![]() | |
Further Algorithm Analysis - Lossy Shifter Friday, 29-Jan-99 20:09:59
Installment 6: Notes on the algorithms. This time I will be considering the routine which I previously called the lossy shifter. I remarked in the last comment that we could start with a final keygen, ie name 'CRONOS' and trace it back to find the encrypted form for the keyfile. It is not too difficult to trace this back through the last routine at 4011C1, if we do not run into the multiply problem. Now we want to go back through the other main encryption routine, at 401116. EternalBliss listed this in full in one of his posts, but I'll reput it in here because I want to illustrate some specific points. Here's the header: 00401116 funnyshifter proc near ; CODE XREF: sub_401000+79 p 00401116 ; sub_401000+98 p 00401116 arg1_string = dword ptr 8 00401116 arg2_string = dword ptr 0Ch 00401116 numloops = byte ptr 10h I have named the arguments to the routine. In both calls we have arg1_string=arg2_string. (Why did they use two arguments ? who knows). This routine is called twice, once with string1, although we can leave string1 as all zeroes and it has no effect. This routine does not change it. I have also renamed the variable locations - tempshift and subtractfactor (subtractfactor is the one from the keyfile, keep it as zero otherwise we're just complicating the situation. This is just another redundancy in the file). 00401116 enter 0, 0 0040111A mov esi, [ebp+arg1_string] 0040111D mov edi, [ebp+arg2_string] 00401120 loc_401120: ; CODE XREF: funnyshifter+A1 j 00401120 mov eax, [esi] 00401122 mov ds:tempshift, eax 00401127 add esi, 4 0040112A mov al, ds:subtractfactor 0040112F sub byte ptr ds:tempshift, al 00401135 sub byte ptr ds:tempshift+1, al 0040113B sub byte ptr ds:tempshift+2, al 00401141 sub byte ptr ds:tempshift+3, al 00401147 mov al, byte ptr ds:tempshift+1 0040114C mov bl, al 0040114E and al, 0Fh 00401150 mov byte ptr ds:tempshift+1, al 00401155 and bl, 0F0h 00401158 shr bl, 4 0040115B mov al, byte ptr ds:tempshift+2 00401160 mov byte ptr ds:tempshift+2, bl 00401166 mov bl, al 00401168 and al, 3 0040116A mov ds:carryshift1, al 0040116F and bl, 0FCh 00401172 shr bl, 2 00401175 mov ds:carryshift2, bl 0040117B mov al, byte ptr ds:tempshift 00401180 mov bl, byte ptr ds:tempshift+2 00401186 shl al, 2 00401189 or al, bl 0040118B mov [edi], al 0040118D inc edi 0040118E mov al, byte ptr ds:tempshift+1 00401193 mov bl, ds:carryshift2 00401199 shl al, 4 0040119C or al, bl 0040119E mov [edi], al 004011A0 inc edi 004011A1 mov al, ds:carryshift1 004011A6 mov bl, byte ptr ds:tempshift+3 004011AC shl al, 6 004011AF or al, bl 004011B1 mov [edi], al 004011B3 inc edi 004011B4 dec [ebp+numloops] 004011B7 jnz loc_401120 004011BD leave 004011BE retn 0Ch 004011BE funnyshifter endp Basically this routine is shifting bits around in a strange way. The easiest way to watch it's operation is to feed it binary strings and watch them move around in softice. Curiously there is quite a bit of loss of bits in the algorithm (first thing to notice). The second point we notice is that the second call with 5 loops actually just ends up shifting most bits to the left a few bytes (the distance increases with the distance that the bit is from the start of the string). Recall we want to reverse a particular string through this. How do we do it ? Well - first of all make sure the string isn't too long, otherwise some strange things start to happen (like it won't generate - another loss in the algorithms). Now mess with the bits. For each bit we want to reverse, try to generate that bit by going forward through the algorithm. In other words we take it a bit at a time (at first, there are some shortcuts when you start to see the pattern). We just play until we generate output bits that are the bits we want in the encrypted string we're reversing (see last installment). We then add all the bits together, and generate the keyfile from it. Another observation on the program - there are some extensive tables in the exe file, possibly for a reverse mapping of the routines like this one ? This shows how difficult it is to reverse properly and is a direct consequence of using a routine which is not one-one. Well, that's me for the moment - I'll wait to see if everyone else generates their keyfiles for their names, Cronos. Cronos |
My Shiny New Thread (Cronos) (29-Jan-99 14:40:23) |
|
Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.