proseidon proseidon - 1 month ago 11
C Question

I've never seen encryption before. What does this C encryption snippet do?

I was given some code a few weeks ago as part of an application to an encryption job I was interested in. They sent me a code and basically wanted to see if I understood it and could improve it.

I tried my best but all the code was brand new to me and I couldn't figure out what it did. I eventually gave it up as a lost cause as I had other things to do. However, I'm still very interested in learning about it, just for knowledge sake. Can anyone help me learn more about this type of programming or what specifically this does?

I'll try to cut it down and give my impressions.

This is the part that does the actual encryption; from what I could figure out, using an XOR encryption. Is this correct? I also believe input_2 and input_1 are erroneously switched.

typedef int int32;
typedef char int8;

void change_it(int8 *output, int8 *input_1, const int8 *input_2, int32 length)
{
int32 i = 0;

for(i=0; i<length; i++)
{
output[i] = (int8)(input_1[i] ^ input_2[i]);
}
return;
}


Here they overloaded an
itoa
to make the string into either decimal or a hex digit, although for what purpose I'm unsure.

void itoa( int32 num, int8 *alpha, int32 radix )
{
if( radix == 10 )
{
sprintf(alpha, "%i", num);
}
else if( radix == 16 )
{
sprintf(alpha, "%X", num);
}
}


This is the main running function that main calls. It does some weird bitwise stuff and then calls change_it 4 times. This was the part that mostly stumped me.

int8 *modify_it(int32 modifier, const int8 *input_1, int32 length)
{
int8 leading[3];
int32 i_leading;
int8 * temp_string = NULL;
int8 * ret;
int32 i = 0;

itoa(modifier/2, leading, 10);
i_leading = atoi(leading);

temp_string = (int8 *) malloc(8);
ret = (int8 *) malloc(length);
memset(temp_string, 0, 8);
temp_string[0] = 0;

if( (modifier+1)%2 == 0 ) {
temp_string[0] = (int8)((i_leading<<4) + 8);
}
else {
temp_string[0] = (int8)(i_leading<<4);
}

for(i=0; i<(length>>3); i++)
{
change_it(ret+i*8, temp_string, input_1+i*8, 8);
}
free(temp_string);

return ret;
}


Last, but never least, the main function to start it off.

int main(int argc, char **argv) {

int8 data[32];
memset(data, 0x0A, sizeof(data));

int8 *resp = modify_it(0xFF, data, sizeof(data));

free(resp);
system("PAUSE");
return 0;
}

Answer

What this does, basically, is - for back of a better term - obfuscate the input.

This is a very amateurish attempt by someone that will fail pretty badly at both securing and storing data.

There are many errors like clearing an array (which could've been done during the allocation with calloc) and then 'making sure' it is cleared again by clearing part of it 'manually'. There are so many, many things wrong with this it makes me want to both puke and laugh.

If this is not homework, throw it away. Do not try to learn from it. There is nothing that is correct or good about this code.

Comments