Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Plate encryption

2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Plate encryption

1.bswap encryption

004A21F9 > 60 pushad

004A21FA E8 00000000 call 004A21FF

004A21FF 5B pop ebx

004A2200 81EB FF214A00 sub ebx, 004A21FF

004A2206 BA 00104000 mov edx, 00401000

004A220B B9 00000600 mov ecx, 0x60000

004A2210 B9 00000200 mov ecx, 0x20000

004A2215 03D3 add edx, ebx

004A2217 8B02 mov eax, dword ptr [edx] this part is the core part of encryption

004A2219 0FC8 bswap eax

004A221B 8902 mov dword ptr [edx], eax

004A221D 83C2 04 add edx, 0x4

004A2220 49 dec ecx

004A2221 ^ 75 F4 jnz short 004A2217

004A2223 61 popad

004A2224 E8 00000000 call 004A2229

004A2229 812C24 E1030000 sub dword ptr [esp], 0x3E1 3E1 is actually the distance between the address of this instruction and the original entry

004A2230 C3 retn

Binary: 60 E8 00 00 00 5B 81 EB FF 21 4A 00 BA 00 10 40 00 B9 00 00 06 00 B9 00 02 03 D3 8B 02 0F C8 89 02 83 C2 04 49 75 F4 61 E8 00 00 81 2C 24 E1 03 00 C3

2.xchg encryption

004A223B > 60 pushad

004A223C BB 00104000 mov ebx, 00401000

004A2241 B9 10010100 mov ecx, 0x10110

004A2246 8B3B mov edi, dword ptr [ebx]

004A2248 8B73 04 mov esi, dword ptr [ebx+0x4]

004A224B 87F7 xchg edi, esi

004A224D 893B mov dword ptr [ebx], edi

004A224F 8973 04 mov dword ptr [ebx+0x4], esi

004A2252 83C3 08 add ebx, 0x8

004A2255 49 dec ecx

004A2256 ^ 75 EE jnz short 004A2246

004A2258 61 popad

004A2259 ^ 70 9e jo short 004A21F9 Jump back entry Point = jmp

004A225B ^ 71 9C jno short 004A21F9

Binary: 60 BB 00 10 40 00 B9 10 01 00 8B 3B 73 04 87 F7 89 3B 89 73 04 83 C3 08 49 75 EE 61 70 9E 71 9C

3. Use bswap,xchg encryption at the same time

004A226F 60 pushad

004A2270 BB 00104000 mov ebx, 00401000

004A2275 B9 00000100 mov ecx, 0x10000 xchg

004A227A 8B03 mov eax, dword ptr [ebx]

004A227C 0FC8 bswap eax

004A227E 8B53 04 mov edx, dword ptr [ebx+0x4]

004A2281 0FCA bswap edx

004A2283 92 xchg eax, edx

004A2284 8903 mov dword ptr [ebx], eax

004A2286 8953 04 mov dword ptr [ebx+0x4], edx

004A2289 83C3 08 add ebx, 0x8

004A228C 49 dec ecx

004A228D ^ 75 EB jnz short 004A227A

004A228F 61 popad

The two bytes in the two words in the double word are swapped by themselves and then switched, and the positions of the two adjacent words are exchanged.

Binary: 60 BB 00 10 40 00 B9 00 00 01 8B 03 0F C8 8B 53 04 0F CA 92 89 03 89 53 04 83 C3 08 49 75 EB 61

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report