Sign in
Search Comp.Arch.FPGA
fpga by Keywords
Altera | ASIC | CPLD | Cyclone | DCM | DDR | DSP | Ethernet | ISE | JTAG | Linux | LVDS | Microblaze | ML310 | Modelsim | NIOS | OPB | PCI | Quartus | RocketIO | SDRAM | Spartan | Spartan3 | SRAM | Stratix | Verilog | VHDL | Virtex | Virtex-4 | Virtex-II | Xilinx | XST
Ads
See Also
Comp.Arch.FPGA | Xilinx ISE12.1 IPCORE source code
There are 1 messages in this thread.
You are currently looking at messages 0 to 1.
Xilinx ISE12.1 IPCORE source code - doomsten - 2010-05-26 23:50:00
1.the format of encrypted file can_v3_2/can_tl_bsp.vhd as an example. a)the first 8 bytes XlxV62EB is version code,From ISE11.1 Xilinx use AES. b)the first 8bytes of line2 is the length of the ciphertext.=EF=BC=8Cit mea= ns that the next segment of ciphertext is after 3300H c)from 18h bytes is ciphertext which is made by the Zlib compress then AES encrypted. 00000000h: 58 6C 78 56 36 32 45 42 20 20 20 20 66 61 30 30 ; XlxV62EB fa00 00000010h: 20 20 20 20 33 33 30 30 79 69 0B DB A6 74 14 DA ; 3300yi.=E9=83=90t.? 00000020h: 46 FE 2C 93 15 2C 28 A1 22 55 3A AA 55 20 4A DB ; F??,(?U:=E7=8C= =86 J? 00000030h: 40 4D 51 E1 EA 28 AB AD 61 F5 57 7F 2B F4 CA 26 ; @MQ=E5=BD=A1(= =EE=81=AAa=E9=AE=93=7F + =E3=80=82=E3=80=82=E3=80=82=E3=80=82=E3=80=82=E3=80=82=E3=80=82=E3=80=82=E3= =80=82=E3=80=82 00003310h: B9 64 BE 7E 02 BB 0F 56 58 6C 78 56 36 32 45 42 ; =E7=AD=AA=E7= =B7=99.? VXlxV62EB 00003320h: 20 20 20 20 36 38 35 63 20 20 20 20 31 34 66 30 ; 685c 14f0 00003330h: AF 07 8F 0F 8D F2 0E E6 50 1F 2F 71 0B 5A 80 A9 ; ??=E5=B6=92.= =E9=8D=BC./ q.Z 2.how to decrypt a)With AES, each 16bytes block is encrypted under same AES key(256bit Key)=E3=80=82 if the ciphertext can't be divided evenly,don't process these left bytes=E3=80=82 b)XOR with the 16bytes initial data c)replace the initial XOR data with this 16bit ciphertext. d)go to a e=EF=BC=89combine to a file 3.download ZLIB fromhttp://www.zlib.net/ a=EF=BC=89call the unpress function ; b)the we got the source code : 4.how to find the key uasm the libisl_iostreams.dll with IDA pro we find .text:10004D50 private: void __thiscall isl::iostreams::filter::xp_decrypt<class isl::iostreams::filter::xp_aes_keys>::process_block_data(void) .text:10004D50 ; CODE XREF: sub_1000C9E0+3D=19p .text:10004D50 .text:10004D50 var_18 =3D dword ptr -18h .text:10004D50 var_14 =3D dword ptr -14h .text:10004D50 var_10 =3D dword ptr -10h .text:10004D50 var_C =3D dword ptr -0Ch .text:10004D50 var_4 =3D dword ptr -4 .text:10004D50 .text:10004D50 push 0FFFFFFFFh .text:10004D52 push offset loc_1001B6D8 .text:10004D57 mov eax, large fs:0 .text:10004D5D push eax .text:10004D5E sub esp, 0Ch .text:10004D61 push ebx .text:10004D62 push ebp .text:10004D63 push esi .text:10004D64 push edi .text:10004D65 mov eax, dword_10032908 .text:10004D6A xor eax, esp .text:10004D6C push eax .text:10004D6D lea eax, [esp+2Ch+var_C] .text:10004D71 mov large fs:0, eax .text:10004D77 mov edi, ecx .text:10004D79 lea ecx, [edi+9] .text:10004D7C call ? get_block_bytes@xp_header@detail@filter@iostreams@isl@@QBEIXZ ; isl::iostreams::filter::detail::xp_header::get_block_bytes(void) .text:10004D81 xor ebp, ebp .text:10004D83 mov esi, eax .text:10004D85 lea ebx, [edi+21h] .text:10004D88 mov [esp+2Ch+var_18], ebp .text:10004D8C mov [esp+2Ch+var_14], ebp .text:10004D90 mov [esp+2Ch+var_10], ebp .text:10004D94 lea eax, [esi+1] .text:10004D97 push eax .text:10004D98 lea ecx, [esp+30h+var_18] .text:10004D9C mov [esp+30h+var_4], ebp .text:10004DA0 call data_mv .text:10004DA5 mov ecx, [edi] .text:10004DA7 mov edx, [esp+2Ch+var_18] .text:10004DAB push ebp .text:10004DAC push ecx .text:10004DAD push edx .text:10004DAE push esi .text:10004DAF push ebx .text:10004DB0 call aes_process <=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3Dthis function .text:10004DB5 mov eax, [esp+40h+var_18] .text:10004DB9 movsx ecx, byte ptr [eax+esi-1] .text:10004DBE add esp, 14h .text:10004DC1 sub esi, ecx .text:10004DC3 push esi .text:10004DC4 add edi, 8 .text:10004DC7 push eax .text:10004DC8 mov ecx, edi .text:10004DCA call ? set_block@xp_header_reader@detail@filter@iostreams@isl@@QAEXPBDI@Z ; isl::iostreams::filter::detail::xp_header_reader::set_block(char const *,uint) .text:10004DCF mov ecx, edi .text:10004DD1 call ? append_output@xp_header_reader@detail@filter@iostreams@isl@@QAEXXZ ; isl::iostreams::filter::detail::xp_header_reader::append_output(void) .text:10004DD6 lea ecx, [esp+2Ch+var_18] .text:10004DDA mov [esp+2Ch+var_4], 0FFFFFFFFh .text:10004DE2 call sub_10004F40 .text:10004DE7 mov ecx, [esp+2Ch+var_C] .text:10004DEB mov large fs:0, ecx .text:10004DF2 pop ecx .text:10004DF3 pop edi .text:10004DF4 pop esi .text:10004DF5 pop ebp .text:10004DF6 pop ebx .text:10004DF7 add esp, 18h .text:10004DFA retn .text:10004DFA ? .text:10004BC0 aes_process proc near ; CODE XREF: isl::iostreams::filter::xp_decrypt<isl::iostreams::filter::xp_aes_keys>::pr= ocess_block_data(void) +60=19p .text:10004BC0 ; isl::iostreams::filter::xp_encrypt<isl::iostreams::filter::xp_aes_keys>::pr= ocess_block_data(void) +D2=19p .text:10004BC0 .text:10004BC0 var_158 =3D byte ptr -158h .text:10004BC0 var_64 =3D byte ptr -64h .text:10004BC0 var_60 =3D byte ptr -60h .text:10004BC0 var_44 =3D byte ptr -44h .text:10004BC0 var_40 =3D byte ptr -40h .text:10004BC0 var_4 =3D dword ptr -4 .text:10004BC0 arg_0 =3D dword ptr 4 .text:10004BC0 arg_4 =3D dword ptr 8 .text:10004BC0 arg_8 =3D dword ptr 0Ch .text:10004BC0 arg_C =3D dword ptr 10h .text:10004BC0 arg_10 =3D byte ptr 14h .text:10004BC0 .text:10004BC0 sub esp, 158h .text:10004BC6 mov eax, dword_10032908 .text:10004BCB xor eax, esp .text:10004BCD mov [esp+158h+var_4], eax .text:10004BD4 push ebx .text:10004BD5 mov ebx, [esp+15Ch+arg_8] .text:10004BDC push ebp .text:10004BDD mov ebp, [esp+160h+arg_0] .text:10004BE4 push esi .text:10004BE5 mov esi, [esp+164h+arg_4] .text:10004BEC push edi .text:10004BED mov edi, [esp+168h+arg_C] .text:10004BF4 mov eax, [edi] .text:10004BF6 mov edx, [eax] .text:10004BF8 lea ecx, [esp+168h+var_44] .text:10004BFF push ecx .text:10004C00 mov ecx, edi .text:10004C02 call edx .text:10004C04 cmp [esp+168h+arg_10], 0 .text:10004C0C mov ecx, edi .text:10004C0E jz short loc_10004C2C .text:10004C10 mov edx, [edi] .text:10004C12 lea eax, [esp+168h+var_158] .text:10004C16 push eax .text:10004C17 mov eax, [edx+8] .text:10004C1A call eax .text:10004C1C push eax .text:10004C1D lea ecx, [esp+16Ch+var_40] .text:10004C24 push ecx .text:10004C25 call enckeyexp .text:10004C2A jmp short loc_10004C46 .text:10004C2C ; --------------------------------------------------------------------------- .text:10004C2C .text:10004C2C loc_10004C2C: ; CODE XREF: aes_process+4E=18j .text:10004C2C mov eax, [edi] .text:10004C2E lea edx, [esp+168h+var_158] .text:10004C32 push edx .text:10004C33 mov edx, [eax+8] .text:10004C36 call edx .text:10004C38 push eax .text:10004C39 lea eax, [esp+16Ch+var_40] .text:10004C40 push eax .text:10004C41 call deckeyexp <=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3DHere we will find the key .text:10004C46 .text:10004C46 loc_10004C46: ; CODE XREF: aes_process+6A=18j .text:10004C46 mov edx, [edi] .text:10004C48 mov edx, [edx+4] .text:10004C4B add esp, 0Ch .text:10004C4E lea eax, [esp+164h+var_60] .text:10004C55 push eax .text:10004C56 mov ecx, edi .text:10004C58 call edx .text:10004C5A mov eax, esi .text:10004C5C and eax, 0Fh .text:10004C5F sub esi, eax .text:10004C61 push eax ; Size .text:10004C62 lea eax, [esi+ebp] .text:10004C65 push eax ; Src .text:10004C66 lea ecx, [ebx+esi] .text:10004C69 push ecx ; Dst .text:10004C6A call memcpy .text:10004C6F add esp, 0Ch .text:10004C72 cmp [esp+168h+arg_10], 0 .text:10004C7A jz short loc_10004C8D .text:10004C7C push 1 .text:10004C7E lea edx, [esp+16Ch+var_64] .text:10004C85 push edx .text:10004C86 lea eax, [esp+170h+var_158] .text:10004C8A push eax .text:10004C8B jmp short loc_10004C9C .text:10004C8D ; --------------------------------------------------------------------------- .text:10004C8D .text:10004C8D loc_10004C8D: ; CODE XREF: aes_process+BA=18j .text:10004C8D push 0 .text:10004C8F lea ecx, [esp+16Ch+var_64] .text:10004C96 push ecx .text:10004C97 lea edx, [esp+170h+var_158] .text:10004C9B push edx .text:10004C9C .text:10004C9C loc_10004C9C: ; CODE XREF: aes_process+CB=18j .text:10004C9C push esi .text:10004C9D push ebx .text:10004C9E push ebp .text:10004C9F call aes_blk <=3D=3D=3D=3D=3D=3D=3D= =3D=3Din this function XOR seeds .text:10004CA4 mov ecx, [esp+180h+var_4] .text:10004CAB add esp, 18h .text:10004CAE pop edi .text:10004CAF pop esi .text:10004CB0 pop ebp .text:10004CB1 pop ebx .text:10004CB2 xor ecx, esp .text:10004CB4 call sub_1001A14C .text:10004CB9 add esp, 158h .text:10004CBF retn .text:10004CBF aes_process endp
