if statement problem

[chrrox]

what am I doing wrong here the number does not change.

Code: Select all

set USIZE 0xE4F63F
xmath XOR_SEED "(USIZE * 0x69) / 0xB" 
print "%XOR_SEED%"
If XOR_SEED < 0xFFFF 
   print "1"
   string XOR_SEED p "%04x" XOR_SEED
Elif XOR_SEED < 0xFFFFFF
   print "2"
   string XOR_SEED p "%06x" XOR_SEED
Elif XOR_SEED < 0xFFFFFFFF
   print "3"
   string XOR_SEED p "%08x" XOR_SEED
Elif XOR_SEED < 0xFFFFFFFFFF
   print "4"
   string XOR_SEED p "%10x" XOR_SEED
endif
print "%XOR_SEED%"

if I just do

Code: Select all

string XOR_SEED p "%08x" XOR_SEED

it works

[aluigi]

You have to use the |x var option in print:

Code: Select all

print "%XOR_SEED%"
print "%XOR_SEED|x%"
string XOR_SEED p "%08x" XOR_SEED
print "%XOR_SEED%"

[chrrox]

it never hits the if elif statement i never see printing 1 2 or 3.

I guess do I even need this or if I xor something with a number will it put the leading 0 in it.

so if I xor 0x55
with 1
does it xor it with 01

or if I have
0x1234
and xor it with
0x123
would it put the leading 0 so it xores it with
0x0123

[aluigi]

Ah sorry, I replied too quickly.

Everything is correct, the reason is that quickbms uses 32bit signed fields by default and so 0x08898b9f is not smaller than -1 (0xffffffff).
You will get the result 3 if you use the unsigned operator like u< 0xffffffff or if you use quickbms_4gb_files in which all the fields are 64bit signed.

[chrrox]

ah ok that worked now how would i take that result
08898b9f
and xor a string like this with it and keep that leading 0 as hex
set KEY binary "\x01\x02\x03\x04\x05\x06\x07\x08"

[aluigi]

Do you mean you have to xor the input string with the bytes 0x9f 0x8b 0x89 0x08?

[chrrox]

xor the KEY with 0x08 0x89 0x8B 0x9f


I want to do this
filexor "\x08\x89\x8B\x9f"
but "\x08\x89\x8B\x9f" is a calculated number and not constant.

i managed to do it with this is there a better way?

Code: Select all

set MEMORY_FILE12 binary ""
endian big
If XOR_SEED u< 0xFFFF 
   print "1"
   put XOR_SEED short MEMORY_FILE12
Elif XOR_SEED u< 0xFFFFFF
   print "2"
   put XOR_SEED threebyte MEMORY_FILE12
Elif XOR_SEED u< 0xFFFFFFFF
   print "3"
   put XOR_SEED long MEMORY_FILE12
else
   print "error"
   cleanexit
endif
endian little
goto 0 MEMORY_FILE12
get TS asize MEMORY_FILE12
getdstring TMP TS MEMORY_FILE12
print "%XOR_SEED|x%"
filexor TMP
getdstring KEY 0x180 MEMORY_FILE11
filexor ""

[aluigi]

Since your key is short and has a fixed lenght you can opt for something simple like:

Code: Select all

for i = 0 < 12
    getvarchr TMP1 KEY      i long
    getvarchr TMP2 XOR_SEED i long
    math TMP1 ^ TMP2
    putvarchr KEY i TMP long
next i + 4

[chrrox]

Is there a way to convert a number like
0x12345 to a c string directly so it
Becomes \x01\x23\x45

[aluigi]

in theory filexor automatically uses it as a 32bit number because it's bigger than 0xff.
In short "filexor XOR_SEED" will use all the 4 bytes.
But if the resulting XOR_SEED is <= 0xff it will work as one byte.

Code: Select all

math XOR_SEED = 0x11223344
set MEMORY_FILE binary "\0\0\0\0\0\0\0\0"
filexor XOR_SEED
get DUMMY1 long MEMORY_FILE
get DUMMY2 long MEMORY_FILE
print "%DUMMY1|x% %DUMMY2|x%"