PDA

View Full Version : help with crypto identification


aeon
June 7th, 2007, 04:34
this is some sort of crypto algorithm, it apparently uses free C crypto library but i could not find which algo it is

Code:

0040402D . 68 0A030000 PUSH 30A
00404032 . 68 ACDC4500 PUSH L.0045DCAC ; UNICODE "f:\dev\vc_libs\cryptlib\misc.h"
00404037 . 68 54DE4500 PUSH L.0045DE54 ; UNICODE "IsAligned<T>(block)"
0040403C . E8 A5780300 CALL L.0043B8E6
00404041 . 83C4 0C ADD ESP,0C
00404044 > 8B6F 04 MOV EBP,DWORD PTR DS:[EDI+4]
00404047 . 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+14]
0040404B . 031F ADD EBX,DWORD PTR DS:[EDI]
0040404D . 8B42 0C MOV EAX,DWORD PTR DS:[EDX+C]
00404050 . 032E ADD EBP,DWORD PTR DS:[ESI]
00404052 . 83C7 08 ADD EDI,8
00404055 . 85C0 TEST EAX,EAX
00404057 . 76 48 JBE SHORT L.004040A1
00404059 . 894424 14 MOV DWORD PTR SS:[ESP+14],EAX
0040405D . 8D49 00 LEA ECX,DWORD PTR DS:[ECX]
00404060 > 8D541B 01 LEA EDX,DWORD PTR DS:[EBX+EBX+1]
00404064 . 0FAFD3 IMUL EDX,EBX
00404067 . 8D442D 01 LEA EAX,DWORD PTR SS:[EBP+EBP+1]
0040406B . 0FAFC5 IMUL EAX,EBP
0040406E . C1C2 05 ROL EDX,5
00404071 . C1C0 05 ROL EAX,5
00404074 . 8AC8 MOV CL,AL
00404076 . 334424 1C XOR EAX,DWORD PTR SS:[ESP+1C]
0040407A . 8BF2 MOV ESI,EDX
0040407C . 337424 10 XOR ESI,DWORD PTR SS:[ESP+10]
00404080 . 896C24 1C MOV DWORD PTR SS:[ESP+1C],EBP
00404084 . 8B2F MOV EBP,DWORD PTR DS:[EDI]
00404086 . D3C6 ROL ESI,CL
00404088 . 8ACA MOV CL,DL
0040408A . D3C0 ROL EAX,CL
0040408C . 83C7 08 ADD EDI,8
0040408F . 03EE ADD EBP,ESI
00404091 . 895C24 10 MOV DWORD PTR SS:[ESP+10],EBX
00404095 . 0347 FC ADD EAX,DWORD PTR DS:[EDI-4]
00404098 . 836C24 14 01 SUB DWORD PTR SS:[ESP+14],1
0040409D . 8BD8 MOV EBX,EAX
0040409F .^ 75 BF JNZ SHORT L.00404060
004040A1 > 8B47 04 MOV EAX,DWORD PTR DS:[EDI+4]
004040A4 . 014424 1C ADD DWORD PTR SS:[ESP+1C],EAX
004040A8 . 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+24]
004040AC . 8B3F MOV EDI,DWORD PTR DS:[EDI]
004040AE . 037C24 10 ADD EDI,DWORD PTR SS:[ESP+10]
004040B2 . 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+20]
004040B6 . 8BC2 MOV EAX,EDX
004040B8 . 24 03 AND AL,3
004040BA . F6D8 NEG AL
004040BC . 8BF1 MOV ESI,ECX
004040BE . 1BC0 SBB EAX,EAX
004040C0 . 83C0 01 ADD EAX,1
004040C3 . 84C0 TEST AL,AL
004040C5 . 75 1D JNZ SHORT L.004040E4
004040C7 . 68 1C030000 PUSH 31C
004040CC . 68 ACDC4500 PUSH L.0045DCAC ; UNICODE "f:\dev\vc_libs\cryptlib\misc.h"
004040D1 . 68 54DE4500 PUSH L.0045DE54 ; UNICODE "IsAligned<T>(block)"
004040D6 . E8 0B780300 CALL L.0043B8E6
004040DB . 8B5424 30 MOV EDX,DWORD PTR SS:[ESP+30]
004040DF . 83C4 0C ADD ESP,0C
004040E2 . 8BCE MOV ECX,ESI
004040E4 > 85C9 TEST ECX,ECX
004040E6 . 74 08 JE SHORT L.004040F0



fr33ke
June 7th, 2007, 11:23
Looks like RC6 from this source: http://www.koders.com/cpp/fid7C6BAB96A8168AB4E673FD80443D96D663C44A62.aspx?s=rotlFixed#L40