gone further and tried to make idc script.
I am not familiar with IDC scripting.I have searched the board and found some examples.Here is what I did but it didnt worked
My error I guess related to rol and ror.
Code:
#include <idc.idc>
#define ROTL(x,s) ((x)<<(s) | (x)>>(32-(s)))
#define ROTR(x,s) ((x)>>(s) | (x)<<(32-(s)))
static main(void) {
auto from,i,size,Key,temp;
size=0x138;
Key=0x5A7A5067;
from =0x5A3C46;
for (i=0;i<size;i++)
{
temp = (Byte(from) ^ Key);
PatchByte(from,temp);
Key=ROTR(Key,2);
from=from-1;
Key=Key ^ 0xEA92B810;
Key=Key + 0x4A87A691;
Key=Key ^ 0x4AF2A30D;
Key=Key + 0x2FBAA063;
Key=ROTL(Key,0x12);
//Message("Decrypted %x \n",temp);
}
}