A simple way to demonstrate common reversing tricks using C code:
1.XOR cipher execution
simple repeating-key XOR
extremely common in obfuscation
2.Known-plaintext attack
if you know part of the plaintext, you can recover the key
3.Key length recovery
detect repeating patterns in the keystream
#include <stdint.h>
#include <stddef.h>
#include <stdio.h>
#include <string.h>
static void
xmem(uint8_t *b, size_t n, const uint8_t *k, size_t klen)
{
if (!b || !k || klen == 0)
return;
size_t i = 0, j = 0;
for (; i < n; i++) {
b[i] ^= k[j++];
if (j == klen)
j = 0;
}
}
/* derive raw keystream */
static size_t
xks(uint8_t *out, size_t cap,
const uint8_t *c, size_t clen,
const uint8_t *p, size_t plen)
{
if (!out || !c || !p)
return 0;
size_t n = clen < plen ? clen : plen;
if (n > cap)
n = cap;
for (size_t i = 0; i < n; i++)
out[i] = c[i] ^ p[i];
return n;
}
/* naive period scan */
static size_t
xper(const uint8_t *k, size_t len)
{
if (!k || !len)
return 0;
for (size_t p = 1; p < len; p++) {
size_t i = p;
for (; i < len; i++) {
if (k[i] != k[i % p])
break;
}
if (i == len)
return p;
}
return len;
}
static void
dh(const uint8_t *b, size_t n)
{
for (size_t i = 0; i < n; i++)
printf("%02x ", b[i]);
putchar('\n');
}
int
main(void)
{
uint8_t c[] = {0x5a, 0x3b, 0x4c, 0x1d};
uint8_t k[] = {0x42, 0x31};
/* decrypt in place */
xmem(c, sizeof c, k, sizeof k);
dh(c, sizeof c);
uint8_t known[] = "Hello";
uint8_t ks[128];
size_t n = xks(ks, sizeof ks,
c, sizeof c,
known, strlen((char *)known));
dh(ks, n);
size_t p = xper(ks, n);
printf("p=%zu\n", p);
return 0;
}
Top comments (1)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.