flat assembler
Message board for the users of flat assembler.

Index > Main > CBC-XOR Question.

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Hello everyone! I have little problem about CBC-XORing (IIRC what is CBC.)
Here's plan what I'm trying to do but everytime I fail...
I got test string: text db "Hello",0
I'm trying to crypt it with xor like this:
Code:
lea eax,[text-1]
mov ecx,size
@@:
        mov bh,byte[eax]
        inc eax
        mov bl,byte[eax]
        xor byte[eax],bh
        mov bh,byte[eax+1]
        inc eax
        xor byte[eax],bl
        loop @b    

Anyone have idea how should I do this ? Here's method:
1) obtain [text-1] byte and xor first string with it, in our case 'H'.
2) Before XOR-ing 'H", save it to somewhere and after xoring it, 'e' should be xored with H and so on..
3) Every byte should be xored with previous ORIGINAL bytes..

I was thinking a lot about this but I don't have any ideas how to do it.. Seems simple but it's pain Very Happy Thanks ! Smile
P.S Anyway, is this CBC method ?
Post 30 Jul 2011, 03:24
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17249
Location: In your JS exploiting you and your system
revolution
Overflowz wrote:
is this CBC method ?
Well you could have just searched with google, of course. But since I am such a nice person here is a nice picture explaining how it works.

http://en.wikipedia.org/wiki/Cipher_block_chaining#Cipher-block_chaining_.28CBC.29

Moved to main
Post 30 Jul 2011, 03:38
View user's profile Send private message Visit poster's website Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
I'm not to good with algorithms, but:

you should start the loop from the second char of the string.
Code:
size = strlen(string);
string[0] = string[0] xor string[size]; xor the first with last
for(i = 1, i<=size, i++)
{    
    string[i] = string[i] xor string[i-1]; xor  2with1, 3with2,4with3....

}
    


its not tested, but it should work;
Post 30 Jul 2011, 03:47
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
revolution
I saw that Smile I'm now trying to make some code for that Smile
Enko
That should not work, because it will XOR another string with previous XORED string, not with original.. damn hard ))
P.S I don't know C.
Post 30 Jul 2011, 04:03
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
sorry, I dont have a c compiler either so I couldn't test the pseudo code and its to late for me to write assembly.

But, I made a macro that do the job

Code:
macro dbcryptstr label_name, string, length
{
     local x,y
common     
    label   label_name
  db      string
      db 0
        
    len = length 
       repeat len
          load x from label_name + len - % + 1
                load y from label_name + len - %
            x = x xor y
         store x at label_name + len - % + 1
 end repeat
  load x from label_name
      load y from label_name + length
     x = x xor y
 store x at label_name
}



dbcryptstr szMystring, '123456789', 9
dbcryptstr szMyOtherString, 'blablablalbalba, 15
    


And yes, I tested, it works.

To use it, in the place where you put
szMyString db '123456,0
you put
dbcryptstr szMyString, '123456',6 ;size is 6


To decrypt... its your job xD

The problem with C like writed algorithm is that I started from the begining and it should be at the end.
So you encrypt (in 9 length string)
9 with 8 store at 9
8 with 7 store at 8
etc... (ecx loop)

after the loop
1 with 9 ( 1 with size(string)

The first or the last character will be double xored. Depending if you put after o before the loop the 1 xor size;
Post 30 Jul 2011, 04:40
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17249
Location: In your JS exploiting you and your system
revolution
Enko: That is not CBC. Check the link I posted to see why.
Post 30 Jul 2011, 04:45
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
I have no idea how these macroses work )) I need code example Razz I'm trying to make this more than 12 hours! I haven't slept because of this Very Happy Just want to see how it would work in assembly and study on it Smile
Anyway, thanks for your time Smile
Post 30 Jul 2011, 04:54
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17249
Location: In your JS exploiting you and your system
revolution
Overflowz wrote:
I have no idea how these macroses work
I think it is about time you started to learn the macro syntax (it is not that difficult really). You will always face this problem of macros being posted, and remaining blinded to how they work is probably not the best plan.
Post 30 Jul 2011, 05:01
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Where can I start ?
Post 30 Jul 2011, 05:04
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17249
Location: In your JS exploiting you and your system
revolution
Overflowz wrote:
Where can I start ?
here
Post 30 Jul 2011, 05:06
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Thanks, I'll read that after sleep Laughing I'm still waiting for the code if anyone can handle it.
Post 30 Jul 2011, 05:16
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
well, after all, my C LIKE code wasnt incorrect XD, the diference is that it was for uncrypting the encrypted text xD.



Code:
STRSIZE equ 9

section '.data' data readable writeable 
 szPause db 'PAUSE',0
      szOrig  db '123456789',0
  szEncr  db '.........',0
  szUncr  db '.........',0              
     
    
    
section '.code' code readable executable 
start: 
     

encrypt:
        mov     ecx, STRSIZE-1 ;ecx = size of string
encloop:
        lea     esi, [szOrig + ecx]
 lea edi, [szOrig + ecx -1]
  
    mov     al, [esi]
   mov bl, [edi]
       xor al, bl
  mov [szEncr + ecx], al
      loop encloop
        mov al, [szOrig]
    lea esi, [szEncr + STRSIZE - 1]
     xor al, [esi]
       mov [szEncr], al
    
uncrypt:
    ;the same process as encrypt but inverted
   mov al, [szEncr]
    lea esi, [szEncr + STRSIZE - 1]
     xor al, [esi]
       mov [szUncr], al
    
    xor ecx, ecx
uncloop:    
    lea     esi, [szUncr + ecx]
 lea edi, [szEncr + ecx + 1]
 
    mov     al, [esi]
   mov bl, [edi]
       xor al, bl
  mov [szUncr + ecx + 1], al
  inc ecx
     cmp ecx, STRSIZE-1
  jne  uncloop

exit:
       cinvoke system, szPause
    


with this kind of encryptation, the decryptation procedure is the inverse of the encryptation.


Revolution:
I didn't read your post, here its 2 am and I'm going to sleep XD

This method do what overlowz sad, xor char with previous char. If its cbc or not, I'll check tomorrow.

After trying to uncrypt my macro encryptation I realized that it should be done reversed (and the C like example was actually the code haha) So I made this asm example with both.
Post 30 Jul 2011, 05:40
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17249
Location: In your JS exploiting you and your system
revolution
Enko: That is not even encryption, it is just an encoding. Also for a proper CBC algorithm you would require, at a minimum, an IV.
Post 30 Jul 2011, 05:46
View user's profile Send private message Visit poster's website Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
Wink
I get it, I get it.
Tomorrow I will check what the hell is CBC out of curriousity, but really, any algorithm that only involves XOR A with B is far away from good encryption.

PS: I don't think that overflowz wanted to implement a CBC, he asked if the thing he wanted to do is called CBC. Perhaps I misunderstood what he wanted, or overflowz didn't know what he wanted xD
Post 30 Jul 2011, 05:49
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Quote:
or overflowz didn't know what he wanted xD

funny Laughing I need example of that what I wrote at first post and if it's not CBC then CBC example too to compare them and see what's difference, which are best etc.. Smile
Post 30 Jul 2011, 10:36
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
first of all CBC is about blocks not just a single byte.
So what you'd want to do first is check the string for even length or else pad it with zeroes(this would mean allocating another memory for the latter string plus 4/8 bytes for key)
next, have a number passed to your macro as a key initializer, then load 4 byte blocks using lodsd and xor it with a random key that get's padded 1 block(4 bytes) before the very last 'key initializer' block(this is my own implementation) or in your case xor each block
Post 30 Jul 2011, 17:59
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
with the original previous block saved at a temporary location(IE in edx or ebx)

sorry i had to post twice because my psp cannot handle too much text.

i'll try to make a demo proggy now
Post 30 Jul 2011, 18:03
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
I know how to do it with memory things.
I mean, read data, allocate memory for writing and then xor with each byte, it's easy. I'm trying to do it with only use of registers but I fail.
Post 30 Jul 2011, 21:40
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
how can you know and fail? lol

you mean it's hard to implement?

mine is almost done as of now
Post 30 Jul 2011, 22:33
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
I've just coded what I think it is a 128-bit CBC with XOR cipher (i.e. be prepared to read a possibly wrong implementation again)
Code:
include 'win32axp.inc'

;;;; DATA

message db 'This is a test message to check the cipher implementation', 0
;message db 'Hello World! :D', 0
align 16 ; WARNING: Padding with constant pattern may leak information (not sure actually)
message.blocks = ($ - message) / 16

db 0 ; Just to make sure MessageBox stops reading memory
align 16

key     db 'LocoDelAssembly!' ; Yep, exactly 16 bytes :D
IV      db '0123456789ABCDEF' ; <- This is stupid in real life as it MUST BE random

start:
      stdcall encrypt, message, message, message.blocks, IV, key
      invoke  MessageBox, 0, message, 'Encrypted', 0

      stdcall decrypt, message, message, message.blocks, IV, key
      invoke  MessageBox, 0, message, 'Decrypted', 0

      invoke  ExitProcess, 0


; Pointers must be 16-byte aligned
proc encrypt, pDest, pSrc, count, pIV, pKey

      mov     ecx, [count]
      mov     eax, [pIV]
      mov     edx, [pKey]
      movaps  xmm0, dqword [eax]
      movaps  xmm1, dqword [edx]
      mov     edx, [pDest]
      mov     eax, [pSrc]

      add     ecx, ecx
      lea     ecx, [ecx*8]
      lea     eax, [eax + ecx - 16]
      lea     edx, [edx + ecx - 16]
      neg     ecx
      jmp     .done?

.loop:
; Xor with previous encrypted block (or IV if first iteration)
      xorps   xmm0, [eax + ecx]

; Block cipher encryption (just simple XOR with key)
      xorps   xmm0, xmm1

; Store encrypted block
      movaps  [edx + ecx], xmm0

.done?:
      add     ecx, 16
      jle      .loop

      ret
endp


; Pointers must be 16-byte aligned
proc decrypt, pDest, pSrc, count, pIV, pKey

      mov     ecx, [count]
      mov     eax, [pIV]
      mov     edx, [pKey]
      movaps  xmm2, dqword [eax]
      movaps  xmm1, dqword [edx]
      mov     edx, [pDest]
      mov     eax, [pSrc]

      add     ecx, ecx
      lea     ecx, [ecx*8]
      lea     eax, [eax + ecx - 16]
      lea     edx, [edx + ecx - 16]
      neg     ecx
      jmp     .done?

.loop:
; xmm0 = Previous encrypted block (or IV if first iteration)
; xmm2 = Current block
; Note: The the inputs of the first two steps are not like the Wikipedia's diagram just for convinience
;       (something permissible in this case thanks to the associativity property of the XOR operation)
      movaps  xmm0, xmm2
      movaps  xmm2, [eax + ecx]

; Block cipher decryption (just simple XOR with key)
      xorps   xmm0, xmm1

; Xor with previous encrypted block (or IV if first iteration)
      xorps   xmm0, xmm2

; Store encrypted block
      movaps  [edx + ecx], xmm0

.done?:
      add     ecx, 16
      jle      .loop

      ret
endp

.end start    
Note that SSE1 was used for convenience, optimization wasn't taken in mind at all.
Post 31 Jul 2011, 03:33
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.