Reverse Engineering Team
Unregistered, You must accept the Forum Rules below to be able to use some forum functions.

Read forum rules below...

1. All posts must be written in English.
2. Don't spam/abuse any other member via E-mail or Private Messages.
3. Have phun!

For breaking above rules you may be warned/banned appropriately!

Some info about rockey for who needs to parse usbtrace logs

View previous topic View next topic Go down

Some info about rockey for who needs to parse usbtrace logs

Post by mardasmr on Thu Aug 10, 2017 10:34 am

Decryption routines of R4 series. Reading its SDK is a must for the rest. 
Should I write a complete tutorial? A whole parser?

char command[25];
char response[25];


/*command and response arrays are from usb trace logs. You can find them after ** data ** lines. They must be 24 bytes long

char KEY=command[2];
processCommand(command[]);
processResponse(response[])



void processCommand(command[])
{
g(&command[0x9], &command[0x11]); // for r4 smart only
g(&command[0x2], &command[0x11]); // for r4 smart only

for (int i = 2; i < 25; i++) { command[i] ^= KEY; } 

for (int i = 0; i < 25; i++) { printf("%02X ", command[i]); }

}

void processResponse(response[])
{
f(&response[0x9], &response[0x11]); // for r4 smart only
f(&response[0x2], &response[0x11]); // for r4 smart only
for (int i = 2; i < 25; i++) { command[i] ^= KEY; }

for (int i = 0; i < 25; i++) { printf("%02X ", command[i]); }
}




int f(BYTE *P, BYTE *Q) // decryption from dongle/encryption in pc
{
__asm
{
pushad
mov     edx, P
mov     edi, Q
mov     ebp, edi
xor     ecx, ecx
sub     ebp, edx

loop_i :
xor     eax, eax

loop_j :
mov     bl, cl
or bl, al
add     bl, [eax + edi]
inc     eax
add[edx], bl
cmp     eax, 8
jl      short loop_j

xor     esi, esi

loop_k :
mov     al, [esi + edi]
dec     al
imul    cl
xor[edx], al
inc     esi
cmp     esi, 8
jl      short loop_k
mov     al, [edx + ebp]
shl     al, cl
inc     ecx
inc     edx
xor[edx - 1], al
cmp     ecx, 8
jl      short loop_i
popad
}
// Return with result in EAX  
}


int g(BYTE *P, BYTE *Q) // decryption from pc, encryption in dongle
{
__asm
{
pushad
mov     edx, P
mov     edi, Q
mov     ebp, edi
xor     ecx, ecx
sub     ebp, edx

loop_i :

mov     al, [edx + ebp]
shl     al, cl
xor[edx], al

xor     esi, esi

loop_k :
mov     al, [esi + edi]
dec     al
imul    cl
xor[edx], al
inc     esi
cmp     esi, 8

jl      short loop_k



xor     eax, eax

loop_j :
mov     bl, cl
or bl, al
add     bl, [eax + edi]
inc     eax
sub[edx], bl
cmp     eax, 8
jl      short loop_j

inc     ecx
inc     edx

cmp     ecx, 8
jl      short loop_i
popad


}
// Return with result in EAX  
}

mardasmr

Posts : 21
Points : 41
Reputation : 2
Join date : 2017-02-23

Back to top Go down

Re: Some info about rockey for who needs to parse usbtrace logs

Post by ovis25 on Thu Aug 10, 2017 11:32 am

please do, but be careful who you share your work, you might find it for sale, not from you.

ovis25

Posts : 462
Points : 769
Reputation : 115
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Some info about rockey for who needs to parse usbtrace logs

Post by mardasmr on Thu Aug 10, 2017 12:28 pm

ovis25 wrote:please do, but be careful who you share your work, you might find it for sale, not from you.
Thanks for warning, I ll do nothing about it. Keep it myself. Thanks

mardasmr

Posts : 21
Points : 41
Reputation : 2
Join date : 2017-02-23

Back to top Go down

Re: Some info about rockey for who needs to parse usbtrace logs

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum