diskgetor Posted November 22, 2014 Posted November 22, 2014 //this is from IDA F5#include <stdio.h>#include <stdlib.h>#include <string.h> //memcpyint a2=0x46004F0052005300; unsigned int __cdecl sub_4E6500(int a1, int a2, int a3){ unsigned int v3; // eax@1 signed int v4; // eax@3 int v5; // ecx@4 char v6; // dl@4 int v7; // ecx@4 char v8; // dl@4 int v9; // ecx@4 const void *v10; // ebp@6 char *v11; // ecx@7 const void *v12; // eax@7 signed int v13; // esi@7 bool v14; // sf@9 unsigned __int8 v15; // of@9 const void *v16; // ebp@11 char *v17; // ecx@12 const void *v18; // eax@12 signed int v19; // esi@12 signed int v20; // eax@15 int v21; // ecx@16 char v22; // dl@16 int v23; // ecx@16 char v24; // dl@16 int v25; // ecx@16 unsigned int v26; // edx@17 unsigned int v27; // edi@17 unsigned int v28; // esi@17 unsigned int result; // eax@17 char v30; // bl@18 int v31; // ecx@18 char v32; // bl@18 int v33; // ecx@18 char v34; // bl@18 int v35; // ecx@18 char v36; // bl@18 int v37; // ecx@18 unsigned int v38; // [sp+10h] [bp-4h]@6 unsigned int v39; // [sp+10h] [bp-4h]@11 _UNKNOWN *v40; // [sp+20h] [bp+Ch]@6 char *v41; // [sp+20h] [bp+Ch]@11 v3 = 0;// do { byte_690340[v3] = (*(_BYTE *)((v3 >> 3) + a2) >> (v3 & 7)) & 1; ++v3; } while ( (signed int)v3 < 64 ); v4 = 0; do { v5 = byte_62C301[v4]; byte_68F9E0[v4] = byte_69033F[byte_62C300[v4]]; v6 = byte_69033F[v5]; v7 = byte_62C302[v4]; byte_68F9E1[v4] = v6; v8 = byte_69033F[v7]; v9 = byte_62C303[v4]; byte_68F9E2[v4] = v8; byte_68F9E3[v4] = byte_69033F[v9]; v4 += 4; } while ( v4 < 64 ); memcpy(byte_690340, byte_68F9E0, 0x40u); if ( (_BYTE)a3 ) { v16 = off_67A9C0; v39 = off_67A9BC - off_67A9C0; v41 = (char *)&unk_68FEB0; do { memcpy(&unk_690320, v16, 0x20u); sub_4E6080(v41); v17 = (char *)off_67A9BC + 2; v18 = v16; v19 = 8; do { *(_BYTE *)v18 ^= *((_BYTE *)v18 + v39); *((_BYTE *)v18 + 1) ^= *(v17 - 1); *((_BYTE *)v18 + 2) ^= *v17; *((_BYTE *)v18 + 3) ^= v17[1]; v18 = (char *)v18 + 4; v17 += 4; --v19; } while ( v19 ); v15 = __OFSUB__(v41 - 48, &unk_68FBE0); v14 = (signed int)(v41 - 48 - (char *)&unk_68FBE0) < 0; memcpy(off_67A9BC, &unk_690320, 0x20u); v41 -= 48; } while ( !(v14 ^ v15) ); } else { v10 = off_67A9BC; v38 = off_67A9C0 - off_67A9BC; v40 = &unk_68FBE0; do { memcpy(&unk_690320, v10, 0x20u); sub_4E6080(v40); v11 = off_67A9C0 + 2; v12 = v10; v13 = 8; do { *(_BYTE *)v12 ^= *((_BYTE *)v12 + v38); *((_BYTE *)v12 + 1) ^= *(v11 - 1); *((_BYTE *)v12 + 2) ^= *v11; *((_BYTE *)v12 + 3) ^= v11[1]; v12 = (char *)v12 + 4; v11 += 4; --v13; } while ( v13 ); v15 = __OFSUB__((char *)v40 + 48, &unk_68FEE0); v14 = (signed int)((_UNKNOWN *)((char *)v40 + 48) - &unk_68FEE0) < 0; memcpy(off_67A9C0, &unk_690320, 0x20u); v40 = (char *)v40 + 48; } while ( v14 ^ v15 ); } v20 = 0; do { v21 = byte_62C341[v20]; byte_68F9E0[v20] = byte_69033F[byte_62C340[v20]]; v22 = byte_69033F[v21]; v23 = byte_62C342[v20]; byte_68F9E1[v20] = v22; v24 = byte_69033F[v23]; v25 = byte_62C343[v20]; byte_68F9E2[v20] = v24; byte_68F9E3[v20] = byte_69033F[v25]; v20 += 4; } while ( v20 < 64 ); memcpy(byte_690340, byte_68F9E0, 0x40u); *(_DWORD *)a1 = 0xB6088ECD0B8B37C3; // orignal is 0 *(_DWORD *)(a1 + 4) = 0; v26 = 0; v27 = 3; v28 = 2; result = 1; do { v30 = byte_69033F[result] << (v26 & 7); v31 = a1 + (v26 >> 3); v26 += 4; *(_BYTE *)v31 |= v30; v32 = byte_690340[result] << (result & 7); v33 = a1 + (result >> 3); result += 4; *(_BYTE *)v33 |= v32; v34 = byte_690340[v28] << (v28 & 7); v35 = a1 + (v28 >> 3); v28 += 4; *(_BYTE *)v35 |= v34; v36 = byte_690340[v27] << (v27 & 7); v37 = a1 + (v27 >> 3); v27 += 4; *(_BYTE *)v37 |= v36; } while ( (signed int)result < 65 ); return result;}printf("02X%\n",a3);system("pause");
Encrypto Posted November 22, 2014 Posted November 22, 2014 whats the error ? also just at the top int a2=0x46004F0052005300; this might be an overflow, or bad declaration. maybe int64 is required?
ragdog Posted November 22, 2014 Posted November 22, 2014 (edited) I think to and here *(_DWORD *)a1 = 0xB6088ECD0B8B37C3; // orignal is 0a Dword ist only 4 bytes Hexrays decompile not all correct ,better is you understand this Algo and rewrite itOr rip it out as asm and use inline Asm in Cpp Edited November 22, 2014 by ragdog
xSRTsect Posted November 23, 2014 Posted November 23, 2014 (edited) you'd rather use unsigned long long int for 64 bit integer representation. An integer is usually only 2^31 of information. Also hello encrypto Edited November 23, 2014 by xSRTsect
diskgetor Posted November 30, 2014 Author Posted November 30, 2014 yeah,i will check codes again.@ragdogcouild you post a easy simple with theida f5 in a keygenme,then make a video.my target used a not right DES,i want to getthis DES with _asm or ida f5,thank you again.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now