Joined: 03 Jun 2014
Posts: 17
plaster90 19 Sep 2014, 16:31

I've got problem with code below:
It doesn't give me correct hash sha-1 from 'tekst' Sad

Does anyone see the problem witch this code?
Please help

format PE GUI 4.0
entry start

include 'include\win32a.inc'
section '.data' data readable writeable

h0              dd ?
h1              dd ?
h2              dd ?
h3              dd ?
h4              dd ?
a               dd ?
b               dd ?
c               dd ?
d               dd ?
e               dd ?
f               dd ?
k               dd ?
tmp             dd ?
w               rd 80
message         rb 128
msgsize         dd ?
ile_0           dd ?
buff            rb 500h
mask            db '%.8x%.8x%.8x%.8x%.8x',0

section '.code' code readable executable

            mov ecx,0
            mov [message],0
            mov byte [message+ecx],'t'
            inc ecx
            mov byte [message+ecx],'e'
            inc ecx
            mov byte [message+ecx],'k'
            inc ecx
            mov byte [message+ecx],'s'
            inc ecx
            mov byte [message+ecx],'t'
        ;Na koDcu wiadomo[ci doda bit o warto[ci 1.
            mov [msgsize],ecx
            xor eax,eax
            mov al,80h
            mov byte [message+ecx+1],al
        ;Dopisa na koDcu tyle zer,
        ;aby dBugo[ wiadomo[ci modulo 512 wynosiB 448
            mov eax,56
            mov ecx,[msgsize]
            sub eax,ecx
            inc ecx
            mov byte [message+ecx+1],0
            inc ecx
            cmp ecx,eax
            jne @02
        ;Dopisa na koDcu wiadomo[ci 64-bitow liczb
        ;oznaczajc dBugo[ pierwotnej wiadomo[ci
            ;mov dword[message+56],0
            mov ecx,[msgsize]
            shl ecx,3
            mov dword[message+60],ecx
         ;;;;;   GBówne dziaBania     ;;;;;
         ;Na pocztku inicjujemy 5 zmiennych
            mov [h0],0x67452310
            mov [h1],0xEFCDAB89
            mov [h2],0x98BADCFE
            mov [h3],0x10325476
            mov [h4],0xC3D2E1F0
         ;Dzielimy blok na szesna[cie 32-bitowych sBów
         ;i zapisujemy je do w[0], w[1], ..., w[15]
            xor ecx,ecx
            mov esi,0
            mov eax,dword[message+ecx]
            mov dword[w+esi],eax
            add ecx,4
            add esi,1
            cmp esi,15
            jna @04
         ;Rozszerzamy ilo[ sBów z 16 do 80,
         ;wykonujc dziaBanie dla ka|dego 15 < i < 80:
         ;w[i] = rol((w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16]), 1);
            mov esi,16
            push esi
            mov eax,dword[w+esi-3]
            mov ebx,dword[w+esi-8]
            xor eax,ebx
            mov ecx,dword[w+esi-14]
            mov edx,dword[w+esi-16]
            xor ecx,edx
            xor eax,ecx
            rol eax,1
            pop esi
            mov dword[w+esi],eax
            add esi,1

            cmp esi,80
            jb @w1
          ;Tworzymy zmienne a,  b,  c,  d,  e
          ;o warto[ciach    h0, h1, h2, h3, h4
            mov eax,dword[h0]
            mov dword[a],eax
            mov eax,dword[h1]
            mov dword[b],eax
            mov eax,dword[h2]
            mov dword[c],eax
            mov eax,dword[h3]
            mov dword[d],eax
            mov eax,dword[h4]
            mov dword[e],eax
          ;;;;;GBówna ptla (dla ka|dego 0 <= i <= 79);;;;;
          xor ecx,ecx
            cmp ecx,20
            jb @05
            cmp ecx,40
            jb @06
            cmp ecx,60
            jb @07
            cmp ecx,80
            jb @08
            jmp koniec
          ;Je|eli 0 <= i <= 19:
          ;f = (b & c) | ((~b) & d);
          ;k = 0x5A827999;
            push ecx
            mov eax,[b]
            mov ebx,[c]
            and eax,ebx
            mov ebx,[b]
            not ebx
            mov ecx,[d]
            and ebx,ecx
            or eax,ebx
            mov [k],0x5A827999
            jmp @09
          ;Je|eli 20 <= i <= 39:
          ;f = b ^ c ^ d;
          ;k = 0x6ED9EBA1;
            push ecx
            mov eax,[b]
            mov ebx,[c]
            mov ecx,[d]
            xor eax,ebx
            xor eax,ecx
            mov [k],0x6ED9EBA1
            jmp @09
          ;Je|eli 40 <= i <= 59:
          ;f = (b & c) | (b & d) | (c & d);
          ;k = 0x8F1BBCDC;
            push ecx
            mov eax,[b]
            mov ebx,[c]
            and eax,ebx
            mov ebx,[b]
            mov ecx,[d]
            and ebx,ecx
            mov ecx,[c]
            mov edx,[d]
            and ecx,edx
            or eax,ebx
            or eax,ecx
            mov [k],0x8F1BBCDC
            jmp @09

          ;Je|eli 60 <= i <= 79:
          ;f = b ^ c ^ d;
          ;k = 0xCA62C1D6;
            push ecx
            mov eax,[b]
            mov ebx,[c]
            mov ecx,[d]
            xor eax,ebx
            xor eax,ecx
            mov [k],0xCA62C1D6
            jmp @09
          ;tmp = rol(a, 5) + e + f + k + w[i];
            pop ecx

            mov eax,[a]
            rol eax,5
            add eax,[e]
            add eax,[f]
            add eax,[k]
            add eax,[w+ecx]
            push ecx
            mov dword[tmp],eax
          ;e = d;
          ;d = c;
          ;c = rol(b, 30);
          ;b = a;
          ;a = tmp;
            mov eax,dword[d]
            mov dword[e],eax
            mov eax,dword[c]
            mov dword[d],eax
            mov eax,dword[b]
            rol eax,30
            mov dword[c],eax
            mov eax,dword[a]
            mov dword[b],eax
            mov eax,dword[tmp]
            mov dword[a],eax
            pop ecx
            inc ecx

            jmp @loop
          ;Zwikszamy warto[ zmiennych h0..h4:
          ;h0 += a;
          ;h1 += b;
          ;h2 += c;
          ;h3 += d;
          ;h4 += e;
            mov eax,dword[h0]
            add eax,dword[h0]
            add eax,dword[a]
            mov dword[h0],eax
            mov eax,dword[h1]
            add eax,dword[h1]
            add eax,dword[b]
            mov dword[h1],eax
            mov eax,dword[h2]
            add eax,dword[h2]
            add eax,dword[c]
            mov dword[h2],eax
            mov eax,dword[h3]
            add eax,dword[h3]
            add eax,dword[d]
            mov dword[h3],eax
            mov eax,dword[h4]
            add eax,dword[h4]
            add eax,dword[e]
            mov dword[h4],eax
          ;Wynik to poBczone ze sob szesnastkowe przedstawienia zmiennych h0..h4.

        invoke  wsprintf,buff,mask,[h0],[h1],[h2],[h3],[h4]
        invoke MessageBox,0,buff,0,MB_OK

        invoke ExitProcess,0

section '.idata' import data readable writeable
  library kernel32,'KERNEL32.DLL',\

  include 'include\api\kernel32.inc'
  include 'include\api\user32.inc'
Post 19 Sep 2014, 16:31
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20481
Location: In your JS exploiting you and your system
revolution 19 Sep 2014, 23:49
I haven't run it but the first thing I see is that "msgsize" will only be 4.
Post 19 Sep 2014, 23:49
Joined: 03 Jun 2014
Posts: 17
plaster90 20 Sep 2014, 11:13
I've tried change many things but still doesnt work. Any idea?
I checked if program correctly create 512 block, i save block to file and it has 64bytes and last one bit is size of block, so error must be in next step.....
Post 20 Sep 2014, 11:13
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20481
Location: In your JS exploiting you and your system
revolution 20 Sep 2014, 11:42
Did you set "msgsize" to 5?
Post 20 Sep 2014, 11:42
Joined: 03 Jun 2014
Posts: 17
plaster90 20 Sep 2014, 14:27
Yes i did. I've tried msgsize with value 4 and 5. No success
Post 20 Sep 2014, 14:27
Joined: 19 Mar 2008
Posts: 1651
baldr 29 Sep 2014, 17:06

Have you read SHA-1 specification thoroughly? SHA-1 is a big-endian algorithm.

Message length should be at message+56; it's 64-bit value, not 32-bit.

mov dword[w+esi],eax overwrites 3 bytes of the previous dword[w+esi] due to inc esi below (mov dword[w+4*esi], eax or add esi,4 would fix it).
Post 29 Sep 2014, 17:06
