problem writing inverse to java xor encoding function
Ben Summers
I'm trying to create an inverse to the following Java function in Ruby.
public static void encXORPass(byte[] raw, final int offset, final int
size, int key)
{
int stop = size-8;
int pos = 4 + offset;
int edx;
int ecx = key; // Initial xor key
while (pos < stop)
{
// get 4 bytes from raw into an int
edx = (raw[pos] & 0xFF);
edx |= (raw[pos+1] & 0xFF) << 8;
edx |= (raw[pos+2] & 0xFF) << 16;
edx |= (raw[pos+3] & 0xFF) << 24;
// do things
ecx += edx;
edx ^= ecx;
// put the xor'd int back into raw
raw[pos++] = (byte) (edx & 0xFF);
raw[pos++] = (byte) (edx >> 8 & 0xFF);
raw[pos++] = (byte) (edx >> 16 & 0xFF);
raw[pos++] = (byte) (edx >> 24 & 0xFF);
}
// store the final key in the last 4 bytes of raw
raw[pos++] = (byte) (ecx & 0xFF);
raw[pos++] = (byte) (ecx >> 8 & 0xFF);
raw[pos++] = (byte) (ecx >> 16 & 0xFF);
raw[pos++] = (byte) (ecx >> 24 & 0xFF);
}
I'm basically walking through the same loop backwards, but for some
reason my code doesn't currently completely decode the data. By
"completely" I mean a few bytes into the loop it actually converges to
the correct values, but not at the beginning. I've been trying to figure
out why for weeks and I'm not making any progress so thought I'd post it
here.
Here is an example of a correct decoded sequence, followed by my
incorrect decoded sequence (yes they are different if you go far enough
to the right):
00854130CE21C60000BD7F26062B09315C26E24D80378DD9FB568AF57C765D9A2C90A6B0124EA36014881A48A185B44FC9A6D922D03E1F91FB0468819721E639E21AC617D44D3A7E952C2211EDB36ABCFC81B51E8AC205DCC750D7EA0C18F49CE8A119A8DA67591C97B5B7D6C9EF61F7F25E6EBDC10EA0BAA1F388D3210198B1A66B1E09437E3AA2204E95DD29FC9CC37720B6AD97F7E0BD0731C3725F3B6566FEC6F2CD5473468F2700E8436B286DACD9FE6C8B9F9EADDF
00854130CE21C60000BD7F26062B09315C26E24D80378DD9FB568AF57C765D9A2C90A6B0124EA36014881A48A185B44FC9A6D922D03E1F91FB0468819721E639E21AC617D44D3A7E952C2211EDB36ABCFC81B51E8AC205DCC750D7EA0C18F49CE8A119A8DA67591C97B5B7D6C9EF61F7F25E6EBDC10EA0BAA1F3883321019841A66B1EF1437E3ADE204E95C329FC1CCC772056AA97F71CBE07313C735FBB9A66FE06EDCD5493418F271FE8C3EBE86CEC41A6A4B69F9EADDF
The relevant ruby code is attached,
Any insight appreciated,
Cheers.
Attachments:
http://www.ruby-forum.com/attachment/1502/xor.rb
--
Posted via http://www.ruby-forum.com/.
Chris Hulan
FYI
XOR(XOR(x)) == x
so to decode just run the encoded string through the xor
Cheers
Ben Summers
>> raw[pos++] = (byte) (ecx >> 16 & 0xFF);
>>
>>
>>
>> --
>> Posted viahttp://www.ruby-forum.com/.
>
> FYI
> XOR(XOR(x)) == x
>
> so to decode just run the encoded string through the xor
>
> Cheers
Thanks, yeah I know that, but that requires knowing the original 'key'
does it not? The problem is the Ruby program only knows the result after
encoding which as far as I'm aware doesn't include the original key that
was used for encoding, only the modified key as it is after the pass.
But I just had a thought, it's possible the Java app only uses one set
key, I'll see if that's the case and then I could just hard-code it in.
Cheers
Ben Summers
> But I just had a thought, it's possible the Java app only uses one set
> key, I'll see if that's the case and then I could just hard-code it in.
Argh, the 'key' is different every time.
Ben Summers
>
>> But I just had a thought, it's possible the Java app only uses one set
>> key, I'll see if that's the case and then I could just hard-code it in.
>
> Argh, the 'key' is different every time.
OK, I just needed to change where it started, ie. the two lines:
ecx = bytes2int(buf[size-4,4])
pos=size-8
to:
ecx = bytes2int(buf[size-8,4])
pos=size-12
I can't believe, it works perfectly now.