2

我有一个代码函数,我试图在没有运气的情况下扭转它的影响。我原来的功能是:

          ror al,1                      // rotates the al part of the eax register (the Ekey) bitwise by 1 bit, as 1 mod 8 = 1 (al = 2D)
      ror al,1                      // moves the rightmost bit from al (the end of the Ekey) and shifts everything along
      ror al,1                      // rotates al bitwise by 1 bit, as 1 mod 8 = 1 (al = 4B)
      ror al,1                      // rotates the end 8 bits of the Ekey bitwise by 1 bit, as 1 mod 8 = 1 (al = A5)
      push ecx                      // preserves the value of the encrypted character by pushing it on the stack, the stack pointer decrements by 4 to allow this
      not eax                       // completes the ones' complement on the Ekey, toggling the bits
      mov edx,eax                   // copies the current value of the Ekey register and places it in edx, for holding
      pop eax                       // restores original register value from stack
      xor eax,edx                   // completes a bitwise exclusive or on the Ekey, with the previous value of the Ekey that was stored in edx
      ror al,1                      // rotates the last 8 bits of the Ekey bitwise by 1 bit, as 1 mod 8 = 1
      ror al,1                      // rotates al bitwise by 1 bit, as 1 mod 8 = 1
      not eax                       // completes the ones' complement on the Ekey value, 'flipping' eax entirely
      add eax,0x20                  // adds the hex value of 20 (32 in base 10) to the current value in the Ekey

我必须只反转上述代码的效果,而不是每一行。我尝试了各种事情......尝试1(这是错误的):

      sub eax, 0x20
      not eax
      rol al, 2
      xor ecx, eax
      push eax
      mov eax, edx
      not eax
      pop ecx
      rol al, 4

我的第二次尝试如下:

      sub eax, 0x20
      not eax
      rol al, 2 
      not eax
      xor ecx, eax

这是怎么回事……异或的效果可以逆转吗?

4

2 回答 2

3

明显的顺序是这样的:

; inputs:
;     edx: ekey
;     eax: "encrypted" word
; 
not eax
rol al, 1
rol al, 1
not edx
xor eax, edx

在我看来,原始代码也过于复杂。我想我会写一些更像这样的东西:

not eax
xchg eax, ecx
xor eax, ecx
rol al, 1
rol al, 1
not eax

我认为更多的简化也是可能的,但我必须考虑一下才能确定。

于 2013-04-21T19:33:41.027 回答
2

我保留了您的功能,但简化了解密:

unsigned int encrypt(unsigned int input, unsigned int key)
{
    _asm
    {
        mov ecx, input
        mov eax, key
        push ecx                      ; preserves the value of the encrypted character by pushing it on the stack, the stack pointer decrements by 4 to allow this
        not eax                       ; completes the ones' complement on the Ekey, toggling the bits
        mov edx,eax                   ; copies the current value of the Ekey register and places it in edx, for holding
        pop eax                       ; restores original register value from stack
        xor eax,edx                   ; completes a bitwise exclusive or on the Ekey, with the previous value of the Ekey that was stored in edx
        ror al,1                      ; rotates the last 8 bits of the Ekey bitwise by 1 bit, as 1 mod 8 = 1
        ror al,1                      ; rotates al bitwise by 1 bit, as 1 mod 8 = 1
        not eax                       ; completes the ones' complement on the Ekey value, 'flipping' eax entirely   
    }
}

unsigned int decrypt(unsigned int input, unsigned int key)
{
    _asm
    {
        mov eax, input 
        not eax
        rol al,1
        rol al,1
        mov edx, key
        not edx
        xor eax, edx
    }
}

int main()
{
    unsigned int data = 0xB84A35F2;
    unsigned int encrypted  = 0;
    unsigned int decrypted = 0;
    unsigned int key = 0x3DB76E8C2;

    encrypted = encrypt(data, key);
    decrypted = decrypt(encrypted, key);
    std::cout << "Original Data: " << data << "\nEncrypted Data: " << encrypted << "\nDecrypted Data: " << decrypted << "\n";
    system("PAUSE");
    return 0;
}
于 2013-04-21T19:47:53.460 回答