PDA

View Full Version : DES - ASM to C


hermanocabral
August 29th, 2006, 20:10
hello guys,

a friend of mine gave me a code and i want to rewrite it in C ansi, but there are some asm code in the criptography section of the code.

I was wondering if anyone can take a look at the code and give me a clue on what it does and how it does, because i suck in assembly


here is the code: http://cpp.enisoc.com/pastebin/7611


thanks in advance!

hermanocabral
August 29th, 2006, 20:11
lol to that signature... lmao

naides
August 29th, 2006, 20:56
If you do not have a lot of experience in ASM, My suggestion would be to search the DES algorithm elements in the web and implement it using C, or the language that you are most familiar with, right from scratch.

It would certainly take a shorter time than sifting and reverse eninieering through lines and lines of asm code.

The asm implemntation you posted was probably done in the name of efficiency, minimizing the number of CPU cycles, but this should not be of much concern in the initial steps of the learning curve.

Once you understand the elements of DES crypt and decrypt, the ASM code will start to make sense.

You will see that each segment of the asm code is a named _inline function which represent a discrete step in DES implementation.

hermanocabral
August 29th, 2006, 23:08
thanks for your suggestion, im going to accept it.

but a problem came to me right now: in this implementation, can be some change particular to that implementation that will change the results of any data encripted with this asm code?

eg. Using someones implementation of DES in C to chyper this string "abc" return the value 10. Using this asm implementation to chyper the same string returns the value 15.

LLXX
August 29th, 2006, 23:24
Why would you want to go from Asm to C anyway?

I see more sense in the opposite direction, but...

I think the discrepancy is because the C implementation is encrypting the null terminator as well.

naides
August 30th, 2006, 06:21
Quote:
[Originally Posted by hermanocabral]

eg. Using someones implementation of DES in C to chyper this string "abc" return the value 10. Using this asm implementation to chyper the same string returns the value 15.



No. The results should be the same, if the algo is accurately implemented, be it in JAVA, PERL, ASM, BASIC, or by hand using paper and pencil.

By the way, If you search DES in wiki, someone at MIT coded a Java program that illustrate the DES principle step by step, in a visual fashion.
Quite didactic and useful IMHO.

Apakekdah
August 30th, 2006, 08:11
hard to understand for beginer like me....

hermanocabral
August 30th, 2006, 11:14
Quote:
[Originally Posted by LLXX]Why would you want to go from Asm to C anyway?

I see more sense in the opposite direction, but...

I think the discrepancy is because the C implementation is encrypting the null terminator as well.


i wanna go from asm to c because i dont understand asm... is more simple to me to maintain a code in C then to maintain it in asm...

what do you mean by encrypting the null terminator? you mean the \0?


Quote:
[Originally Posted by naides]
No. The results should be the same, if the algo is accurately implemented, be it in JAVA, PERL, ASM, BASIC, or by hand using paper and pencil.

By the way, If you search DES in wiki, someone at MIT coded a Java program that illustrate the DES principle step by step, in a visual fashion.
Quite didactic and useful IMHO.


i followed your suggestion... and indeed the asm code seems to make more sense to me now, after a whole night of DES study... now i can understand things a little better...

i need more help now with some lines of the code, like:

mov ecx, spr[800h][eax]
mov eax, spr[0C00h][eax]

what in gods name is spr[800h] [eax]? looks like a cast (lol) to me...

and:
cmp edx, offset dword_61D77C+32*4
mov buf, edx
jl loc_45D6C2
jmp loc_45D81C

i know what cmp, jl and jmp does, but i dont know what are those things in bold...

and those:
loc_45D76D: ; CODE XREF: sub_45D5C0+F3j

these are like gotos??

naides
August 30th, 2006, 12:24
These lines of assembler you post are _inline code from a C program, which is a partcular "dialect" of assembler. This "hybrid" C/ASM code interpreted by the C compiler and further translated into more pure Assembly instructions. the kind code you will see in a disassembly, which is what we are used to deal with in this board. Anyway


Quote:
[Originally Posted by hermanocabral]

i need more help now with some lines of the code, like:

mov ecx, spr[800h][eax]

spr[800h] means Stack Pointer 800, and [eax] is the index:

There is an array in the stack whose base ([0]th element] is located at the [800h], an address in the stack (Which is usually pointed by EBP). [eax]th dword is being moved to ecx.

in "pure Assembler":

mov ecx, dwordptr[ebp +800 + eax]



mov eax, spr[0C00h][eax]

in pure assembler:

mov eax, dwordptr[ebp +0C00 + eax]


what in gods name is spr[800h] [eax]? looks like a cast (lol) to me...

More of the same, See above

and:
cmp edx, offset dword_61D77C+32*4

edx is compared to a dword, which is part of structure that is not in the stack, but in the global memory. its address is calculated by adding 32*4 to a base address 61D77C(in hex)

mov buf, edx

This is where C code is somewhat mixed with asm code: buf is a local variable that C tracks. When it gets tranlated to pure assembly, it would have no name but some address like [EBP-2C]. buf is just the SYMBOL that repressents the address of a local variable in the stack, a local variable in memory.


jl loc_45D6C2
jmp loc_45D81C



i know what cmp, jl and jmp does, but i dont know what are those things in bold...

loc_45D6C2 are addresses in the code segment, where the next instruction to be executed is located if the jump takes place. The code flow changes. Yes, it is reminiscent of the GOTO instruction of BASIC and C

and those are comments, labels:
loc_45D76D: ; CODE XREF: sub_45D5C0+F3j

loc_45D76D: gets jumped to by the instruction located at the subroutine that starts at 45D5C0, from an instruction located F3 hex (243 dec) bytes after the begining of the Sub.

these are like gotos??

They are cross references. ; CODE XREF: sub_45D5C0+F3j are comments not instructions

hermanocabral
August 30th, 2006, 13:49
Quote:
[Originally Posted by naides]mov ecx, spr[800h][eax]

spr[800h] means Stack Pointer 800, and [eax] is the index:

There is an array in the stack whose base ([0]th element] is located at the [800h], an address in the stack (Which is usually pointed by EBP). [eax]th dword is being moved to ecx.


how does he know where the stack pointer is?

naides
August 30th, 2006, 14:24
Thre are two CPU registers that usually keep track of the stack: ESP and EBP.

The addresses of stack varibles are calculated as offsets to these registers:

The Extended Stack Pointer ESP and the Extended Base Pointer EBP.

Positive displacements [EBP+ 800] point to variables that were present before the subroutine started. Negative Displacements [EBP-0C] point to local (auto) variables that will disapear whn the subroutine returns. For a cranky but more detailed explanation, see

http://www.woodmann.com/forum/showthread.php?t=5849&highlight=ascend+code

0xf001
August 31st, 2006, 02:11
hi,

Code:
I was wondering if anyone can take a look at the code and give me a clue on what it does and how it does, because i suck in assembly


maybe consider forgetting that "source" at all and rewrite it from a specification or use free source available. if you want to know what it does, that should be self explaining after knowing what DES does:

http://www.abisoft.net/des.html

there is plenty of source on the net:
http://www.thefreecountry.com/sourcecode/encryption.shtml

have it in javascript and perl 8)
http://www.tero.co.uk/des/code.php

hope that helps,

0xf001