flat assembler
Message board for the users of flat assembler.

Index > Windows > Problem with SHA-1 CODE

Author
Thread Post new topic Reply to topic
plaster90



Joined: 03 Jun 2014
Posts: 17
plaster90
Hello

I've got problem with code below:
It doesn't give me correct hash sha-1 from 'tekst' Sad

Does anyone see the problem witch this code?
Please help

Code:
format PE GUI 4.0
entry start

include 'include\win32a.inc'
section '.data' data readable writeable

h0              dd ?
h1              dd ?
h2              dd ?
h3              dd ?
h4              dd ?
a               dd ?
b               dd ?
c               dd ?
d               dd ?
e               dd ?
f               dd ?
k               dd ?
tmp             dd ?
w               rd 80
message         rb 128
msgsize         dd ?
ile_0           dd ?
buff            rb 500h
mask            db '%.8x%.8x%.8x%.8x%.8x',0

section '.code' code readable executable

start:
        ;wiadomo[
            mov ecx,0
            mov [message],0
            @1:
            mov byte [message+ecx],'t'
            inc ecx
            mov byte [message+ecx],'e'
            inc ecx
            mov byte [message+ecx],'k'
            inc ecx
            mov byte [message+ecx],'s'
            inc ecx
            mov byte [message+ecx],'t'
        ;Na koDcu wiadomo[ci doda bit o warto[ci 1.
            mov [msgsize],ecx
            xor eax,eax
            mov al,80h
            mov byte [message+ecx+1],al
        ;Dopisa na koDcu tyle zer,
        ;aby dBugo[ wiadomo[ci modulo 512 wynosiB 448
            mov eax,56
            mov ecx,[msgsize]
            sub eax,ecx
            inc ecx
            @02:
            mov byte [message+ecx+1],0
            inc ecx
            cmp ecx,eax
            jne @02
        ;Dopisa na koDcu wiadomo[ci 64-bitow liczb
        ;oznaczajc dBugo[ pierwotnej wiadomo[ci
            ;mov dword[message+56],0
            mov ecx,[msgsize]
            shl ecx,3
            mov dword[message+60],ecx
         ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
         ;;;;;   GBówne dziaBania     ;;;;;
         ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
         ;Na pocztku inicjujemy 5 zmiennych
            mov [h0],0x67452310
            mov [h1],0xEFCDAB89
            mov [h2],0x98BADCFE
            mov [h3],0x10325476
            mov [h4],0xC3D2E1F0
         ;Dzielimy blok na szesna[cie 32-bitowych sBów
         ;i zapisujemy je do w[0], w[1], ..., w[15]
            xor ecx,ecx
            mov esi,0
            @04:
            mov eax,dword[message+ecx]
            mov dword[w+esi],eax
            add ecx,4
            add esi,1
            cmp esi,15
            jna @04
         ;Rozszerzamy ilo[ sBów z 16 do 80,
         ;wykonujc dziaBanie dla ka|dego 15 < i < 80:
         ;w[i] = rol((w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16]), 1);
            mov esi,16
            @w1:
            push esi
            mov eax,dword[w+esi-3]
            mov ebx,dword[w+esi-8]
            xor eax,ebx
            mov ecx,dword[w+esi-14]
            mov edx,dword[w+esi-16]
            xor ecx,edx
            xor eax,ecx
            rol eax,1
            pop esi
            mov dword[w+esi],eax
            add esi,1

            cmp esi,80
            jb @w1
          ;Tworzymy zmienne a,  b,  c,  d,  e
          ;o warto[ciach    h0, h1, h2, h3, h4
            mov eax,dword[h0]
            mov dword[a],eax
            mov eax,dword[h1]
            mov dword[b],eax
            mov eax,dword[h2]
            mov dword[c],eax
            mov eax,dword[h3]
            mov dword[d],eax
            mov eax,dword[h4]
            mov dword[e],eax
          ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
          ;;;;;GBówna ptla (dla ka|dego 0 <= i <= 79);;;;;
          ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
          xor ecx,ecx
          @loop:
            cmp ecx,20
            jb @05
            cmp ecx,40
            jb @06
            cmp ecx,60
            jb @07
            cmp ecx,80
            jb @08
            jmp koniec
          ;Je|eli 0 <= i <= 19:
          ;f = (b & c) | ((~b) & d);
          ;k = 0x5A827999;
          @05:
            push ecx
            mov eax,[b]
            mov ebx,[c]
            and eax,ebx
            mov ebx,[b]
            not ebx
            mov ecx,[d]
            and ebx,ecx
            or eax,ebx
            mov [k],0x5A827999
            jmp @09
          ;Je|eli 20 <= i <= 39:
          ;f = b ^ c ^ d;
          ;k = 0x6ED9EBA1;
          @06:
            push ecx
            mov eax,[b]
            mov ebx,[c]
            mov ecx,[d]
            xor eax,ebx
            xor eax,ecx
            mov [k],0x6ED9EBA1
            jmp @09
          ;Je|eli 40 <= i <= 59:
          ;f = (b & c) | (b & d) | (c & d);
          ;k = 0x8F1BBCDC;
          @07:
            push ecx
            mov eax,[b]
            mov ebx,[c]
            and eax,ebx
            mov ebx,[b]
            mov ecx,[d]
            and ebx,ecx
            mov ecx,[c]
            mov edx,[d]
            and ecx,edx
            or eax,ebx
            or eax,ecx
            mov [k],0x8F1BBCDC
            jmp @09

          ;Je|eli 60 <= i <= 79:
          ;f = b ^ c ^ d;
          ;k = 0xCA62C1D6;
          @08:
            push ecx
            mov eax,[b]
            mov ebx,[c]
            mov ecx,[d]
            xor eax,ebx
            xor eax,ecx
            mov [k],0xCA62C1D6
            jmp @09
          @09:
          ;Nastpnie:
          ;tmp = rol(a, 5) + e + f + k + w[i];
            pop ecx

            mov eax,[a]
            rol eax,5
            add eax,[e]
            add eax,[f]
            add eax,[k]
            add eax,[w+ecx]
            push ecx
            mov dword[tmp],eax
          ;e = d;
          ;d = c;
          ;c = rol(b, 30);
          ;b = a;
          ;a = tmp;
            mov eax,dword[d]
            mov dword[e],eax
            mov eax,dword[c]
            mov dword[d],eax
            mov eax,dword[b]
            rol eax,30
            mov dword[c],eax
            mov eax,dword[a]
            mov dword[b],eax
            mov eax,dword[tmp]
            mov dword[a],eax
            pop ecx
            inc ecx

            jmp @loop
koniec:
          ;Zwikszamy warto[ zmiennych h0..h4:
          ;h0 += a;
          ;h1 += b;
          ;h2 += c;
          ;h3 += d;
          ;h4 += e;
            mov eax,dword[h0]
            add eax,dword[h0]
            add eax,dword[a]
            mov dword[h0],eax
            mov eax,dword[h1]
            add eax,dword[h1]
            add eax,dword[b]
            mov dword[h1],eax
            mov eax,dword[h2]
            add eax,dword[h2]
            add eax,dword[c]
            mov dword[h2],eax
            mov eax,dword[h3]
            add eax,dword[h3]
            add eax,dword[d]
            mov dword[h3],eax
            mov eax,dword[h4]
            add eax,dword[h4]
            add eax,dword[e]
            mov dword[h4],eax
          ;Wynik to poBczone ze sob szesnastkowe przedstawienia zmiennych h0..h4.

        invoke  wsprintf,buff,mask,[h0],[h1],[h2],[h3],[h4]
        invoke MessageBox,0,buff,0,MB_OK


        invoke ExitProcess,0

section '.idata' import data readable writeable
  library kernel32,'KERNEL32.DLL',\
          user32,'USER32.DLL'

  include 'include\api\kernel32.inc'
  include 'include\api\user32.inc'
    
Post 19 Sep 2014, 16:31
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17269
Location: In your JS exploiting you and your system
revolution
I haven't run it but the first thing I see is that "msgsize" will only be 4.
Post 19 Sep 2014, 23:49
View user's profile Send private message Visit poster's website Reply with quote
plaster90



Joined: 03 Jun 2014
Posts: 17
plaster90
I've tried change many things but still doesnt work. Any idea?
I checked if program correctly create 512 block, i save block to file and it has 64bytes and last one bit is size of block, so error must be in next step.....
Post 20 Sep 2014, 11:13
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17269
Location: In your JS exploiting you and your system
revolution
Did you set "msgsize" to 5?
Post 20 Sep 2014, 11:42
View user's profile Send private message Visit poster's website Reply with quote
plaster90



Joined: 03 Jun 2014
Posts: 17
plaster90
Yes i did. I've tried msgsize with value 4 and 5. No success
Post 20 Sep 2014, 14:27
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
plaster90,

Have you read SHA-1 specification thoroughly? SHA-1 is a big-endian algorithm.

Message length should be at message+56; it's 64-bit value, not 32-bit.

mov dword[w+esi],eax overwrites 3 bytes of the previous dword[w+esi] due to inc esi below (mov dword[w+4*esi], eax or add esi,4 would fix it).
Post 29 Sep 2014, 17:06
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.