Created
March 19, 2020 09:47
-
-
Save Midi12/45411cd351b0044923bf7c5712610868 to your computer and use it in GitHub Desktop.
sse pxor string encryption decrypt poc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
.text:0000000140007D8C 48 BE 2B 13 85 14 AE A7 C2 BB mov rsi, 0BBC2A7AE1485132Bh <- xmm2_op part 2 | |
.text:0000000140007D96 48 89 74 24 50 mov qword ptr [rsp+170h+var_120], rsi | |
.text:0000000140007D9B 48 BF F0 F8 D3 3D 23 E3 F1 96 mov rdi, 96F1E3233DD3F8F0h <- xmm2_op part 1 | |
.text:0000000140007DA5 48 89 7C 24 58 mov qword ptr [rsp+170h+var_120+8], rdi | |
.text:0000000140007DAA 48 B8 5E 60 E0 66 9D 95 EC DF mov rax, 0DFEC959D66E0605Eh <- xmm1_op part 2 | |
.text:0000000140007DB4 48 89 44 24 40 mov qword ptr [rsp+170h+var_130], rax | |
.text:0000000140007DB9 48 BB 9C 94 D3 3D 23 E3 F1 96 mov rbx, 96F1E3233DD3949Ch <- xmm1_op part 1 | |
.text:0000000140007DC3 48 89 5C 24 48 mov qword ptr [rsp+170h+var_130+8], rbx | |
.text:0000000140007DC8 66 0F 6F 44 24 40 movdqa xmm0, [rsp+170h+var_130] <- destination | |
.text:0000000140007DCE 66 0F EF 44 24 50 pxor xmm0, [rsp+170h+var_120] <- source | |
.text:0000000140007DD4 66 0F 7F 44 24 40 movdqa [rsp+170h+var_130], xmm0 | |
pxor operation : Destination = Destination ^ Source; | |
''' | |
def unxor_pxor(xmm1_op, xmm2_op): | |
xmm1_bytes = xmm1_op.to_bytes(32, 'little') | |
xmm2_bytes = xmm2_op.to_bytes(32, 'little') | |
unxored_str = '' | |
for i in range(0, 32): | |
unxored_str += chr(xmm1_bytes[i] ^ xmm2_bytes[i]) | |
return unxored_str | |
print(unxor_pxor(0x96F1E3233DD3F8F0BBC2A7AE1485132B, 0x96F1E3233DD3949CDFEC959D66E0605E)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment