Question

我有一个代码功能，我试图扭转没有运气的影响。我的原始功能是：

          ror al,1                      // rotates the al part of the eax register (the Ekey) bitwise by 1 bit, as 1 mod 8 = 1 (al = 2D)
      ror al,1                      // moves the rightmost bit from al (the end of the Ekey) and shifts everything along
      ror al,1                      // rotates al bitwise by 1 bit, as 1 mod 8 = 1 (al = 4B)
      ror al,1                      // rotates the end 8 bits of the Ekey bitwise by 1 bit, as 1 mod 8 = 1 (al = A5)
      push ecx                      // preserves the value of the encrypted character by pushing it on the stack, the stack pointer decrements by 4 to allow this
      not eax                       // completes the ones' complement on the Ekey, toggling the bits
      mov edx,eax                   // copies the current value of the Ekey register and places it in edx, for holding
      pop eax                       // restores original register value from stack
      xor eax,edx                   // completes a bitwise exclusive or on the Ekey, with the previous value of the Ekey that was stored in edx
      ror al,1                      // rotates the last 8 bits of the Ekey bitwise by 1 bit, as 1 mod 8 = 1
      ror al,1                      // rotates al bitwise by 1 bit, as 1 mod 8 = 1
      not eax                       // completes the ones' complement on the Ekey value, 'flipping' eax entirely
      add eax,0x20                  // adds the hex value of 20 (32 in base 10) to the current value in the Ekey

我必须仅反转上述代码的效果，而不是每条特定的行。我尝试了各种各样的事情......尝试1（这是错误的）：

      sub eax, 0x20
      not eax
      rol al, 2
      xor ecx, eax
      push eax
      mov eax, edx
      not eax
      pop ecx
      rol al, 4

我的第二次尝试如下：

      sub eax, 0x20
      not eax
      rol al, 2 
      not eax
      xor ecx, eax

这有什么问题...... xor的效果可以逆转吗？

Answer 1

明显的顺序是：

; inputs:
;     edx: ekey
;     eax: "encrypted" word
; 
not eax
rol al, 1
rol al, 1
not edx
xor eax, edx

它也让我觉得原始代码不必要地复杂。我想我会写更多这样的东西：

not eax
xchg eax, ecx
xor eax, ecx
rol al, 1
rol al, 1
not eax

我认为也可能有更多的简化，但我必须考虑到这一点。

Answer 2

我保留了你的功能，但简化了解密：

unsigned int encrypt(unsigned int input, unsigned int key)
{
    _asm
    {
        mov ecx, input
        mov eax, key
        push ecx                      ; preserves the value of the encrypted character by pushing it on the stack, the stack pointer decrements by 4 to allow this
        not eax                       ; completes the ones' complement on the Ekey, toggling the bits
        mov edx,eax                   ; copies the current value of the Ekey register and places it in edx, for holding
        pop eax                       ; restores original register value from stack
        xor eax,edx                   ; completes a bitwise exclusive or on the Ekey, with the previous value of the Ekey that was stored in edx
        ror al,1                      ; rotates the last 8 bits of the Ekey bitwise by 1 bit, as 1 mod 8 = 1
        ror al,1                      ; rotates al bitwise by 1 bit, as 1 mod 8 = 1
        not eax                       ; completes the ones' complement on the Ekey value, 'flipping' eax entirely   
    }
}

unsigned int decrypt(unsigned int input, unsigned int key)
{
    _asm
    {
        mov eax, input 
        not eax
        rol al,1
        rol al,1
        mov edx, key
        not edx
        xor eax, edx
    }
}

int main()
{
    unsigned int data = 0xB84A35F2;
    unsigned int encrypted  = 0;
    unsigned int decrypted = 0;
    unsigned int key = 0x3DB76E8C2;

    encrypted = encrypt(data, key);
    decrypted = decrypt(encrypted, key);
    std::cout << "Original Data: " << data << "\nEncrypted Data: " << encrypted << "\nDecrypted Data: " << decrypted << "\n";
    system("PAUSE");
    return 0;
}

程序集解密/反转？ XOR是一个问题吗？

2 个答案: