Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > General Forum
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 11-27-2017, 10:59 AM
mindoverflow mindoverflow is offline
Member
 
Join Date: Aug 2009
Posts: 35
Default algorithm reversing

I'm working on this pseudocode trying to find the correct input for the expected calculated value (i'm not sure if i can call it a checksum). I can't focus enough to generate the reverse algorithm, then any kind of help is appreciated.

I may start with the value 2602618273338008543 in v20 and xor back on the random generated input but i think the end result would be too big to be xored to zero with a single byte.

PS: I commented some lines that i suppose have no effect on the computation.

Thank you.

Code:
    v20 = 0i64;
    // salt table
    v28="a#+EJK45fe/efJWDSlesfGe03saHHFddfdq2gr%a3ß0jm2ÜcFEF!JKMÄrAfim+wqe=WD=?f3jDKefDJ§W?)JöSeAEFj_LIeJDF"; // salt table
    input = new byte[32] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
    for ( j = 0; j < 200; ++j )
    {
      v24 = (v20 + j) % 60 + 1; // 0x3c
      v15 = input[7 * j % 15];
      if ( v24 == 32 ) // 0x20
        v15 = __PAIR__(v15, HIDWORD(v15));
      if ( v24 == 31 ) // 0x1f
      {
        // v22 = v24 & 31; // 0x1f
        // v11 = HIDWORD(v15);
        // v8 = v15;
        v1 = (unsigned __int64)(v15 << (v24 & 0x1F)) >> 32;
        LODWORD(v15) = __PAIR__((unsigned int)v15, HIDWORD(v15)) << (v24 & 0x1F) >> 32;
        HIDWORD(v15) = v1;
      }
      // v6 = v15;
      v20 += v15;
      v25 = (v20 ^ (unsigned __int64)j) % 62 + 2; // 0x3e + 2
      v2 = (v20 - j) % 91;  // 0x5Bui64
      LODWORD(v16) = *(int *)((char *)&v28 + v2);
      HIDWORD(v16) = *(int *)((char *)&v29 + v2); // &v29=&v28-4
      if ( v25 & 32 ) // 0x20
        v16 = __PAIR__(v16, HIDWORD(v16));
      if ( v25 & 31 ) // 0x1f
      {
        // v21 = v25 & 31; // 0x1f
        // v9 = HIDWORD(v16);
        // v10 = v16;
        v3 = (unsigned __int64)(v16 << (v25 & 0x1F)) >> 32;
        LODWORD(v16) = __PAIR__((unsigned int)v16, HIDWORD(v16)) << (v25 & 0x1F) >> 32;
        HIDWORD(v16) = v3;
      }
      v7 = v16;
      v20 ^= v16;
    }
    if ( (_DWORD)v20 == -922952045 && HIDWORD(v20) == -902699940 || v20 == 2602618273338008543i64 )
      v23 = 1;
  }
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.