I was looking to encrypt and decrypt some text, but everything I have is 16 bit.
It doesn't have to be fancy, xor would be fine.
On a separate question. If I want to put in some extended ascii characters in a string, do I have to save
my code as Unicode to see it?
Thanks.
"If you can't be a good example, then you'll just have to serve as a horrible warning." -Catherine Aird
it really is time you started using the search button and/or google, and i think i got an idea what you're working on..
Quote from: evlncrn8 on March 29, 2006, 03:01:25 PM
it really is time you started using the search button and/or google, and i think i got an idea what you're working on..
I have been doing that for quite some time.
And, no you don't know what I'm working on.
He's... he's.... HE'S PLANNING TO TAKE OVE THE WORLD!!!! :dazzled:
Quote from: skywalker on March 29, 2006, 02:23:55 PMIt doesn't have to be fancy, xor would be fine.
You are missing out on a lot because you are most of the time trying to modify other people's work. Do a project for yourself, code it from scratch and you will appreciate the code you have a whole lot more, when you do.
If a Xor encryption is all you need, then DIY. Most beginning programmers are required to do one as a first time assignment. Doing a project like this will help you to learn and understand the process from start to finnish.
Regards, P1 :8)
Hi to all:
Mr. skywalker:
Please.
Look in: \masm32\example.
I think that I saw one.
Mr. P1:
You are a very hard moderator. That is very good. :U
But, you scare to me. :eek
Bye('_').
Harsh or not he is right tho.. I am teaching myself and ill spend anywhere from 1 to 4 hours on something before i ask for help here.. I have a couple projects i got working and i am happy with each one of them :)
Quote from: P1 on March 29, 2006, 06:59:08 PM
Quote from: skywalker on March 29, 2006, 02:23:55 PMIt doesn't have to be fancy, xor would be fine.
You are missing out on a lot because you are most of the time trying to modify other people's work. Do a project for yourself, code it from scratch and you will appreciate the code you have a whole lot more, when you do.
If a Xor encryption is all you need, then DIY. Most beginning programmers are required to do one as a first time assignment. Doing a project like this will help you to learn and understand the process from start to finnish.
Regards, P1 :8)
I have done plenty of code by myself. The real issue is your failure to admit your bad attitude.
All you're doing is alienating yourself.
Quote from: IAO on March 29, 2006, 07:45:14 PM
Hi to all:
Mr. skywalker:
Please.
Look in: \masm32\example.
I think that I saw one.
Mr. P1:
You are a very hard moderator. That is very good. :U
But, you scare to me. :eek
Bye('_').
Thanks IAO. There isn't an example of it. But thanks for not being afraid to speak the truth.
Have a good week.
Just for the record, P1: You kick some major ass :thumbu
Hi skywalker,
Here's one I wrote a long long time ago to store a password in the registry, I would not use it for that now, I use mostly TEA or BLOWFISH (or the Crypt API) these days but it's pretty much what you're looking for...
DATA SECTION
; This is a very simple pseudo-encrypted block, it is not meant to
; be secure in any way and is very easy to decrypt by anyone at all.
; It says "SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId"
; It is used in GetKey to generate an encryption key for passwords
; but I didn't want to just leave it in ansi so everyone could see.
; It requires Key# 152715150 to decrypt it
cryptdata: DB 05Ah,04Fh,0C4h,0D8h,052h,053h,0ECh,0FAh,044h,04Bh
DB 09Ah,0B6h,018h,00Fh,0AEh,0AEh,030h,039h,0F0h,0DEh
DB 02Eh,00Dh,080h,0AEh,012h,037h,0F0h,0F6h,016h,035h
DB 0ACh,0BAh,020h,039h,0E4h,0BAh,018h,037h,09Ah,0AEh
DB 020h,0D1h,0E8h,094h,022h,019h,0A2h,0B6h,014h,043h
DB 080h,070h
CODE SECTION
GetKey FRAME
LOCAL KSRegKey[256] :B
LOCAL KeyString[64] :B
LOCAL hRegKey :D
LOCAL Disposition :D
LOCAL uDataCode :D
LOCAL cbRead :D
invoke ZeroMem,OFFSET KSRegKey,256
invoke DecryptString,OFFSET cryptdata,152715150,OFFSET KSRegKey,13
invoke RegCreateKeyEx,HKEY_LOCAL_MACHINE,OFFSET KSRegKey,NULL,NULL,\
REG_OPTION_NON_VOLATILE,KEY_READ,NULL,ADDR hRegKey,ADDR Disposition
or eax,eax
jz >
xor eax,eax
dec eax
ret
:
mov D[cbRead],64
invoke RegQueryValueEx,[hRegKey],OFFSET KSRegKey+42,NULL,ADDR uDataCode,\
OFFSET KeyString,ADDR cbRead
invoke RegCloseKey,[hRegKey]
invoke GenKey,OFFSET KeyString
xor eax,eax
RET
ENDF
GenKey FRAME lpKeyString
uses edi,esi
invoke lstrlen,[lpKeyString]
mov edi,0
mov ecx,eax
mov esi,[lpKeyString]
:
push ecx
dec ecx
mov eax,[esi+ecx]
add edi,eax
pop ecx
dec ecx
or ecx,ecx
jnz <
clc
mov [dwCryptKey],edi
ret
ENDF
EncryptString FRAME lpDataString, CryptKey, lpOutString, cbdata
uses edi,esi
mov ecx,[cbdata]
mov edi,[lpOutString]
mov esi,[lpDataString]
:
push ecx
dec ecx
mov eax,[esi+ecx*4]
rol eax,6
xor eax,[CryptKey]
ror eax,5
mov [edi+ecx*4],eax
pop ecx
dec ecx
or ecx,ecx
jnz <
ret
ENDF
DecryptString FRAME lpDataString, CryptKey, lpOutString, cbdata
uses edi,esi
mov ecx,[cbdata]
mov edi,[lpOutString]
mov esi,[lpDataString]
:
push ecx
dec ecx
mov eax,[esi+ecx*4]
rol eax,5
xor eax,[CryptKey]
ror eax,6
mov [edi+ecx*4],eax
pop ecx
dec ecx
or ecx,ecx
jnz <
ret
ENDFQuoteThe real issue is your failure to admit your bad attitude.
By the way, P1 is completely right and fair in this and everywhere else I have ever encountered him. You could have easily written something like this yourself or should have been able to by now. Even though I wrote this years ago, I think it only took me about 15 minutes and that was in MASM which is much more cumbersome to use than GoAsm.
And PS, I have absolutely no interest in explaining how it works, it is far too obvious for that.
Andy,
Tread carefully here.
Quote
I have done plenty of code by myself. The real issue is your failure to admit your bad attitude.
All you're doing is alienating yourself.
Enough people are tired of your lack of willingness to do your own work when much of it is very simple stuff that you should know how to do. Giving lip to one of the moderators is not a winner here as our moderators do a lot of work to help other people who are willing to do their own work.
Quote from: donkey on March 30, 2006, 03:28:26 AM
Hi skywalker,
Here's one I wrote a long long time ago to store a password in the registry, I would not use it for that now, I use mostly TEA or BLOWFISH (or the Crypt API) these days but it's pretty much what you're looking for...
This is what I have so far.
There isn't a getkey proc in here and it's saying that I'm redefining GenKey again. Maybe one of those
is the GetKey ?
It's having a problem with ZeroMemory too.
Thanks.
;FRAME = PROC
;ENDF = ENDP you must insert the proc name before ENDP
;: = @@:
;> or >> = @F
;< or << = @B
.code
start:
GenKey PROC
LOCAL KSRegKey[256] :BYTE
LOCAL KeyString[64] :BYTE
LOCAL hRegKey :DWORD
LOCAL Disposition :DWORD
LOCAL uDataCode :DWORD
LOCAL cbRead :DWORD
invoke ZeroMemory,OFFSET KSRegKey,256 ; Was orig. ZeroMem
invoke DecryptString,OFFSET cryptdata,152715150,OFFSET KSRegKey,13
invoke RegCreateKeyEx,HKEY_LOCAL_MACHINE,OFFSET KSRegKey,NULL,NULL,\
REG_OPTION_NON_VOLATILE,KEY_READ,NULL,ADDR hRegKey,ADDR Disposition
or eax,eax
jz @F
xor eax,eax
dec eax
ret
mov D[cbRead],64
invoke RegQueryValueEx,[hRegKey],OFFSET KSRegKey+42,NULL,ADDR uDataCode,\
OFFSET KeyString,ADDR cbRead
invoke RegCloseKey,[hRegKey]
invoke GenKey,OFFSET KeyString
xor eax,eax
RET
GenKey ENDP
GenKey PROC uses EDI ESI ; lpKeyString
; uses edi,esi
LOCAL lpKeyString:DWORD
invoke lstrlen,[lpKeyString]
mov edi,0
mov ecx,eax
mov esi,[lpKeyString]
push ecx
dec ecx
mov eax,[esi+ecx]
add edi,eax
pop ecx
dec ecx
or ecx,ecx
jnz @B
clc
mov [dwCryptKey],edi
ret
ENDP
EncryptString PROC lpDataString, CryptKey, lpOutString, cbdata
uses edi,esi
mov ecx,[cbdata]
mov edi,[lpOutString]
mov esi,[lpDataString]
push ecx
dec ecx
mov eax,[esi+ecx*4]
rol eax,6
xor eax,[CryptKey]
ror eax,5
mov [edi+ecx*4],eax
pop ecx
dec ecx
or ecx,ecx
jnz @B
ret
EncryptString ENDP
DecryptString PROC lpDataString, CryptKey, lpOutString, cbdata
uses edi,esi
mov ecx,[cbdata]
mov edi,[lpOutString]
mov esi,[lpDataString]
push ecx
dec ecx
mov eax,[esi+ecx*4]
rol eax,5
xor eax,[CryptKey]
ror eax,6
mov [edi+ecx*4],eax
pop ecx
dec ecx
or ecx,ecx
jnz @B
ret
DecryptString ENDP
invoke ExitProcess,0
end start
Skywalker,
The following code assembles correctly but really doe not do what you want without some additional work.
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\advapi32.lib
GetKey PROTO
GenKey PROTO :DWORD
EncryptString PROTO :DWORD, :DWORD, :DWORD, :DWORD
DecryptString PROTO :DWORD, :DWORD, :DWORD, :DWORD
.DATA
; This is a very simple pseudo-encrypted block, it is not meant to
; be secure in any way and is very easy to decrypt by anyone at all.
; It says "SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId"
; It is used in GetKey to generate an encryption key for passwords
; but I didn't want to just leave it in ansi so everyone could see.
; It requires Key# 152715150 to decrypt it
cryptdata DB 05Ah,04Fh,0C4h,0D8h,052h,053h,0ECh,0FAh,044h,04Bh
DB 09Ah,0B6h,018h,00Fh,0AEh,0AEh,030h,039h,0F0h,0DEh
DB 02Eh,00Dh,080h,0AEh,012h,037h,0F0h,0F6h,016h,035h
DB 0ACh,0BAh,020h,039h,0E4h,0BAh,018h,037h,09Ah,0AEh
DB 020h,0D1h,0E8h,094h,022h,019h,0A2h,0B6h,014h,043h
DB 080h,070h
.CODE
start:
GetKey PROC
;--------------------------------------
LOCAL KSRegKey[256] :BYTE
LOCAL KeyString[64] :BYTE
LOCAL hRegKey :DWORD
LOCAL Disposition :DWORD
LOCAL uDataCode :DWORD
LOCAL cbRead :DWORD
;
invoke RtlZeroMemory, ADDR KSRegKey, sizeof KSRegKey
invoke DecryptString, OFFSET cryptdata, 152715150, ADDR KSRegKey, 13
invoke RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR KSRegKey, NULL, NULL,\
REG_OPTION_NON_VOLATILE, KEY_READ, NULL, ADDR hRegKey, ADDR Disposition
or eax, eax
jz @F
xor eax, eax
dec eax
ret
@@:
mov DWORD PTR [cbRead], 64
invoke RegQueryValueEx, [hRegKey], ADDR KSRegKey+42, NULL, ADDR uDataCode,\
ADDR KeyString, ADDR cbRead
invoke RegCloseKey, [hRegKey]
invoke GenKey, ADDR KeyString
xor eax, eax
RET
;--------------------------------------
GetKey ENDP
GenKey PROC uses edi esi lpKeyString:DWORD
; Don't rem out the lpKeyString in the above line
;--------------------------------------
invoke lstrlen, [lpKeyString]
mov edi, 0
mov ecx, eax
mov esi, [lpKeyString]
@@:
push ecx
dec ecx
mov eax, [esi+ecx]
add edi, eax
pop ecx
dec ecx
or ecx, ecx
jnz @B
clc
;;;; dwCryptKey in the next line is undefined
;;;; mov [dwCryptKey], edi
ret
;--------------------------------------
GenKey ENDP
EncryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD
;--------------------------------------
mov ecx, [cbdata]
mov edi, [lpOutString]
mov esi, [lpDataString]
@@:
push ecx
dec ecx
mov eax, [esi+ecx*4]
rol eax, 6
xor eax, [CryptKey]
ror eax, 5
mov [edi+ecx*4], eax
pop ecx
dec ecx
or ecx, ecx
jnz @B
ret
;--------------------------------------
EncryptString ENDP
DecryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD
;--------------------------------------
mov ecx, [cbdata]
mov edi, [lpOutString]
mov esi, [lpDataString]
@@:
push ecx
dec ecx
mov eax, [esi+ecx*4]
rol eax, 5
xor eax, [CryptKey]
ror eax, 6
mov [edi+ecx*4], eax
pop ecx
dec ecx
or ecx, ecx
jnz @B
ret
;--------------------------------------
DecryptString ENDP
END start
I have included a test project to show you that the conversion from GOASM is complete.
hth,
Paul
[attachment deleted by admin]
Quote from: PBrennick on April 01, 2006, 06:31:33 AM
Skywalker,
The following code assembles correctly but really doe not do what you want without some additional work.
I have included a test project to show you that the conversion from GOASM is complete.
hth,
Paul
Thanks, I look it over.
Andy
Quote from: PBrennick on April 01, 2006, 06:31:33 AM
Skywalker,
The following code assembles correctly but really doe not do what you want without some additional work.
hth,
Paul
I am using Ollydbg and I figured that at this point the string is decrypted
and I should be able to see the decrypted string. I don't see anything in the hex dump.
What does the 13 represent in DecryptString.
I also saw that there is no ExitProcess statement, is the prog ended some other way ?
I couldn't find RtlZeroMemory in my SDK stuff, where is it ?
Thanks.
invoke RtlZeroMemory, ADDR KSRegKey, sizeof KSRegKey
invoke DecryptString, OFFSET cryptdata, 152715150, ADDR KSRegKey, 13
int 3
MSDN: RtlZeroMemory (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/Kernel_r/hh/Kernel_r/k109_63d9f0fb-d698-4707-9018-de2fa851a94b.xml.asp)
In my February 2003 version of the PSDK, RtlZeroMemory actually links to an entry for a ZeroMemory function that is defined as the RtlZeroMemory function in Winbase.h:
#define MoveMemory RtlMoveMemory
#define CopyMemory RtlCopyMemory
#define FillMemory RtlFillMemory
#define ZeroMemory RtlZeroMemory
#define SecureZeroMemory RtlSecureZeroMemory
So you would normally expect to use ZeroMemory only from a C/C++ program. From a MASM32 program you should probably use the RtlZeroMemory function exported from kernel32.dll (prototyped in the MASM32 kernel32.inc), which (at least for the Windows 2000 version of kernel32.dll) forwards the call to ntdll.dll, as shown in the kernel32.dll exports:
00058E23 25B 604 RtlFillMemory (forwarder -> NTDLL.RtlFillMemory)
00058E45 25C 605 RtlMoveMemory (forwarder -> NTDLL.RtlMoveMemory)
00058E63 25D 606 RtlUnwind (forwarder -> NTDLL.RtlUnwind)
00058E81 25E 607 RtlZeroMemory (forwarder -> NTDLL.RtlZeroMemory)
Michael,
I agree with you. I guess I just looked for something to substitute for whatever Edgar was using which I could not find anywhere. I just wanted to give skywalker a working conversion.
Andy,
You drive me crazy to the point that I do not want to help you anymore. WHERE did I EVER say that I was giving you a working program. All I gave you was a test bed that proves the conversion will assemble. NOTHING MORE. I seriously wonder about you.
Paul
Quote from: MichaelW on April 01, 2006, 07:10:43 PM
MSDN: RtlZeroMemory (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/Kernel_r/hh/Kernel_r/k109_63d9f0fb-d698-4707-9018-de2fa851a94b.xml.asp)
In my February 2003 version of the PSDK, RtlZeroMemory actually links to an entry for a ZeroMemory function that is defined as the RtlZeroMemory function in Winbase.h:
Thanks Michael. I'll stop the questions for a while. I can hear some lassos swirling thru the air.
Andy
Andy,
It's allright, just stop driving us crazy and think. Okay? I know you can do that.
Paul
If this will drive anyone crazy, please exit now. :-)
Since I am getting my message box saying the key was sucessfully created,
where did the key go? Ollydbg isn't showing any error messages.
I don't see cryptdata being decrypted anywhere when I run this. Where is it
being stored ?
I have a learned a lot and I know that I'll get it figured out.
Thanks.
; crypt3.asm In progress..
;
mark1 db "Start" ; see where this is at and what's in here
; 52 characters
cryptdata DB 05Ah,04Fh,0C4h,0D8h,052h,053h,0ECh,0FAh,044h,04Bh
DB 09Ah,0B6h,018h,00Fh,0AEh,0AEh,030h,039h,0F0h,0DEh
DB 02Eh,00Dh,080h,0AEh,012h,037h,0F0h,0F6h,016h,035h
DB 0ACh,0BAh,020h,039h,0E4h,0BAh,018h,037h,09Ah,0AEh
DB 020h,0D1h,0E8h,094h,022h,019h,0A2h,0B6h,014h,043h
DB 080h,070h
mark2 db "End"
ValueOK db "Registry key added OK",0
Sample db "BOX",0
.CODE
start:
call GetKey
invoke ExitProcess,0
GetKey PROC
LOCAL KSRegKey[256] :BYTE
LOCAL KeyString[64] :BYTE
LOCAL hRegKey :DWORD
LOCAL Disposition :DWORD
LOCAL uDataCode :DWORD
LOCAL cbRead :DWORD
;invoke RtlSecureZeroMemory, ADDR KSRegKey, sizeof KSRegKey
invoke RtlZeroMemory, ADDR KSRegKey, sizeof KSRegKey
invoke DecryptString, OFFSET cryptdata, 152715150, ADDR KSRegKey, 13
;int 3
; Key we're trying to make
; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId
invoke RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR KSRegKey, NULL, NULL,\
REG_OPTION_NON_VOLATILE, KEY_READ, NULL, ADDR hRegKey, ADDR Disposition
.IF EAX == ERROR_SUCCESS
invoke MessageBox, 0, ADDR ValueOK, ADDR Sample,MB_ICONINFORMATION
.ENDIF
;int 3
or eax, eax
jz @F
xor eax, eax
dec eax
ret
@@:
mov DWORD PTR [cbRead], 64
; what is this doing ?
invoke RegQueryValueEx, [hRegKey], ADDR KSRegKey+42, NULL, ADDR uDataCode,\
ADDR KeyString, ADDR cbRead
invoke RegCloseKey, [hRegKey]
invoke GenKey, ADDR KeyString
;int 3
xor eax, eax
RET
GetKey ENDP
This post has been reported.
What is about to happen is his registry is about to get all messed up by this wild steer bucking through the registry. He's going to mess it up. His computer was due for a reload anyway. :dazzled: We have done a post on Backup/Restore Point, It will come to good use now. Test Everything!!! Good for code development.
I am going to ride this little doggy out, and go for the record. Yahoo :dance: Now, where did I put that Read only Key??? I need it to get out of the gate.
See translated code by Paul ( Donkey's code was in GoAsm format ), then look at what has happen to it. Try not to let the moment get to you.
Regards, P1 :P
Quote from: P1 on April 05, 2006, 07:00:23 PM
This post has been reported.
What is about to happen is his registry is about to get all messed up by this wild steer bucking through the registry. He's going to mess it up. His computer was due for a reload anyway. :dazzled: We have done a post on Backup/Restore Point, It will come to good use now. Test Everything!!! Good for code development.
I am going to ride this little doggy out, and go for the record. Yahoo :dance: Now, where did I put that Read only Key??? I need it to get out of the gate.
See translated code by Paul ( Donkey's code was in GoAsm format ), then look at what has happen to it. Try not to let the moment get to you.
Regards, P1 :P
Since EncryptString is NEVER used, I chopped it out and now I get this:
O 0 LastErr ERROR_ACCESS_DENIED (00000005)
I also found an entry in Dr. Watson showing it was trying to make the key. Is ProductId a reserved key maybe ?
:-)
Quote from: skywalker on April 05, 2006, 11:09:21 PMMy registry is armor plated, so I am not worried. :-)
Does not protect you from being branded.
Regards, P1 :8)
Quote from: P1 on April 06, 2006, 01:09:42 PM
Quote from: skywalker on April 05, 2006, 11:09:21 PMMy registry is armor plated, so I am not worried. :-)
Does not protect you from being branded.
Regards, P1 :8)
heh now that is classic, and totally true