Question

可能重复：
How can I decrypt this encryption routine?

我已经参加了这个节目一个星期了，我很困惑。我尝试了一切和任何东西但我没有设法让它发挥作用。如果你能给我一些关于我的程序的帮助，我将非常感激。谢谢。

我有以下代码，我需要为它编写解密例程。

OChars = Original char -> is the word which the user types in.           
EKey = The Encryption Key (one letter)              
Length = The length of characters that the user needs to put             
EChars = Stores the Encrypted characters in so the decryption routine can use it to decrypt it.

    void encrypt_chars (int length, char EKey){
char temp_char;                 // original/encrypted char temporary store

for (int i = 0; i < length; i++){
    temp_char = OChars [i];     // get next char from original string
    __asm {                     // call the encrypt subroutine
        push   eax              // save register values on stack to be safe
        push   ecx
        movsx  ecx,temp_char    // enregister the source character
        movsx  eax,EKey         // and encryption key.
        call   encryptB         // calls the encryption subroutingencrypt the character
        mov    temp_char,al     // only need lower byte of EAX to return encrypted char
        pop    ecx              // restore original register values from stack
        pop    eax
    }
    EChars [i] = temp_char;     // Store encrypted char in the encrypted chars array
   }
     return;

encryption routine ASM          

     __asm {

encryptB: push edx          //saves register value edx on stack
          push ecx          //saves register value ecx on stack
          not  eax          //
          add  eax,0x04     //add 4 to eax register
          mov  edx,eax      //move eax to edx
          pop  eax          //brings eax back to
          xor  eax,edx      //clear values to zero
          pop  edx          //bring edx back 
          rol  al,3         //three times.
          sub  al,0x02      //subtracts 2 from al
          ret 
}               
Here ends the encryption part            
The decryption routine will start as follows             

void decrypt_chars (int length, char EKey){
  char temp_char;                       

for (int i = 0; i < length; i++){
    temp_char = EChars [i];         
    __asm {                         


     }

      DChars [i] = temp_char;           
}
 return;

decryption routine ASM

__asm {


      }

Answer 1

尝试使用键'K'加密字符'E'，并查看每个步骤的例程。然后尝试右键撤消它们旁边的每个操作。反转撤消指令集的顺序，以获取加密例程的“撤消”。

Answer 2

我建议从替换那些无用的注释开始，这些注释只是扩展了指令助记符，并描述了每一步中操作的值。类似的东西：

    push   eax              // avoid clobbering registers; just preamble
    push   ecx
    movsx  ecx,temp_char    // ecx = byte_to_encrypt
    movsx  eax,EKey         // eax = key
    ...
    push ecx                // Stack[0] = byte_to_encrypt
    ...
    pop eax                 // eax = byte_to_encrypt now...

等等。现在，当你拥有它时，应该很容易为操作提取伪代码和最终的数学公式。这应该很容易反转，而不是你只需要编码（在汇编中，如果需要的话），没有寄存器之间的所有无意义的值混洗。

Answer 3

因为f(Key)与f有一些函数的XOR，所有计算都必须撤消，除了组成f - 它们有要正常地完成。

所以，像这样:(未经测试）

; eax = EKey, cl = char
decryptB:
  add ecx, 2   // undo sub 2
  ror cl, 3    // undo rol
  not eax      // actually do not
  add eax, 4   // actually do add 4
  xor eax, ecx // undo xor
  ret

带有ASM x86加密/解密程序的C ++

3 个答案: