mindoverflow
11-27-2017, 10:59 AM
I'm working on this pseudocode trying to find the correct input for the expected calculated value (i'm not sure if i can call it a checksum). I can't focus enough to generate the reverse algorithm, then any kind of help is appreciated.
I may start with the value 2602618273338008543 in v20 and xor back on the random generated input but i think the end result would be too big to be xored to zero with a single byte.
PS: I commented some lines that i suppose have no effect on the computation.
Thank you.
v20 = 0i64;
// salt table
v28="a#+EJK45fe/efJWDSlesfGe03saHHFddfdq2gr%a3ß0jm2ÜcFEF!JKMÄrAfim +wqe=WD=?f3jDKefDJ§W?)JöSeAEFj_LIeJDF"; // salt table
input = new byte[32] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
for ( j = 0; j < 200; ++j )
{
v24 = (v20 + j) % 60 + 1; // 0x3c
v15 = input[7 * j % 15];
if ( v24 == 32 ) // 0x20
v15 = __PAIR__(v15, HIDWORD(v15));
if ( v24 == 31 ) // 0x1f
{
// v22 = v24 & 31; // 0x1f
// v11 = HIDWORD(v15);
// v8 = v15;
v1 = (unsigned __int64)(v15 << (v24 & 0x1F)) >> 32;
LODWORD(v15) = __PAIR__((unsigned int)v15, HIDWORD(v15)) << (v24 & 0x1F) >> 32;
HIDWORD(v15) = v1;
}
// v6 = v15;
v20 += v15;
v25 = (v20 ^ (unsigned __int64)j) % 62 + 2; // 0x3e + 2
v2 = (v20 - j) % 91; // 0x5Bui64
LODWORD(v16) = *(int *)((char *)&v28 + v2);
HIDWORD(v16) = *(int *)((char *)&v29 + v2); // &v29=&v28-4
if ( v25 & 32 ) // 0x20
v16 = __PAIR__(v16, HIDWORD(v16));
if ( v25 & 31 ) // 0x1f
{
// v21 = v25 & 31; // 0x1f
// v9 = HIDWORD(v16);
// v10 = v16;
v3 = (unsigned __int64)(v16 << (v25 & 0x1F)) >> 32;
LODWORD(v16) = __PAIR__((unsigned int)v16, HIDWORD(v16)) << (v25 & 0x1F) >> 32;
HIDWORD(v16) = v3;
}
v7 = v16;
v20 ^= v16;
}
if ( (_DWORD)v20 == -922952045 && HIDWORD(v20) == -902699940 || v20 == 2602618273338008543i64 )
v23 = 1;
}
I may start with the value 2602618273338008543 in v20 and xor back on the random generated input but i think the end result would be too big to be xored to zero with a single byte.
PS: I commented some lines that i suppose have no effect on the computation.
Thank you.
v20 = 0i64;
// salt table
v28="a#+EJK45fe/efJWDSlesfGe03saHHFddfdq2gr%a3ß0jm2ÜcFEF!JKMÄrAfim +wqe=WD=?f3jDKefDJ§W?)JöSeAEFj_LIeJDF"; // salt table
input = new byte[32] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
for ( j = 0; j < 200; ++j )
{
v24 = (v20 + j) % 60 + 1; // 0x3c
v15 = input[7 * j % 15];
if ( v24 == 32 ) // 0x20
v15 = __PAIR__(v15, HIDWORD(v15));
if ( v24 == 31 ) // 0x1f
{
// v22 = v24 & 31; // 0x1f
// v11 = HIDWORD(v15);
// v8 = v15;
v1 = (unsigned __int64)(v15 << (v24 & 0x1F)) >> 32;
LODWORD(v15) = __PAIR__((unsigned int)v15, HIDWORD(v15)) << (v24 & 0x1F) >> 32;
HIDWORD(v15) = v1;
}
// v6 = v15;
v20 += v15;
v25 = (v20 ^ (unsigned __int64)j) % 62 + 2; // 0x3e + 2
v2 = (v20 - j) % 91; // 0x5Bui64
LODWORD(v16) = *(int *)((char *)&v28 + v2);
HIDWORD(v16) = *(int *)((char *)&v29 + v2); // &v29=&v28-4
if ( v25 & 32 ) // 0x20
v16 = __PAIR__(v16, HIDWORD(v16));
if ( v25 & 31 ) // 0x1f
{
// v21 = v25 & 31; // 0x1f
// v9 = HIDWORD(v16);
// v10 = v16;
v3 = (unsigned __int64)(v16 << (v25 & 0x1F)) >> 32;
LODWORD(v16) = __PAIR__((unsigned int)v16, HIDWORD(v16)) << (v25 & 0x1F) >> 32;
HIDWORD(v16) = v3;
}
v7 = v16;
v20 ^= v16;
}
if ( (_DWORD)v20 == -922952045 && HIDWORD(v20) == -902699940 || v20 == 2602618273338008543i64 )
v23 = 1;
}