este

January 11th, 2006, 19:28

Suject says it all. I have a routine that is using Blowfish to work over the data entered in,

I have the S-Boxes and PI numbers. The S-Boxes are standard, but the PI i noticed is xor'd a few times by a string of seemingly random numbers. I have the result of that.

So, I found the actual blowfish code, but I'm not sure if its a standard implementation or not. I have it numbered where the code does repetative things, 16 of them, only logged up to 4 so far. (taken a LONG time)

Just wondering if anyone could confirm this was non-modifed blowfish ?

I have the S-Boxes and PI numbers. The S-Boxes are standard, but the PI i noticed is xor'd a few times by a string of seemingly random numbers. I have the result of that.

So, I found the actual blowfish code, but I'm not sure if its a standard implementation or not. I have it numbered where the code does repetative things, 16 of them, only logged up to 4 so far. (taken a LONG time)

Just wondering if anyone could confirm this was non-modifed blowfish ?

Code:

100084B0 push ebp

100084B1 mov ebp, esp

100084B3 push ebx

100084B4 push esi

100084B5 push edi

100084B6 mov edi, [ebp+08]

100084B9 xor eax, eax

100084BB mov esi, 0FFh ;Sets ESI to FF

100084C0 mov ecx, [edi] ;Loads ECX with EDI's value (check for EDI to be non clear)

100084C2 xor ecx, dword_10048360 ;XOR with 1st address of xPI

100084C8 mov al, ch ;ECX's High to EAX's low

100084CA mov edx, ecx ;Copy ECX as EDX

100084CC and edx, esi ;Singles out first byte of xPI

100084CE mov [ebp+08], ecx ;Temp store 1st four of xPI in EBP+8

100084D1 mov eax, [eax*4+100487C0] ;Loads 4 bytes (2nd byte of 1st 4 in xPI * 4) of S-Box1

100084D8 add eax, [edx*4+100483C0] ;Adds that with (1st byte of 1st 4 in xPI * 4) of S-Box0

100084DF xor edx, edx ;(1)

100084E1 mov dl, byte ptr [ebp+08+2] ;Sets DL to 3rd byte in 1st byte of xPI

100084E4 xor eax, [edx*4+10048BC0] ;XOR result with (3rd of 1st * 4) of S-Box2

100084EB mov edx, ecx ;Copy 1st 4 bytes of xPI into EDX

100084ED shr edx, 18h ;Shifts so that DL is 4th byte of 1st xPI

100084F0 add eax, [edx*4+10048FC0] ;Adds result w/ (4th byte of 1st 4 in xPI * 4) of S-Box3

100084F7 mov edx, [ebp+0C] ;<EBP+C pointed to 00124760's clear data>

100084FA xor eax, [edx] ;XOR result with edx's data

100084FC xor edx, edx

100084FE xor eax, 10048364 ;XOR result with 2nd 4 of xPI

10008504 mov dl, ah ;Copy High Byte of result to DL

10008506 mov ebx, eax ;Copy result to EBX

10008508 and ebx, esi ;Makes EBX the low byte of result

1000850A mov [ebp+08], eax ;Stores result in EBX

1000850D mov edx, [edx*4+100487C0] ;Make EDX (High Byte of result * 4) of S-Box1

10008514 add edx, [ebx*4+100483C0] ;Add (low byte of result * 4) of S-Box0 to EDX

1000851B xor ebx, ebx ;(2)

1000851D mov bl, byte ptr [ebp+0A] ;Make BL nibbles 5&6 of result

10008520 xor edx, [ebx*4+10048BC0] ;XOR EDX with (5&6 of result * 4) of S-Box2

10008527 mov ebx, eax ;Copy result to EBX

10008529 shr ebx, 18h ;Shift 7 & 8 of result to EBX

1000852C add edx, [ebx*4+10048FC0] ;Add EDX with (7&8 of result * 4) of S-Box3

10008533 xor edx, dword_10048368 ;XOR with next 3rd block of xPI

10008539 xor ecx, edx ;ECX = XOR first and 3rd blocks of xPI

1000853B xor edx, edx

1000853D mov dl, ch ;ECX's High to EDX's low

1000853F mov ebx, ecx ;Copy running total to EBX

10008541 and ebx, esi ;EBX the low byte of running total

10008543 mov [ebp+08], ecx ;store running total in EBX for temp holding

10008546 mov edx, [edx*4+100487C0] ;Loads 4 bytes (running total's low byte * 4) of S-Box1

1000854D add edx, [ebx*4+100483C0] ;Add on 4 bytes (running total's high byte * 4) of S-Box0

10008554 xor ebx, ebx ;(3)

10008556 mov bl, byte ptr [ebp+0A] ;Copy nibbles 5 & 6 of running total to EBX's low

10008559 xor edx, [ebx*4+10048BC0] ;XOR EDX with (5&6 of result * 4) of S-Box2

10008560 mov ebx, ecx ;Copy ECX to EBX

10008562 shr ebx, 18h ;Single out nibbles 7 & 8

10008565 add edx, [ebx*4+10048FC0] ;Add EDX with (RT's 7&8 of result * 4) of S-Box3

1000856C xor edx, 1004836C ;XOR with 4th block of xPI

10008572 xor eax, edx ;XOR running total into result

10008574 xor edx, edx

10008576 mov dl, ah ;High Byte of result to EDX's low

10008578 mov ebx, eax ;Copy result to EBX

1000857A and ebx, esi ;EBX is low byte of result

1000857C mov [ebp+08], eax ;Copy result to EBP+8

1000857F mov edx, [edx*4+100487C0] ;Loads EDX with 4 bytes (results low byte * 4) of S-Box1

10008586 add edx, [ebx*4+100483C0] ;Add on 4 bytes (running total's high byte * 4) of S-Box0

1000858D xor ebx, ebx ;(4)

1000858F mov bl, byte ptr [ebp+08+2] ;EBX's low is Result's 5 & 6

10008592 xor edx, [ebx*4+10048BC0] ;XOR EDX with (5&6 of result * 4) of S-Box2

10008599 mov ebx, eax ;Copy result to EBX

1000859B shr ebx, 18h ;Shift 7 & 8 of result to EBX

1000859E add edx, [ebx*4+10048FC0] ;Add EDX with (Result's 7&8 of result * 4) of S-Box3

100085A5 xor edx, 10048370 ;Loads 5th xPI block

100085AB xor ecx, edx ;ECX may be where data has been stored

100085AD xor edx, edx

100085AF mov dl, ch ;running total's high to EDX's low

100085B1 mov ebx, ecx ;Copy ECX to EBX

100085B3 and ebx, esi ;EBX the low byte of running total