ASM TUT III (encryption included sort of).

[Cheeseball]

80x86 assembly tutorial III

This tutorial will cover string manipulation, the LEA opcode, and some simple encryption. The source for this tutorial can be found at http://www25.brinkster.com/cheeseball in the programming section. If you need MASM please see tutorial 2, also at that site. This tutorial will be slightly longer than the other 2, and will possibly jump to a higher level than most beginning programmers are ready for, YOU HAVE BEEN WARNED.

First of all let’s look at what the LEA instruction does. LEA stands for Load Effective Address, and the opcode does EXACTLY what it says, it puts the effective address of a data structure. So if we look at an example.

Code:

.model small
.stack
.data
message		db	"Hello$"	;Our message

.code
start:				;the start of our code
mov	ax, SEG message		;puts the segment address of message into AX
mov	dx, OFFSET message	;put the segment address of message into DX
mov ds, ax			;puts address of message into DS (we can't do this with lea)
mov ah, 09h
int 21h				;call function 9h of interrupt 21h

mov ax, 4c00h			;we could just do mov ah, 4ch
int 21h				;call int 21 again, this time returning to dos

end start

Now to see if this compiles, save it as a .asm file and type masm filename.asm, then do link filename. This should compile and give you “Hello” when you run it. Simple enough, our other tutorial covered this much. However, our other tutorials did not cover exactly what was going on here. Function 09h of Interrupt 21h puts text (ended with a $) onto the screen from the memory location DSX. Since we are addressing like this we can go put to FFFF:FFFF memory addresses such that the segment is up to FFFF and the offset is up to FFFF.

Let’s say we wanted to use this to change something in our message, how would we do that you ask? Like this, more examples time.

Code:

.model small
.stack
.data
message		db	"Hello How is everyone?$"	;Our message

.code
main	proc

mov ax, @data			;put the data segment into AX
mov ds, ax

lea di, message			;put address of message into SI

mov dh, "E"			;put E into BH
mov [di], dh			;we changed the e to an E

mov	ax, SEG message		;puts the segment address of message into AX
mov	dx, OFFSET message	;put the segment address of message into DX
mov ds, ax			;puts address of message into DS (we can't do this with lea)
mov ah, 09h
int 21h				;call function 9h of interrupt 21h

mov ax, 4c00h			;we could just do mov ah, 4ch
int 21h				;call int 21 again, this time returning to dos

main endp
end main

(Yes we could have added to our DI value and changed ANY part of the text.)

Now, this is useful, we can not address our strings and change things in them. We can also use this to read the value of any part of a string, if we setup a loop to read until it gets to a $ we could technically do a strlen (just like in C, sort of). Now to see what LEA actually does you can pull up debug and trace through the program until you get to the LEA instruction, which will appear like this “lea di, [0000]” which basically puts the address of whatever is stored at [0000] into DI. I currently have a reversal program on my web page the demonstrates the usage of this (it is about 4 pages of source so I figured I wouldn’t throw it in the tutorial).

************************

Next we are going to start some simple encryption (might as well cover something useful considering most programmers take pride in being able to print hello world to the screen). The simplest methods of encryption are called monoalphabetic, meaning they only have one substitution for each symbol. Basically this was like when you were in the 3rd grade and your teachers read your notes. Remember swapping “keys” with your buddies, telling them how to write such that a=z b=y c=x…… and so on. This was an EXTREMELY insecure way of writing (if the teacher was smart and wanted to spend a little time on it they could break it VERY easily). If you have interest in breaking this sort of encryption (web site ad again) there is a frequency recurrence average chart on my page (again too big to put into tutorial).

The world evolved from a world of stupid people to the more enlightened beings, and monoalphabetic systems died out, next came polyalphabetic systems (I hope I am spelling these things right). These systems had basically “Leveled” the recurrence of common letters such that there was more than one possible choice for each character. Basically this almost killed off frequency recurrence cryptoanalysis. There was eventually a weakness found in this system (which is beyond our scope).

Next came the world of computers (I skipped a few parts in the history). May 15th, 1973 the Federal Register released a request for a standard cryptographic algorithm. IBM came to this challenge, and on Nov. 23rd 1976 DES was adopted as a standard. DES is slightly out of our scope (I just thought I would mention it to be cool and say DES).

The encryption we ARE going to cover is called XOR encryption. The security of XOR encryption is extremely high as long as you use a key the same length as your plain text, and never reuse the same key. Using XOR encryption in this way is called a one-time pad. The SIMPLE example I will try to write tomorrow to show how to implement this type of encryption using assembly will “technically” use a one-time pad. In order to understand how XOR encryption works we must first look at a truth table for the XOR function (yes it is a logic operator).

Code:

p  |   q    |    PxorQ
1     1             0
0     1             1
1     0             1
0     0             0

As you can see using and xor you basically add P and Q, if the value will be 2 then it is 0. This is simple enough, now let’s use this in a practical way:

Code:

text:  0101
key:  1011
ct  :   1110
ct=cipher text
since the cipher text is 1110 let’s try to reverse the operation

ct:  1110
key:1011
      0101

As you can see, if you “encrypt” (XOR) something with a key you can use the same key to get back to your original value.

Also something to note is XORing something by itself will result in 0, always (makes a nice way to clear registers).

Now how do we use this XOR function may I ask? Well in assembly we would use something like this.

Code:

XOR AX, AX

This will clear the AX register, simply by doing the XOR operation on itself.

I will hopefully have an example of how to fully implement XOR encryption on my page by sometime late tomorrow night.

http://www25.brinkster.com/cheeseball

[pwaring]

Good tutorial, like the website also (lots of relevant information)!

[Cheeseball]

Ok....I have updated my page with the example I promised in the tutorial...The Example is at the bottom of the Programming Section:

http://www25.brinkster.com/cheeseball

[proactive]

I finally got to check out your tutorial. Nice work. Keep it up!