external/source/shellcode/windows/x86/src/test_rc4.asm
;-----------------------------------------------------------------------------;
; Author: Michael Schierl (schierlm[at]gmx[dot]de)
; Version: 1.0 (29 December 2012)
;-----------------------------------------------------------------------------;
;
; c1 = OpenSSL::Cipher::Cipher.new('RC4')
; c1.encrypt
; c1.key="Hello, my world!"
; c1.update("This is some magic data you may want to have encoded and decoded again").unpack("H*")
;
; => "882353c5de0f5e6b10bf0d25c432c5d16424dc797e895f37f261c893b31d577e7e69f77e07aa576d58c7f757164e7d74988feb10f972b28dcfa1e3a2b1cc0b0fa1a8b116294b"
;
; c1 = OpenSSL::Cipher::Cipher.new('RC4')
; c1.decrypt
; c1.key="Hello, my world!"
; c1.update(["882353c5de0f5e6b10bf0d25c432c5d16424dc797e895f37f261c893b31d577e7e69f77e07aa576d58c7f757164e7d74988feb10f972b28dcfa1e3a2b1cc0b0fa1a8b116294b"].pack("H*"))
;
; => "This is some magic data you may want to have encoded and decoded again"
;
[BITS 32]
[ORG 0]
cld ; Clear the direction flag.
call pushkey ; push the address of the key onto the stack
db "Hello, my world!"
pushkey:
pop esi ; and store it into ESI
call pushdata ; push the address of the encrypted data on the stack
db 0x88, 0x23, 0x53, 0xc5, 0xde, 0x0f, 0x5e, 0x6b, 0x10, 0xbf, 0x0d, 0x25, 0xc4, 0x32, 0xc5, 0xd1, 0x64, 0x24, 0xdc, 0x79, 0x7e, 0x89, 0x5f, 0x37, 0xf2, 0x61, 0xc8, 0x93, 0xb3, 0x1d, 0x57, 0x7e, 0x7e, 0x69, 0xf7, 0x7e, 0x07, 0xaa, 0x57, 0x6d, 0x58, 0xc7, 0xf7, 0x57, 0x16, 0x4e, 0x7d, 0x74, 0x98, 0x8f, 0xeb, 0x10, 0xf9, 0x72, 0xb2, 0x8d, 0xcf, 0xa1, 0xe3, 0xa2, 0xb1, 0xcc, 0x0b, 0x0f, 0xa1, 0xa8, 0xb1, 0x16, 0x29, 0x4b
pushdata:
pop ebp ; and store it into EBP
mov ecx, 70 ; store data length into ECX
sub esp, 0x100 ; make space on stack for S-Box
mov edi, esp ; and store address into EDI
nop
nop
nop
int 3 ; for stepping through the code
; let's run the RC4 decoder
%include "./src/block/block_rc4.asm"
int 3 ; EBP should point to decoded data now