PDA

View Full Version : Can someone help me figure out if this is standard blowfish ? (ASM)

este
January 11th, 2006, 19:28
Suject says it all. I have a routine that is using Blowfish to work over the data entered in,

I have the S-Boxes and PI numbers. The S-Boxes are standard, but the PI i noticed is xor'd a few times by a string of seemingly random numbers. I have the result of that.

So, I found the actual blowfish code, but I'm not sure if its a standard implementation or not. I have it numbered where the code does repetative things, 16 of them, only logged up to 4 so far. (taken a LONG time)

Just wondering if anyone could confirm this was non-modifed blowfish ?

Code:


100084B0	push    ebp

100084B1	mov     ebp, esp

100084B3	push    ebx				

100084B4	push    esi

100084B5	push    edi

100084B6	mov     edi, [ebp+08]			

100084B9	xor     eax, eax			

100084BB	mov     esi, 0FFh			;Sets ESI to FF

100084C0	mov     ecx, [edi]			;Loads ECX with EDI's value (check for EDI to be non clear)

100084C2	xor     ecx, dword_10048360		;XOR with 1st address of xPI

100084C8	mov     al, ch				;ECX's High to EAX's low

100084CA	mov     edx, ecx			;Copy ECX as EDX

100084CC	and     edx, esi			;Singles out first byte of xPI

100084CE	mov     [ebp+08], ecx			;Temp store 1st four of xPI in EBP+8

100084D1	mov     eax, [eax*4+100487C0]		;Loads 4 bytes (2nd byte of 1st 4 in xPI * 4) of S-Box1

100084D8	add     eax, [edx*4+100483C0]		;Adds that with (1st byte of 1st 4 in xPI * 4) of S-Box0

100084DF	xor     edx, edx			;(1) 

100084E1	mov     dl, byte ptr [ebp+08+2]		;Sets DL to 3rd byte in 1st byte of xPI

100084E4	xor     eax, [edx*4+10048BC0]		;XOR result with (3rd of 1st * 4) of S-Box2

100084EB	mov     edx, ecx			;Copy 1st 4 bytes of xPI into EDX

100084ED	shr     edx, 18h			;Shifts so that DL is 4th byte of 1st xPI

100084F0	add     eax, [edx*4+10048FC0]		;Adds result w/ (4th byte of 1st 4 in xPI * 4) of S-Box3

100084F7	mov     edx, [ebp+0C]			;<EBP+C pointed to 00124760's clear data>

100084FA	xor     eax, [edx]			;XOR result with edx's data

100084FC	xor     edx, edx			

100084FE	xor     eax, 10048364			;XOR result with 2nd 4 of xPI

10008504	mov     dl, ah				;Copy High Byte of result to DL

10008506	mov     ebx, eax			;Copy result to EBX

10008508	and     ebx, esi			;Makes EBX the low byte of result

1000850A	mov     [ebp+08], eax			;Stores result in EBX

1000850D	mov     edx, [edx*4+100487C0]		;Make EDX (High Byte of result * 4) of S-Box1

10008514	add     edx, [ebx*4+100483C0]		;Add (low byte of result * 4) of S-Box0 to EDX

1000851B	xor     ebx, ebx			;(2)

1000851D	mov     bl, byte ptr [ebp+0A]		;Make BL nibbles 5&6 of result

10008520	xor     edx, [ebx*4+10048BC0]		;XOR EDX with (5&6 of result * 4) of S-Box2

10008527	mov     ebx, eax			;Copy result to EBX

10008529	shr     ebx, 18h			;Shift 7 & 8 of result to EBX

1000852C	add     edx, [ebx*4+10048FC0]		;Add EDX with (7&8 of result * 4) of S-Box3

10008533	xor     edx, dword_10048368		;XOR with next 3rd block of xPI

10008539	xor     ecx, edx			;ECX = XOR first and 3rd blocks of xPI

1000853B	xor     edx, edx			

1000853D	mov     dl, ch				;ECX's High to EDX's low

1000853F	mov     ebx, ecx			;Copy running total to EBX

10008541	and     ebx, esi			;EBX the low byte of running total

10008543	mov     [ebp+08], ecx			;store running total in EBX for temp holding

10008546	mov     edx, [edx*4+100487C0]		;Loads 4 bytes (running total's low byte * 4) of S-Box1

1000854D	add     edx, [ebx*4+100483C0]		;Add on 4 bytes (running total's high byte * 4) of S-Box0

10008554	xor     ebx, ebx			;(3)

10008556	mov     bl, byte ptr [ebp+0A]		;Copy nibbles 5 & 6 of running total to EBX's low

10008559	xor     edx, [ebx*4+10048BC0]		;XOR EDX with (5&6 of result * 4) of S-Box2 

10008560	mov     ebx, ecx			;Copy ECX to EBX

10008562	shr     ebx, 18h			;Single out nibbles 7 & 8

10008565	add     edx, [ebx*4+10048FC0]		;Add EDX with (RT's 7&8 of result * 4) of S-Box3

1000856C	xor     edx, 1004836C			;XOR with 4th block of xPI

10008572	xor     eax, edx			;XOR running total into result

10008574	xor     edx, edx

10008576	mov     dl, ah				;High Byte of result to EDX's low

10008578	mov     ebx, eax			;Copy result to EBX

1000857A	and     ebx, esi			;EBX is low byte of result

1000857C	mov     [ebp+08], eax			;Copy result to EBP+8

1000857F	mov     edx, [edx*4+100487C0]		;Loads EDX with 4 bytes (results low byte * 4) of S-Box1

10008586	add     edx, [ebx*4+100483C0]		;Add on 4 bytes (running total's high byte * 4) of S-Box0

1000858D	xor     ebx, ebx			;(4)

1000858F	mov     bl, byte ptr [ebp+08+2]		;EBX's low is Result's 5 & 6

10008592	xor     edx, [ebx*4+10048BC0]		;XOR EDX with (5&6 of result * 4) of S-Box2

10008599	mov     ebx, eax			;Copy result to EBX

1000859B	shr     ebx, 18h			;Shift 7 & 8 of result to EBX

1000859E	add     edx, [ebx*4+10048FC0]		;Add EDX with (Result's 7&8 of result * 4) of S-Box3

100085A5	xor     edx, 10048370			;Loads 5th xPI block 

100085AB	xor     ecx, edx			;ECX may be where data has been stored

100085AD	xor     edx, edx			

100085AF	mov     dl, ch				;running total's high to EDX's low

100085B1	mov     ebx, ecx			;Copy ECX to EBX

100085B3	and     ebx, esi			;EBX the low byte of running total
LLXX
January 12th, 2006, 01:12
http://en.wikipedia.org/wiki/Blowfish_(cipher)
http://www.schneier.com/paper-blowfish-fse.html
Quote:
Data encryption occurs via a 16-round Feistel network.

Quote:
1. The P-array consists of 18 32-bit subkeys:
P1, P2,..., P18.

2. There are four 32-bit S-boxes with 256 entries each:
S1,0, S1,1,..., S1,255;
S2,0, S2,1,..,, S2,255;
S3,0, S3,1,..., S3,255;
S4,0, S4,1,..,, S4,255.

Quote:
Blowfish is a Feistel network consisting of 16 rounds. The input is a 64-bit data element, x.

Divide x into two 32-bit halves: xL, xR
For i = 1 to 16:
xL = xL XOR Pi
xR = F(xL) XOR xR
Swap xL and xR
Next i
Swap xL and xR (Undo the last swap.)
xR = xR XOR P17
xL = xL XOR P18
Recombine xL and xR
Quote:
Function F:
Divide xL into four eight-bit quarters: a, b, c, and d
F(xL) = ((S1,a + S2,b mod 232) XOR S3,c) + S4,d mod 2^32
It sure looks like it.
este
January 12th, 2006, 13:55
Thanks man!

It looks like my code portion is standard. However....

My PI is only 17 bytes. The S-Boxes and PI that I have 'start' out standard,

But then it seems that they XOR all of PI by a string, then send that into my blowfish routine, get this, to encrypt the S-Box tables and re-code PI again. Seems a little odd to me.

I guess if it was someone without scanning of all the code in the debugger I'de guess they would look at the file, see standard Blowfish tables and attempt cracking it like that, poor fools.

So, standard blowfish algorithm, non standard tables. Fair enough, didn't expect it to be too easy.
LLXX
January 13th, 2006, 03:42
Quote:
[Originally Posted by este]But then it seems that they XOR all of PI by a string, then send that into my blowfish routine, get this, to encrypt the S-Box tables and re-code PI again. Seems a little odd to me.
...read this...
Quote:
[Originally Posted by en.wikipedia.org]Blowfish's key schedule starts by initializing the P-array and S-boxes with values derived from the hexadecimal digits of pi, which contain no obvious pattern. The secret key is then XORed with the P-entries in order (cycling the key if necessary). A 64-bit all-zero block is then encrypted with the algorithm as it stands. The resultant ciphertext replaces P1 and P2. The ciphertext is then encrypted again with the new subkeys, and P3 and P4 are replaced by the new ciphertext. This continues, replacing the entire P-array and all the S-box entries.
That would be the part that generates the P array and the S boxes from the key... otherwise it wouldn't be much of an encryption without a key
este
January 14th, 2006, 01:15
Ah. Well then, you have confirmed you are much smart and a much better read then myself

Thank You!

Ok, so it appears that this blowfish routine is nothing out of the ordinary. I do have the key. Now I just need to figure out what the resultant data means.

I need to re-read my code b/c I thought for a second that the key phrase was bing xor'd in backwards, but I think I just wasn't paying attention while watching softice.

Wow.... I'm stoked, this will be my first attempt at RE and it looks like its gonna work