The MASM Forum Archive 2004 to 2012

this will encrypt a text file (*.txt)

WriteEncryptedFile Proc lpSourceFile:DWord, lpDestinationFile:DWord
Local hDestFile:DWord
Local fl:DWord
Local bRead:DWord
Local hmem$:DWord ;source memory handle
Invoke CreateFile, lpSourceFile, GENERIC_READ, 0, NULL, OPEN_EXISTING, NULL, NULL
Mov hFile, Eax
Invoke GetFileSize, hFile, NULL
Mov fl, Eax
stralloc fl
Mov hmem$, Eax ;source file memory
Invoke ReadFile, hFile, hmem$, fl, Addr bRead, NULL ;read file into buffer
Invoke CloseHandle, hFile
Invoke RolData, hmem$, fl, SADD("This is the key"), 16 ;encrypt data
Invoke write_disk_file, lpDestinationFile, hmem$, fl
strfree hmem$
Ret
WriteEncryptedFile EndP




this will decrypt a text file (*.txt). and show the result on hEdit1

ReadEncryptedFile Proc lpSourceFile:DWord, hControl:DWord
Local fl:DWord
Local bRead:DWord
Local hmem$:DWord ;source memory handle
Invoke CreateFile, lpSourceFile, GENERIC_READ, 0, NULL, OPEN_EXISTING, NULL, NULL
Mov hFile, Eax
Invoke GetFileSize, hFile, NULL
Mov fl, Eax
stralloc fl
Mov hmem$, Eax ;source file memory
Invoke ReadFile, hFile, hmem$, fl, Addr bRead, NULL ;read file into buffer
Invoke CloseHandle, hFile
Invoke RorData, hmem$, fl, SADD("This is the key"), 16 ;encrypt data
invoke SetWindowText,hEdit1,hmem$
strfree hmem$
Ret
ReadEncryptedFile EndP



how to know if a text' file(*.txt) had decrypted or not?
so, ReadEncryptedFile proc will only works if the text' file had encrypted.
and WriteEncryptedFile proc will only works if the text' file not encrypted yet.

thank you

Quote
how to know if a text' file(*.txt) had decrypted or not?

typically you write a header or a footer in the file with your own struct and tags, so you can easily identify if it
is encrypted or not

Also, your algo might (probably will) fail on large files (4gb+ though smaller might also cause the problem as windows
may not be able to allocate the memory block in a contigious chunk.. so using a buffer might be a better idea
or memory mapped files...

I came across your post an I remembered  Yoda's Crypter v1.3

here is the source page :

http://www.programmersheaven.com/download/35321/ZipFileList.aspx

you can see the asm here:

http://www.programmersheaven.com/download/35321/31/ZipView.aspx

I believe that Yoda's Crypter v1.3  checks to see if a file was encrypted first

Both of the rotate algos that Elmo used as well as the Xor version in the library can be used on block data as they have a 1 to 1 character relationship. If the data you are encrypting actually matters in security terms you need to use a pad the size or larger than the source that is an encryption standard unique random pad. Short pads of plain text will do simple tasks but can be reasonably easily broken with enough computer grunt.

If the pad is genuinely high quality random the encryption is effectively impossible to break. It is virtuous to use 2 algos, one to mess up the byte order, the second to modify against a random pad.


    encrypt1 etc ....
    rotate_or_xor

    rotate_or_xor
    decrypt1 etc ....


The virtue of the technique is there is no indicator, no header and no verification that it has succeeded or not, you either get it right or you get garbage out the other end.

Attached is a masm toy to create random pads that will bring tears to the eyes of your local KGB, MI5, CIA, MOSSAD operative.

Quote from: elmo on May 09, 2011, 09:26:47 AM

how to know if a text' file(*.txt) had decrypted or not?
so, ReadEncryptedFile proc will only works if the text' file had encrypted.
and WriteEncryptedFile proc will only works if the text' file not encrypted yet.

thank you

I started a few projects on CRC this has to do with PE checksum ETC...

and I remembered your post....

I believe you need to do a "Invoke MapFileAndCheckSum, FileName, addr dwHeader, addr dwCheckSum "

It basically compares the PE Image header at the PE Compilation to the state now!


Here is a little assembly that I found (I have a few more at home):


.386
.model flat, stdcall
option casemap :none   ; case sensitive

; ###############################

include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\imagehlp.inc

includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\imagehlp.lib

; ################################

GetFileName PROTO :DWORD
GetCheckSum PROTO :DWORD

.data

PECheckSum dd 0
szFailed db "CheckSums did NOT match, file has been modified!", 0
szSuccess db "CheckSums MATCH, continue!", 0
szBuffer db 256h dup(0)

.code

start:

push 0
call GetModuleHandle
mov edx, eax                      ;00400000
mov ecx, [edx+3Ch]            ;Offset to PE signature
add ecx, edx                  ;ecx=PE Header
add ecx, 58h                  ;ecx=CheckSum
mov eax, dword ptr [ecx]
mov PECheckSum, eax               ;save contents to PECheckSum

Invoke GetModuleFileName, 0, ADDR szBuffer, 256h
Invoke GetCheckSum, ADDR szBuffer
cmp eax, [PECheckSum]             ;does PECheckSum = Our Generated CheckSum
jne @notequal

Invoke MessageBox, 0, ADDR szSuccess, 0, MB_OK
Invoke ExitProcess, 0

@notequal:
Invoke MessageBox, 0, ADDR szFailed, 0, MB_OK
invoke ExitProcess, 0

GetCheckSum PROC FileName:DWORD
.data
  dwHeader dd 0
  dwCheckSum dd 0
.code
  Invoke MapFileAndCheckSum, FileName, addr dwHeader, addr dwCheckSum
  cmp eax, CHECKSUM_SUCCESS
  jne @error
  mov eax, [dwCheckSum]
  ret
@error:
  mov eax, 0
  ret
GetCheckSum EndP

end start


P.S

you need "imagehlp.inc" and  "imagehlp.lib"  that is found in MASMv9 but not 10

This is a little shorter.


; checksum.asm Good way to detect tampering of files
;              REQUIRES imagehlp.inc AND OLD_imagehlp.lib
;             link ..../RELEASE -> Sets the Checksum in the .exe header
.686                                     
.model flat, stdcall                     
option casemap :none                     

include \masm32\include\windows.inc   
include \masm32\include\masm32.inc     

include \masm32\include\gdi32.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\Comctl32.inc
include \masm32\include\comdlg32.inc
include \masm32\include\shell32.inc
include \masm32\include\oleaut32.inc
include \masm32\include\ole32.inc
include \masm32\include\msvcrt.inc
include \masm32\include\imagehlp.inc

include \masm32\include\dialogs.inc   
include \masm32\macros\macros.asm     

includelib \masm32\lib\masm32.lib     

includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\Comctl32.lib
includelib \masm32\lib\comdlg32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\oleaut32.lib
includelib \masm32\lib\ole32.lib
includelib \masm32\lib\msvcrt.lib
includelib \masm32\lib\OLD_imagehlp.lib

.CONST

.DATA

.DATA

FileName       db   "C:\masm32\SOURCE\checksum.exe",0
AppName        db   "SiegeWorks 2011",0
FileChanged    db   "File has been altered.",0      ; file has not been altered.
File_OK        db   "File has not been altered.",0
Open_Failure   db   "File could not be opened.",0
                   
.data?

HeaderSum      dd  ?
CheckSum       dd  ?  ; Checksum value of file -- HeaderSum and CheckSum will be equal if
                      ; program has not been changed

.CODE

start:
                                   ; Do a checksum of our file
invoke MapFileAndCheckSumA, ADDR FileName,ADDR HeaderSum,ADDR CheckSum

.if eax == CHECKSUM_OPEN_FAILURE

invoke  MessageBox,NULL,addr Open_Failure, addr AppName,MB_OK
invoke ExitProcess,0

.endif

mov eax, CheckSum    ; move value to EAX
mov ebx, HeaderSum
cmp eax,ebx
jne finish

invoke  MessageBox, NULL, addr File_OK, addr AppName,MB_OK
invoke ExitProcess,0

finish:
invoke  MessageBox, NULL, addr FileChanged, addr AppName,MB_OK

invoke ExitProcess,0

end start