C++ 程序集解密/反转?XOR是一个问题吗?
我有一个代码函数,我试图在没有运气的情况下逆转它的效果。我最初的功能是:C++ 程序集解密/反转?XOR是一个问题吗?,c++,assembly,x86,encryption,xor,C++,Assembly,X86,Encryption,Xor,我有一个代码函数,我试图在没有运气的情况下逆转它的效果。我最初的功能是: ror al,1 // rotates the al part of the eax register (the Ekey) bitwise by 1 bit, as 1 mod 8 = 1 (al = 2D) ror al,1 // moves the rightmost bit from al (the
ror al,1 // rotates the al part of the eax register (the Ekey) bitwise by 1 bit, as 1 mod 8 = 1 (al = 2D)
ror al,1 // moves the rightmost bit from al (the end of the Ekey) and shifts everything along
ror al,1 // rotates al bitwise by 1 bit, as 1 mod 8 = 1 (al = 4B)
ror al,1 // rotates the end 8 bits of the Ekey bitwise by 1 bit, as 1 mod 8 = 1 (al = A5)
push ecx // preserves the value of the encrypted character by pushing it on the stack, the stack pointer decrements by 4 to allow this
not eax // completes the ones' complement on the Ekey, toggling the bits
mov edx,eax // copies the current value of the Ekey register and places it in edx, for holding
pop eax // restores original register value from stack
xor eax,edx // completes a bitwise exclusive or on the Ekey, with the previous value of the Ekey that was stored in edx
ror al,1 // rotates the last 8 bits of the Ekey bitwise by 1 bit, as 1 mod 8 = 1
ror al,1 // rotates al bitwise by 1 bit, as 1 mod 8 = 1
not eax // completes the ones' complement on the Ekey value, 'flipping' eax entirely
add eax,0x20 // adds the hex value of 20 (32 in base 10) to the current value in the Ekey
sub eax, 0x20
not eax
rol al, 2
not eax
xor ecx, eax
这是怎么回事。。。异或效应可以逆转吗?显而易见的顺序如下:
; inputs:
; edx: ekey
; eax: "encrypted" word
;
not eax
rol al, 1
rol al, 1
not edx
xor eax, edx
not eax
xchg eax, ecx
xor eax, ecx
rol al, 1
rol al, 1
not eax
我认为可能还可以进行更多的简化,但我必须仔细考虑以确定。我保留了原来的函数,但简化了解密:
unsigned int encrypt(unsigned int input, unsigned int key)
{
_asm
{
mov ecx, input
mov eax, key
push ecx ; preserves the value of the encrypted character by pushing it on the stack, the stack pointer decrements by 4 to allow this
not eax ; completes the ones' complement on the Ekey, toggling the bits
mov edx,eax ; copies the current value of the Ekey register and places it in edx, for holding
pop eax ; restores original register value from stack
xor eax,edx ; completes a bitwise exclusive or on the Ekey, with the previous value of the Ekey that was stored in edx
ror al,1 ; rotates the last 8 bits of the Ekey bitwise by 1 bit, as 1 mod 8 = 1
ror al,1 ; rotates al bitwise by 1 bit, as 1 mod 8 = 1
not eax ; completes the ones' complement on the Ekey value, 'flipping' eax entirely
}
}
unsigned int decrypt(unsigned int input, unsigned int key)
{
_asm
{
mov eax, input
not eax
rol al,1
rol al,1
mov edx, key
not edx
xor eax, edx
}
}
int main()
{
unsigned int data = 0xB84A35F2;
unsigned int encrypted = 0;
unsigned int decrypted = 0;
unsigned int key = 0x3DB76E8C2;
encrypted = encrypt(data, key);
decrypted = decrypt(encrypted, key);
std::cout << "Original Data: " << data << "\nEncrypted Data: " << encrypted << "\nDecrypted Data: " << decrypted << "\n";
system("PAUSE");
return 0;
}
无符号整数加密(无符号整数输入,无符号整数密钥)
{
_asm
{
mov ecx,输入
mov-eax,键
push ecx;通过将加密字符压入堆栈来保留其值,堆栈指针递减4以允许此操作
非eax;在Ekey上完成1的补码,切换位
mov edx,eax;复制Ekey寄存器的当前值并将其放入edx中,以便保存
pop eax;从堆栈恢复原始寄存器值
xor eax,edx;使用存储在edx中的Ekey的上一个值在Ekey上完成按位异或
ror al,1;将Ekey的最后8位按位旋转1位,因为1 mod 8=1
ror al,1;将al按位旋转1位,因为1模8=1
不是eax;在Ekey值上完成“1”的补码,“完全翻转”eax
}
}
无符号整数解密(无符号整数输入,无符号整数密钥)
{
_asm
{
mov-eax,输入
不是eax
罗尔·艾尔,1
罗尔·艾尔,1
mov-edx键
不是edx
xor eax,edx
}
}
int main()
{
无符号整数数据=0xB84A35F2;
无符号整数加密=0;
无符号整数解密=0;
无符号整数键=0x3DB76E8C2;
加密=加密(数据、密钥);
解密=解密(加密,密钥);
std::cout XOR的美妙之处在于,它们将自身反转:!(!false)=false:)XOR是一个简单的函数。a XOR b XOR b==a
。它会自行撤销。好吧,所以用pop而不是push,只是不需要两次这样(不是eax),或者你只需要再次使用XOR(想想就很简单)…但是对于mov,你只是简单地以另一种方式进行mov吗?尝试了多个xor和双精度not,但“not not”给出了一个错误,并且不会“a xor b xor b”损坏了b,所以b为零?谢谢,我没有提到,但原版应该是未经优化的,可以说有点冗长。不过,谢谢,我以前没有使用过xchg。我在原版问题中添加了更多内容,以显示更多代码,帮助更好地解释它,我使用ecx作为经过修改的字符,eax保留原版Ekey.谢谢谢谢你的帮助,但是需要一些澄清,我已经在我的原始加密中添加了更多的代码来澄清和帮助反转系统。@user2283597:仍然几乎完全是一个向后遍历代码的问题,并按顺序取消每个转换(例如,编辑代码中的最后一个add eax,0x20
在“解密器”中变为sub eax,0x20
(因为它是加密中的最后一个,所以它将是解密中的第一个)。谢谢,我已经用这个方法进行了解密…我编辑了我的问题以显示我的尝试…但是它没有正确解密,所以我只是想知道我把哪一步搞砸了。谢谢一个bundle。我尝试过将你的代码导入我的程序,但当我输入变量时,它会出错。我可以问一下密钥和输入是什么吗我不知道你打算如何使用你的代码。我的目的是演示如何执行反向操作-这是你要求的。作为书面函数的函数只对整数而不是字符数组进行加密和解密。传递的密钥是加密密钥(我想你叫它Ekey)。输入是要加密/解密的整数。好的,我在原始问题中添加了更多内容,以显示更多的代码,以帮助更好地解释它。当我尝试您的方法时,我得到了一个输出,但它与原始方法非常不同,此外,我想在原始函数中添加eax是Ekey,ecx是我使用的字符在解密过程中,我是否需要使用ecx?感谢您提供的大量帮助,但我也添加了我的原始加密以向您提供更多信息…@0xC000002L我看到您在类似问题上提供了帮助…解密过程中我缺少了什么吗?
unsigned int encrypt(unsigned int input, unsigned int key)
{
_asm
{
mov ecx, input
mov eax, key
push ecx ; preserves the value of the encrypted character by pushing it on the stack, the stack pointer decrements by 4 to allow this
not eax ; completes the ones' complement on the Ekey, toggling the bits
mov edx,eax ; copies the current value of the Ekey register and places it in edx, for holding
pop eax ; restores original register value from stack
xor eax,edx ; completes a bitwise exclusive or on the Ekey, with the previous value of the Ekey that was stored in edx
ror al,1 ; rotates the last 8 bits of the Ekey bitwise by 1 bit, as 1 mod 8 = 1
ror al,1 ; rotates al bitwise by 1 bit, as 1 mod 8 = 1
not eax ; completes the ones' complement on the Ekey value, 'flipping' eax entirely
}
}
unsigned int decrypt(unsigned int input, unsigned int key)
{
_asm
{
mov eax, input
not eax
rol al,1
rol al,1
mov edx, key
not edx
xor eax, edx
}
}
int main()
{
unsigned int data = 0xB84A35F2;
unsigned int encrypted = 0;
unsigned int decrypted = 0;
unsigned int key = 0x3DB76E8C2;
encrypted = encrypt(data, key);
decrypted = decrypt(encrypted, key);
std::cout << "Original Data: " << data << "\nEncrypted Data: " << encrypted << "\nDecrypted Data: " << decrypted << "\n";
system("PAUSE");
return 0;
}