I'm reversing a simple binary in Ghidra and have run across the following decompiled C-code:
original_key._0_4_ = original_key._0_4_ & 0xffff0000 | (uint)CONCAT11(original_key[0],(char)(original_key._0_4_ >> 8));
and here is the associated disassembly:
LAB_00101558 XREF[1]:
00101558 0f b6 45 f1 MOVZX __buf,byte ptr [RBP + original_key[0]]
0010155c 88 45 e4 MOV byte ptr [RBP + local_24],__buf
0010155f 0f b6 45 f2 MOVZX __buf,byte ptr [RBP + original_key[1]]
00101563 88 45 e5 MOV byte ptr [RBP + local_23],__buf
00101566 0f b6 45 e5 MOVZX __buf,byte ptr [RBP + local_23]
0010156a 88 45 f1 MOV byte ptr [RBP + original_key[0]],__buf
0010156d 0f b6 45 e4 MOVZX __buf,byte ptr [RBP + local_24]
00101571 88 45 f2 MOV byte ptr [RBP + original_key[1]],__buf
00101574 c7 45 e8 MOV dword ptr [RBP + key_index],0x0
00 00 00 00
0010157b eb 42 JMP LAB_001015bf
I can't figure out what this line of code is doing:
What I know:
original_key is a char[6] i.e. it is defined as char original_key [6]; The value of original_key can be anything at the start of this line, but after execution original_key must contain the string 'uvxcuh'
What I think I know:
original_key.0_4 means the 4 bytes starting at offset 0 of the original_key array (i.e. treat the first 4 bytes of original_key as an UINT) CONCAT11 means append one byte from the second arg to 1 byte from the first arg.
what I don't know:
What this line is actually doing to the input. When i work through it on paper it doesn't make sense.
Any insight would be appreciated.
Ski
User contributions licensed under CC BY-SA 3.0