1

I'm reversing a CTF binary and I found a decryption loop decompiled by IDA like this:

for ( i = 0; i < n; ++i )
  {
    v22 = *((_BYTE *)sub_5657D89B + i);
    v0 = v22 ^ 0x90;
    v1 = strlen(&s);
    *((_BYTE *)src + i) = *(&s + i % v1) ^ v0;
  }

The variable &s is pointing to the stack with these other bytes:

  s = 0xF9u;
  v4 = 0xFCu;
  v5 = 0xFFu;
  v6 = 0xE6u;
  v7 = 0xF5u;
  v8 = 0xE0u;
  v9 = 0xF1u;
  v10 = 0xF3u;
  v11 = 0xFBu;
  v12 = 0xF9u;
  v13 = 0xFEu;
  v14 = 0xF7u;
  v15 = 0xFDu;
  v16 = 0xE9u;
  v17 = 0xF3u;
  v18 = 0xFFu;
  v19 = 0xF4u;
  v20 = 0xF5u;
  v21 = 0;

I really don't get the purpose of the division with v1 here: *(&s + i % v1). The variable n is equal to 0x140.

Improve this question

1 Answer 1

Reset to default
4

Basically, it just to wrap the index at the length of the string.

In C it looks like something like this:

src[i] = s[i % strlen(s)] ^ v0;

For instance, if the s is "ABCD", strlen(s) is 4. When i is equal to:

  • 4, 4 % 4 == 0
  • 5, 5 % 4 == 1
  • and so on.
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.