Results 1 to 3 of 3

Thread: ARM Opcodes - To Higher Level

  1. #1

    Question ARM Opcodes - To Higher Level

    Hey guys,

    Glad I found this forum. Seems like there are a lot of people here who can help me.

    Anyway, I'm trying to get this piece of code translated to a higher language. I have some background in ASM but this piece of code is just flying through my head and I can't seem to understand it.

    I would appreciate it if someone can give me an insight on what is happening here. A pseudo code will be much appreciated, but if that's too much, you can just point me to the right direction where I can some kind of explanation as to what is going on here.

    Basically, this function requires a string and then returns a modified version of that string. I got this from IDA:

    Code:
    .text:00015874 ; Scrambler::getInstagramString(char  const*)
    .text:00015874                 EXPORT _ZN9Scrambler18getInstagramStringEPKc
    .text:00015874 _ZN9Scrambler18getInstagramStringEPKc   ; CODE XREF: Bridge::getInstagramString(_JNIEnv *,_jobject *,_jstring *)+16p
    .text:00015874                 PUSH    {R4-R6,LR}
    .text:00015876                 LDR     R1, =(aA4d1b77bbb1a4a - 0x15880)
    .text:00015878                 MOVS    R4, R0
    .text:0001587A                 MOVS    R5, #0
    .text:0001587C                 ADD     R1, PC          ; "a4d1b77bbb1a4a5ca695ad72c84b77e5"
    .text:0001587E                 BLX     strcasecmp
    .text:00015882                 CMP     R0, #0
    .text:00015884                 BNE     loc_1588A
    .text:00015886                 LDR     R5, =(unk_6C19C - 0x1588C)
    .text:00015888                 ADD     R5, PC
    .text:0001588A
    .text:0001588A loc_1588A                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+10j
    .text:0001588A                 LDR     R1, =(aFf19a68d1f4a4c - 0x15892)
    .text:0001588C                 MOVS    R0, R4          ; s1
    .text:0001588E                 ADD     R1, PC          ; "ff19a68d1f4a4c29bf4be67ad2c77f12"
    .text:00015890                 BLX     strcasecmp
    .text:00015894                 CMP     R0, #0
    .text:00015896                 BNE     loc_1589E
    .text:00015898                 LDR     R5, =(unk_6C19C - 0x1589E)
    .text:0001589A                 ADD     R5, PC
    .text:0001589C                 ADDS    R5, #0x2C
    .text:0001589E
    .text:0001589E loc_1589E                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+22j
    .text:0001589E                 LDR     R1, =(aEd85650e098847 - 0x158A6)
    .text:000158A0                 MOVS    R0, R4          ; s1
    .text:000158A2                 ADD     R1, PC          ; "ed85650e09884756a26558259c471af5"
    .text:000158A4                 BLX     strcasecmp
    .text:000158A8                 CMP     R0, #0
    .text:000158AA                 BNE     loc_158B2
    .text:000158AC                 LDR     R5, =(unk_6C19C - 0x158B2)
    .text:000158AE                 ADD     R5, PC
    .text:000158B0                 ADDS    R5, #0x60
    .text:000158B2
    .text:000158B2 loc_158B2                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+36j
    .text:000158B2                 LDR     R1, =(aF9c69e10bbb140 - 0x158BA)
    .text:000158B4                 MOVS    R0, R4          ; s1
    .text:000158B6                 ADD     R1, PC          ; "f9c69e10bbb140e096e26e3d3f3960ec"
    .text:000158B8                 BLX     strcasecmp
    .text:000158BC                 CMP     R0, #0
    .text:000158BE                 BNE     loc_158C6
    .text:000158C0                 LDR     R5, =(unk_6C21C - 0x158C6)
    .text:000158C2                 ADD     R5, PC
    .text:000158C4                 ADDS    R5, #0xC
    .text:000158C6
    .text:000158C6 loc_158C6                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+4Aj
    .text:000158C6                 LDR     R1, =(aA9fd1ea499854a - 0x158CE)
    .text:000158C8                 MOVS    R0, R4          ; s1
    .text:000158CA                 ADD     R1, PC          ; "a9fd1ea499854a93bdb89e12d00e56a0"
    .text:000158CC                 BLX     strcasecmp
    .text:000158D0                 CMP     R0, #0
    .text:000158D2                 BNE     loc_158DA
    .text:000158D4                 LDR     R5, =(unk_6C21C - 0x158DA)
    .text:000158D6                 ADD     R5, PC
    .text:000158D8                 ADDS    R5, #0x24
    .text:000158DA
    .text:000158DA loc_158DA                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+5Ej
    .text:000158DA                 LDR     R1, =(aDb9f890529814c - 0x158E2)
    .text:000158DC                 MOVS    R0, R4          ; s1
    .text:000158DE                 ADD     R1, PC          ; "db9f890529814cc682dae202eb074521"
    .text:000158E0                 BLX     strcasecmp
    .text:000158E4                 CMP     R0, #0
    .text:000158E6                 BNE     loc_158EE
    .text:000158E8                 LDR     R5, =(unk_6C21C - 0x158EE)
    .text:000158EA                 ADD     R5, PC
    .text:000158EC                 ADDS    R5, #0x38
    .text:000158EE
    .text:000158EE loc_158EE                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+72j
    .text:000158EE                 LDR     R1, =(aEc06322a460e44 - 0x158F6)
    .text:000158F0                 MOVS    R0, R4          ; s1
    .text:000158F2                 ADD     R1, PC          ; "ec06322a460e44a7b8dcadcd49f39374"
    .text:000158F4                 BLX     strcasecmp
    .text:000158F8                 CMP     R0, #0
    .text:000158FA                 BNE     loc_15902
    .text:000158FC                 LDR     R5, =(unk_6C21C - 0x15902)
    .text:000158FE                 ADD     R5, PC
    .text:00015900                 ADDS    R5, #0x5C
    .text:00015902
    .text:00015902 loc_15902                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+86j
    .text:00015902                 LDR     R1, =(aB8382364355a42 - 0x1590A)
    .text:00015904                 MOVS    R0, R4          ; s1
    .text:00015906                 ADD     R1, PC          ; "b8382364355a42af9b130a7a68feb22a"
    .text:00015908                 BLX     strcasecmp
    .text:0001590C                 CMP     R0, #0
    .text:0001590E                 BNE     loc_15916
    .text:00015910                 LDR     R5, =(unk_6C29C - 0x15916)
    .text:00015912                 ADD     R5, PC
    .text:00015914                 ADDS    R5, #0x10
    .text:00015916
    .text:00015916 loc_15916                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+9Aj
    .text:00015916                 LDR     R1, =(aBdcf8247e5d54d - 0x1591E)
    .text:00015918                 MOVS    R0, R4          ; s1
    .text:0001591A                 ADD     R1, PC          ; "bdcf8247e5d54dd8a440e77f7c41b208"
    .text:0001591C                 BLX     strcasecmp
    .text:00015920                 CMP     R0, #0
    .text:00015922                 BNE     loc_1592A
    .text:00015924                 LDR     R5, =(unk_6C29C - 0x1592A)
    .text:00015926                 ADD     R5, PC
    .text:00015928                 ADDS    R5, #0x44
    .text:0001592A
    .text:0001592A loc_1592A                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+AEj
    .text:0001592A                 LDR     R1, =(aEf9e3381f0a045 - 0x15932)
    .text:0001592C                 MOVS    R0, R4          ; s1
    .text:0001592E                 ADD     R1, PC          ; "ef9e3381f0a045d396ee38292ca5481d"
    .text:00015930                 BLX     strcasecmp
    .text:00015934                 CMP     R0, #0
    .text:00015936                 BNE     loc_1593E
    .text:00015938                 LDR     R5, =(unk_6C29C - 0x1593E)
    .text:0001593A                 ADD     R5, PC
    .text:0001593C                 ADDS    R5, #0x78
    .text:0001593E
    .text:0001593E loc_1593E                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+C2j
    .text:0001593E                 LDR     R1, =(aDf1c2873b2cf40 - 0x15946)
    .text:00015940                 MOVS    R0, R4          ; s1
    .text:00015942                 ADD     R1, PC          ; "df1c2873b2cf408489df344453f9f10e"
    .text:00015944                 BLX     strcasecmp
    .text:00015948                 CMP     R0, #0
    .text:0001594A                 BNE     loc_1595A
    .text:0001594C                 LDR     R5, =(unk_6C31C - 0x15952)
    .text:0001594E                 ADD     R5, PC
    .text:00015950                 ADDS    R5, #0x20
    .text:00015952
    .text:00015952 loc_15952                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+EAj
    .text:00015952                 MOVS    R0, R5
    .text:00015954                 BL      _ZN9Scrambler7decryptEPKc ; Scrambler::decrypt(char  const*)
    .text:00015958
    .text:00015958 locret_15958                            ; CODE XREF: Scrambler::getInstagramString(char  const*)+ECj
    .text:00015958                 POP     {R4-R6,PC}
    .text:0001595A ; ---------------------------------------------------------------------------
    .text:0001595A
    .text:0001595A loc_1595A                               ; CODE XREF: Scrambler::getInstagramString(char  const*)+D6j
    .text:0001595A                 MOVS    R0, #0
    .text:0001595C                 CMP     R5, #0
    .text:0001595E                 BNE     loc_15952
    .text:00015960                 B       locret_15958
    .text:00015960 ; End of function Scrambler::getInstagramString(char  const*)
    .text:00015960
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Is this Apple stuff ?

    Woodmann
    Learn Or Die.

  3. #3
    Quote Originally Posted by Woodmann View Post
    Is this Apple stuff ?

    Woodmann
    Actually its from an android app but the file I'm trying to reverse is a .so inside an apk file.

    I tried to study the opcodes one by one but I'm getting lost at the variables they are using and I am not sure if :

    =(unk_6C19C - 0x1589E)

    is the value at address unk_6C19C to 0x1589E or should I subtract it. There is very little reference to this online.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Key Level & Key Options
    By ironman in forum The Newbie Forum
    Replies: 10
    Last Post: March 15th, 2014, 08:59
  2. identify unknown Opcodes
    By twisted in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: April 16th, 2012, 23:52
  3. Bad Net Opcodes Finder V0.5 - by whoknows
    By Kurapica in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: December 17th, 2009, 22:42
  4. Imagine Octal Opcodes
    By Aquatic in forum Off Topic
    Replies: 3
    Last Post: February 28th, 2004, 22:11
  5. It's Easy-Level... Everyone have a try...
    By JimmyClif in forum Mini Project Area
    Replies: 11
    Last Post: June 20th, 2001, 17:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •