Need help understanding line of decompiled code from ghidra


I'm reversing a simple binary in Ghidra and have run across the following decompiled C-code:

original_key._0_4_ = original_key._0_4_ & 0xffff0000 | (uint)CONCAT11(original_key[0],(char)(original_key._0_4_ >> 8));

and here is the associated disassembly:

                     LAB_00101558                                    XREF[1]:  
00101558 0f b6 45 f1     MOVZX      __buf,byte ptr [RBP + original_key[0]]
0010155c 88 45 e4        MOV        byte ptr [RBP + local_24],__buf
0010155f 0f b6 45 f2     MOVZX      __buf,byte ptr [RBP + original_key[1]]
00101563 88 45 e5        MOV        byte ptr [RBP + local_23],__buf
00101566 0f b6 45 e5     MOVZX      __buf,byte ptr [RBP + local_23]
0010156a 88 45 f1        MOV        byte ptr [RBP + original_key[0]],__buf
0010156d 0f b6 45 e4     MOVZX      __buf,byte ptr [RBP + local_24]
00101571 88 45 f2        MOV        byte ptr [RBP + original_key[1]],__buf
00101574 c7 45 e8        MOV        dword ptr [RBP + key_index],0x0
         00 00 00 00
0010157b eb 42           JMP        LAB_001015bf

I can't figure out what this line of code is doing:

What I know:

original_key is a char[6] i.e. it is defined as char original_key [6]; The value of original_key can be anything at the start of this line, but after execution original_key must contain the string 'uvxcuh'

What I think I know:

original_key.0_4 means the 4 bytes starting at offset 0 of the original_key array (i.e. treat the first 4 bytes of original_key as an UINT) CONCAT11 means append one byte from the second arg to 1 byte from the first arg.

what I don't know:

What this line is actually doing to the input. When i work through it on paper it doesn't make sense.

Any insight would be appreciated.


asked on Stack Overflow May 6, 2021 by GSKI

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0