问题
This is my first attempt at reverse engineering, and really, I don't know how to go about it. I have a procedural kind of mind and no foundation of knowledge on popular encryption methods.
But, it seems to me, if I have the very minimum data in the correct format, and know that there is an occurrence in the data of a certain word, or words, and where that word begins and ends in the data - that I could somehow discover the method of decrypting the entire file.
----- ENCRYPTED -------------------------------------------
HEX 44 5E 12 47 55 5E 53 17 4C 5C 49 4F 4F
ACII D ^ ? G U ^ S ? L \ I O O
DEC 68 94 63 71 85 94 83 63 76 92 73 79 79
BIN 01000100 01011110 00111111 01000111 01010101 01011110 01010011 00111111 01001100 01011100 01001001 01001111 01001111
----- DECRYPTED -------------------------------------------
HEX 74 6F 20 74 61 6B 65 20 74 65 73 74 73
ASCII t o t a k e t e s t s
DEC 116 111 32 116 97 107 101 32 116 101 115 116 115
BIN 01110100 01101111 00100000 01110100 01100001 01101011 01100101 00100000 01110100 01100101 01110011 01110100 01110011
This is just a sample of data. I know where the title information starts and ends because I examined two files with different titles - so I know these translate to the correct words - but where do I go from here to identifying the encryption process?
*I know people will ask why: This is from a VCE (exam) file format and I want to translate this into XML or JSON. This would make it easy for me to write a program that compares questions and answers from multiple exam files, append, remove duplicates, and create new ones. *
回答1:
Try XORing the two strings together. What you get is
HEX 30 31 32 33 34 35 36 37 38 39 3A 3B 3C
ASCII 0 1 2 3 4 5 6 7 8 9 : ; <
See a pattern yet?
回答2:
The Question Field XOR value starts with 19 and then it's every second character.
ENCRYPTED:
6D 1A 74 1C 3D 1E 6B 20 40 22 48 24 40 26 07 28 5D 2A 4E 2C 5E 2E 5B 30 42 32
XOR:
19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32
DECRYPTED:
t?o? ?t?a?k?e? ?t?e?s?t?s?
回答3:
Always try XOR'ing (Bit-wise operation) first when you have a hex file and you think it is encrypted..
There are many reasons for it.
- Once you apply the encryption by XOR you can de-crypt it by applying the XOR again
- Thus it is very simple way to encrypt something.
You can go through the following wiki page for more detail:
XOR_wiki
Also if you have access to the Art of Programming (and also time to refer to that :D) go through the bit-wise operations section.
It is very well explained. Worth reading mate :)
来源:https://stackoverflow.com/questions/9132402/reverse-engineer-a-file-format