News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Home-Made XOR Cipher Problem

Started by DeadlyVermilion, April 30, 2011, 04:28:00 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

DeadlyVermilion

April 30, 2011, 04:28:00 PM
Well, I am having a problem with my XOR Routine that I created. I was wondering if anyone here is kind enough to help me out and tell me what I am doing wrong. Here is the code.

Code Select
BasicXor proc pFileData:DWORD, dwFileSize:DWORD, pKeyPointer:DWORD, dwKeySize: DWORD
PUSHAD

            MOV EAX, pFileData
            MOV ECX, dwFileSize
            MOV EBX, pKeyPointer
            XOR ESI, ESI

@XORLoop:
            MOV BL, BYTE PTR[EBX]
            XOR BYTE PTR[EAX], BL
            INC EAX
            INC EBX
            INC ESI

            CMP ESI, dwKeySize
            JNE @Continue
            MOV EBX, pKeyPointer
            XOR ESI, ESI
@Continue:
            LOOP @XORLoop
POPAD
      RET
BasicXor endp

After debugging in OllyDbg I see that some of the characters are decrypted properly when I decrypt the code I have recently encrypted but not all of them. Do you know how I could fix this?
Works correctly with small strings. But then when I try with large files that are 2kb of size seems to make different decrypted code as the original.

drizz

#1
April 30, 2011, 04:37:15 PM
Code Select
            MOV BL, BYTE PTR[EBX]
            XOR BYTE PTR[EAX], BL
You overwrite lowest byte of EBX with the MOV. BL is a part of EBX  http://www.sandpile.org/ia32/reg.htm
Replace BL with DL.



The truth cannot be learned ... it can only be recognized.

DeadlyVermilion

#2
April 30, 2011, 04:47:53 PM
Thank you :) I have now got it working. Quicker response than I thought I would get :)

dedndave

#3
April 30, 2011, 04:48:10 PM
Code Select
       MOV BL, BYTE PTR[EBX]

oops - EBX is trashed   :P

Code Select
BasicXor PROC   pFileData:DWORD,dwFileSize:DWORD,pKeyPointer:DWORD,dwKeySize:DWORD

        PUSHAD
        MOV     ECX,dwFileSize
        MOV     EAX,pFileData
        INC     ECX
        JMP SHORT bXor01

bXor00: MOV     DL,[EBX]
        XOR     [EAX],DL
        INC     EBX
        INC     EAX
        DEC     ESI
        JNZ     bXor02

bXor01: MOV     EBX,pKeyPointer
        MOV     ESI,dwKeySize

bXor02: DEC     ECX
        JNZ     bXor00

        POPAD
        RET

BasicXor ENDP

lemme guess - yahoo messenger archive decoder ?   :P

mineiro

#4
April 30, 2011, 09:38:31 PM
If I remember well, old .ng files uses this one.

dedndave

#5
April 30, 2011, 11:25:47 PM
it would work for YM message archives, too
the key would be the user ID   :P

good thing it isn't top secret info - lol
Print
Go Up Pages1
User actions