TransWikia.com

Reverse an encryption algorithem in APK .so file

Reverse Engineering Asked on February 2, 2021

I try to reverse a cipher algorithm (I guess Tiny Encryption Algorithm (TEA)) in an android application. But I have a serious problem in initializing arguments. How I can understand that I have selected the input arguments correctly?(Especially when they are pointer)
This algorithm get 4 bytes from user(typed in a textbox)and other 4 bytes from an external hardware and mix up this 8 bytes and export 4 bytes for us.
So, I have shown this algorithm in below:

                EXPORT Mycipher
Mycipher                                
                                        

var_20          = -0x20
var_1C          = -0x1C

                PUSH    {R0-R2,R4-R7,LR}
                MOVS    R3, #0
                STR     R0, [SP,#0x20+var_20]
                LDR     R4, [R1]
                LDR     R0, [R1,#4]
                MOVS    R5, R3
                MOVS    R6, #3
                MOV     R12, R1
                B       loc_DADC
; ---------------------------------------------------------------------------

loc_DAA6                                ; CODE XREF: Mycipher+4C
                MOVS    R1, R3
                ANDS    R1, R6
                LSLS    R1, R1, #2
                LDR     R1, [R1,R2]
                LSLS    R7, R0, #4
                ADDS    R5, #1
                ADDS    R1, R3, R1
                STR     R1, [SP,#0x20+var_1C]
                LSRS    R1, R0, #5
                EORS    R7, R1
                LDR     R1, [SP,#0x20+var_1C]
                ADDS    R7, R7, R0
                EORS    R7, R1
                LDR     R1, =0x9E3779B9
                ADDS    R4, R4, R7
                LSRS    R7, R4, #5
                ADDS    R3, R3, R1
                LSLS    R1, R4, #4
                EORS    R7, R1
                LSRS    R1, R3, #0xB
                ANDS    R1, R6
                LSLS    R1, R1, #2
                LDR     R1, [R1,R2]
                ADDS    R7, R7, R4
                ADDS    R1, R3, R1
                EORS    R1, R7
                ADDS    R0, R0, R1

loc_DADC                                ; CODE XREF: Mycipher+10
                LDR     R1, [SP,#0x20+var_20]
                CMP     R5, R1
                BNE     loc_DAA6
                MOV     R1, R12
                STR     R4, [R1]
                STR     R0, [R1,#4]
                POP     {R0-R2,R4-R7,PC}
; End of function Mycipher

Then I reverse this algorithm to C code :

void Mycipher (uint32_t* v, const uint32_t* k ) {
    uint32_t v0=v[0] ,v1=v[1], sum=0, i;
for (i=0; i<2; i++) {
    v0 += ((v1 << 4u ^ v1 >> 5u) + v1) ^ (uint32_t)(sum + *(uint32_t *)(((sum & 3u) * 4u) + k));
    sum = sum + 0x9e3779b9;
    v1 += (sum + *(uint32_t *)((sum >> 0xb & 3u) * 4u + k) ^ (v0 >> 5u ^ v0 * 0x10) + v0);
}
v[0]=v0; v[1]=v1;
}

And you can see the piece of code that exactly there is in before of function invoke:

STR     R3, [SP,#0x258+var_248]
MOVS    R0, #2
MVNS    R3, R3
ADD     R1, SP, #0x258+var_248
ADD     R2, SP, #0x258+var_240
STR     R3, [SP,#0x258+var_244]
BL      Mycipher

But I don’t know how I can determine the input arguments type? For example, I put the second argument as const because the cLion suggest me(Not for my knowledge). Or, In this case which line of code that shown above I must consider for input arguments? Now, I think my conversion have some problems(I’m suspicious to my codes) and I like to know how I can fix these problems.
Sorry for eating your time.
Thanks

androidarmc++disassembly

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP