[Tigzy]

I can feel some *RTFM* in your response ? :D
No matter, I'm on the point to find it

[EP_X0FF]

I can feel some *RTFM* in your response ? :D
No matter, I'm on the point to find it

Yes probably :)

http://en.wikipedia.org/wiki/ROtate_Right

[Tigzy]

Well, this is done! No need to read the hundreds of pages of the intel doc :D

Sans titre 1.png (11.42 KiB) Viewed 479 times

However, no trace of ldr16 in the dump... I only got the Int 13h calls
EDIT: Error fixed, now have it!

Here's the code :

Code: Select all

int ror(unsigned int value, int places) 
{
	int x = value;
	for (int i = 0 ; i < places ; i++)
	{
		int rmb = x & 0x00000001; // right most bit (save)
		x = x >> 1; // shift on right 1 bit

		if (rmb == 1) // push the rmb on left
		{
			x = x | 0x80; // 0b10000000
		}
	}
	return x;
}

bool decryptMBR (byte* bufferIN, byte* bufferOUT, int key, int offset)
{
	//Copy first part
	memcpy(&bufferOUT[0], &bufferIN[0], offset);
	
	// decrypt second part
              int keyInit = key;
	for (int i = 0 ; i < keyInit ; i++)
	{
		// Only 8 first bits
		int count = key & 0xFF;

		// Dec key
		key--;

		// apply ror
		bufferOUT[offset] = ror(bufferIN[offset], count);
		offset++;
	}	
	
	return true;

	//seg000:001E                 mov     cx, 147h
	//seg000:0021                 mov     bp, 62Ah
	//seg000:0024
	//seg000:0024 loc_24:
	//seg000:0024                 ror     byte ptr [bp+0], cl
	//seg000:0027                 inc     bp
	//seg000:0028                 loop    loc_24
}

[Tigzy]

Fully automated :)

Sans titre 1.png (26.29 KiB) Viewed 465 times

[Dmitry Varshavsky]

Here's the code :

Code: Select all

int ror(unsigned int value, int places) 
{
	int x = value;
	for (int i = 0 ; i < places ; i++)
	{
		int rmb = x & 0x00000001; // right most bit (save)
		x = x >> 1; // shift on right 1 bit

		if (rmb == 1) // push the rmb on left
		{
			x = x | 0x80; // 0b10000000
		}
	}
	return x;
}

There is no need in this function. Just use _rotr intrinsic.

[Tigzy]

Is this an ASM function?

[rkhunter]

Is this an ASM function?

C run-time
http://msdn.microsoft.com/en-us/library ... s.80).aspx

[Tigzy]

Ok :/
Fortunately it was a basic function...

[Dmitry Varshavsky]

Ok :/
Fortunately it was a basic function...

I'd like to point to 2 things:

1. You implementation is really awful because of
a) you don't need to rotate "places" times, "places" mod 32 is plenty ;)
b) you don't need cycle to perform cyclic rotation, take a look at my implementation:

Code: Select all

unsigned int ror ( unsigned int value, unsigned int shift ) 
{
    return ( value >> ( shift % 32 ) ) | ( value << ( 32 - ( shift % 32 ) ) );
}

2. ROR is some kind of basic operations. So it's not hard to guess that it's already implemented.

If you want to have a top-end ( or at least high-end ) solution - your code also have to be at the same top or high level. That's my point.

[Tigzy]

1. You implementation is really awful because of

I don't doubt of that. This is quite new for me.

a) you don't need to rotate "places" times, "places" mod 32 is plenty

Yes. the mod 32 is implemented by design in my code. Not perfect I must admit, but functional.
Your code is better, but mine is easily understandable :D
As it works, I will not change that