Hi,
I’m trying to create an inverse to the following Java function in Ruby.
public static void encXORPass(byte[] raw, final int offset, final int
size, int key)
{
int stop = size-8;
int pos = 4 + offset;
int edx;
int ecx = key; // Initial xor key
while (pos < stop)
{
// get 4 bytes from raw into an int
edx = (raw[pos] & 0xFF);
edx |= (raw[pos+1] & 0xFF) << 8;
edx |= (raw[pos+2] & 0xFF) << 16;
edx |= (raw[pos+3] & 0xFF) << 24;
// do things
ecx += edx;
edx ^= ecx;
// put the xor’d int back into raw
raw[pos++] = (byte) (edx & 0xFF);
raw[pos++] = (byte) (edx >> 8 & 0xFF);
raw[pos++] = (byte) (edx >> 16 & 0xFF);
raw[pos++] = (byte) (edx >> 24 & 0xFF);
}
// store the final key in the last 4 bytes of raw
raw[pos++] = (byte) (ecx & 0xFF);
raw[pos++] = (byte) (ecx >> 8 & 0xFF);
raw[pos++] = (byte) (ecx >> 16 & 0xFF);
raw[pos++] = (byte) (ecx >> 24 & 0xFF);
}
I’m basically walking through the same loop backwards, but for some
reason my code doesn’t currently completely decode the data. By
“completely” I mean a few bytes into the loop it actually converges to
the correct values, but not at the beginning. I’ve been trying to figure
out why for weeks and I’m not making any progress so thought I’d post it
here.
Here is an example of a correct decoded sequence, followed by my
incorrect decoded sequence (yes they are different if you go far enough
to the right):
00854130CE21C60000BD7F26062B09315C26E24D80378DD9FB568AF57C765D9A2C90A6B0124EA36014881A48A185B44FC9A6D922D03E1F91FB0468819721E639E21AC617D44D3A7E952C2211EDB36ABCFC81B51E8AC205DCC750D7EA0C18F49CE8A119A8DA67591C97B5B7D6C9EF61F7F25E6EBDC10EA0BAA1F388D3210198B1A66B1E09437E3AA2204E95DD29FC9CC37720B6AD97F7E0BD0731C3725F3B6566FEC6F2CD5473468F2700E8436B286DACD9FE6C8B9F9EADDF
00854130CE21C60000BD7F26062B09315C26E24D80378DD9FB568AF57C765D9A2C90A6B0124EA36014881A48A185B44FC9A6D922D03E1F91FB0468819721E639E21AC617D44D3A7E952C2211EDB36ABCFC81B51E8AC205DCC750D7EA0C18F49CE8A119A8DA67591C97B5B7D6C9EF61F7F25E6EBDC10EA0BAA1F3883321019841A66B1EF1437E3ADE204E95C329FC1CCC772056AA97F71CBE07313C735FBB9A66FE06EDCD5493418F271FE8C3EBE86CEC41A6A4B69F9EADDF
The relevant ruby code is attached,
Any insight appreciated,
Cheers.