|
|
#1
08-05-2014, 09:20
|
|||
|
|||
Is this RSA algorithm?
****************
File for static debug: **************** https://app.box.com/s/npyh7dgjsvr3cdwm9b0a Some clue indicate SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac call may use RSA algorithm, but can't find the public key after long time debug, anyone can give help? SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca => call SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac => call rsa_eay.c ********************** IDA F5 => Pseudo code ********************** if ( SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca(v14, v17, v18, v13, 1) == -1 ) { v15 = 0; dword_282C990 = SNPSle_0b7605938c156c1e7171bec194fc1df0(); snpsFreeFunc(v18); snpsFreeFunc(v17); } else { v15 = SNPSle_e70385d734271e1f(); SNPSle_a319640d45ef7860(v15, v18); snpsFreeFunc(v18); snpsFreeFunc(v17); } return v15; ************************************************* Function SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca ************************************************* .text:0129A65C mov edx, [esp+24h] .text:0129A660 mov dword ptr [esp+10h], 1 .text:0129A668 mov [esp+0Ch], esi .text:0129A66C mov [esp+8], edx .text:0129A670 mov edx, [esp+20h] .text:0129A674 mov [esp], eax .text:0129A677 mov [esp+4], edx .text:0129A67B call SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca .text:012FF9C0 SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca proc near .text:012FF9C0 ; CODE XREF: SNPSle_8c043950c9569b2b28b737acdf3db27f+16Bp .text:012FF9C0 ; SNPSle_5b20c9bca9f2e8472400b8222d99bf873af76a24be776844+6Fp ... .text:012FF9C0 .text:012FF9C0 var_1C = dword ptr -1Ch .text:012FF9C0 var_18 = dword ptr -18h .text:012FF9C0 var_14 = dword ptr -14h .text:012FF9C0 var_10 = dword ptr -10h .text:012FF9C0 var_C = dword ptr -0Ch .text:012FF9C0 arg_0 = dword ptr 4 .text:012FF9C0 arg_4 = dword ptr 8 .text:012FF9C0 arg_8 = dword ptr 0Ch .text:012FF9C0 arg_C = dword ptr 10h .text:012FF9C0 arg_10 = dword ptr 14h .text:012FF9C0 .text:012FF9C0 sub esp, 1Ch .text:012FF9C3 mov edx, [esp+1Ch+arg_C] .text:012FF9C7 mov eax, [esp+1Ch+arg_10] .text:012FF9CB mov ecx, [edx+8] .text:012FF9CE mov [esp+1Ch+var_C], eax .text:012FF9D2 mov eax, [esp+1Ch+arg_8] .text:012FF9D6 mov [esp+1Ch+var_10], edx .text:012FF9DA mov [esp+1Ch+var_14], eax .text:012FF9DE mov eax, [esp+1Ch+arg_4] .text:012FF9E2 mov [esp+1Ch+var_18], eax .text:012FF9E6 mov eax, [esp+1Ch+arg_0] .text:012FF9EA mov [esp+1Ch+var_1C], eax .text:012FF9ED call dword ptr [ecx+8] => call 013BA9F0 SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac .text:012FF9F0 add esp, 1Ch .text:012FF9F3 retn .text:012FF9F3 SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca endp ***************************************************************** Function SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac ***************************************************************** .text:013BA9F0 SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac proc near .text:013BA9F0 ; DATA XREF: .data:02796748o ...... .text:013BAA9F lea eax, (aRsa_eay_c - 26FB44Ch)[ebx] ; "rsa_eay.c" ...... .text:013BAE7D SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac endp 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Find the Algorithm | mcr4ck | General Discussion | 3 | 05-26-2020 18:19 |
| Find the Algorithm | mcr4ck | General Discussion | 18 | 02-06-2020 15:43 |
Threaded Mode