Reverse Engineering Asked on February 2, 2021
I try to reverse a cipher algorithm (I guess Tiny Encryption Algorithm (TEA)) in an android application. But I have a serious problem in initializing arguments. How I can understand that I have selected the input arguments correctly?(Especially when they are pointer)
This algorithm get 4 bytes from user(typed in a textbox)and other 4 bytes from an external hardware and mix up this 8 bytes and export 4 bytes for us.
So, I have shown this algorithm in below:
EXPORT Mycipher
Mycipher
var_20 = -0x20
var_1C = -0x1C
PUSH {R0-R2,R4-R7,LR}
MOVS R3, #0
STR R0, [SP,#0x20+var_20]
LDR R4, [R1]
LDR R0, [R1,#4]
MOVS R5, R3
MOVS R6, #3
MOV R12, R1
B loc_DADC
; ---------------------------------------------------------------------------
loc_DAA6 ; CODE XREF: Mycipher+4C
MOVS R1, R3
ANDS R1, R6
LSLS R1, R1, #2
LDR R1, [R1,R2]
LSLS R7, R0, #4
ADDS R5, #1
ADDS R1, R3, R1
STR R1, [SP,#0x20+var_1C]
LSRS R1, R0, #5
EORS R7, R1
LDR R1, [SP,#0x20+var_1C]
ADDS R7, R7, R0
EORS R7, R1
LDR R1, =0x9E3779B9
ADDS R4, R4, R7
LSRS R7, R4, #5
ADDS R3, R3, R1
LSLS R1, R4, #4
EORS R7, R1
LSRS R1, R3, #0xB
ANDS R1, R6
LSLS R1, R1, #2
LDR R1, [R1,R2]
ADDS R7, R7, R4
ADDS R1, R3, R1
EORS R1, R7
ADDS R0, R0, R1
loc_DADC ; CODE XREF: Mycipher+10
LDR R1, [SP,#0x20+var_20]
CMP R5, R1
BNE loc_DAA6
MOV R1, R12
STR R4, [R1]
STR R0, [R1,#4]
POP {R0-R2,R4-R7,PC}
; End of function Mycipher
Then I reverse this algorithm to C code :
void Mycipher (uint32_t* v, const uint32_t* k ) {
uint32_t v0=v[0] ,v1=v[1], sum=0, i;
for (i=0; i<2; i++) {
v0 += ((v1 << 4u ^ v1 >> 5u) + v1) ^ (uint32_t)(sum + *(uint32_t *)(((sum & 3u) * 4u) + k));
sum = sum + 0x9e3779b9;
v1 += (sum + *(uint32_t *)((sum >> 0xb & 3u) * 4u + k) ^ (v0 >> 5u ^ v0 * 0x10) + v0);
}
v[0]=v0; v[1]=v1;
}
And you can see the piece of code that exactly there is in before of function invoke:
STR R3, [SP,#0x258+var_248]
MOVS R0, #2
MVNS R3, R3
ADD R1, SP, #0x258+var_248
ADD R2, SP, #0x258+var_240
STR R3, [SP,#0x258+var_244]
BL Mycipher
But I don’t know how I can determine the input arguments type? For example, I put the second argument as const
because the cLion suggest me(Not for my knowledge). Or, In this case which line of code that shown above I must consider for input arguments? Now, I think my conversion have some problems(I’m suspicious to my codes) and I like to know how I can fix these problems.
Sorry for eating your time.
Thanks
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP