[Reversing] rev-basic-7

역시 IDA.. 근데 처음보는 함수가 보인다. 느낌상 ROL? 왼쪽으로 돌릴거 같은데..

// https://github.com/joxeankoret/tahh/blob/master/comodo/defs.h
// rotate left
template<class T> T __ROL__(T value, int count)
{
  const uint nbits = sizeof(T) * 8;

  if ( count > 0 )
  {
    count %= nbits;
    T high = value >> (nbits - count);
    if ( T(-1) < 0 ) // signed value
      high &= ~((T(-1) << count));
    value <<= count;
    value |= high;
  }
  else
  {
    count = -count % nbits;
    T low = value << (nbits - count);
    value >>= count;
    value |= low;
  }
  return value;
}

inline uint8  __ROL1__(uint8  value, int count) { return __ROL__((uint8)value, count); }

대충 맞는거 같다. 코드를 해석하면 i ^ ROL1(a1[i], i & 7) == FLAG[i] 라는건데..

 

ROR1((FLAG[i] ^ i), i & 7)로 하면 원래 값이 나오지 않을까?

def __ROL__(num, count, bits=8): 
	return ((num << count) | (num >> (bits - count))) & ((0b1<<bits) - 1) 

def __ROR__(num, count, bits=8):
	return ((num >> count) | (num << (bits - count))) & ((0b1<<bits) - 1)

검색해보니 파이썬으로 짜여진 ROL, ROR 함수가 있어서 바로 가져왔다.

 

var1 = [0x52, 0xDF, 0xB3, 0x60, 0xF1, 0x8B, 0x1C, 0xB5, 0x57, 0xD1, 0x9F, 0x38, 0x4B, 0x29, 0xD9, 0x26, 0x7F, 0xC9,
        0xA3, 0xE9, 0x53, 0x18, 0x4F, 0xB8, 0x6A, 0xCB, 0x87, 0x58, 0x5B, 0x39, 0x1E, 0x00]

def __ROL__(num, count, bits=8):
    return ((num << count) | (num >> (bits - count))) & ((0b1<<bits) - 1)

def __ROR__(num, count, bits=8):
    return ((num >> count) | (num << (bits - count))) & ((0b1<<bits) - 1)

for i in range(len(var1)):
    a = __ROR__(i ^ var1[i], i & 7)
    print(chr(a), end='')

 

CLEAR