{"id":6923,"date":"2025-04-26T00:01:54","date_gmt":"2025-04-26T07:01:54","guid":{"rendered":"https:\/\/c-for-dummies.com\/blog\/?p=6923"},"modified":"2025-04-19T09:13:49","modified_gmt":"2025-04-19T16:13:49","slug":"silicon-valley-encryption-part-iii","status":"publish","type":"post","link":"https:\/\/c-for-dummies.com\/blog\/?p=6923","title":{"rendered":"Silicon Valley Encryption, Part III"},"content":{"rendered":"

My attempt to de-obfuscate the easter egg from the HBO series Silicon Valley<\/em> didn’t help in my efforts to reverse engineer the code. I got close, but I just can’t obtain that first (or final) value.
\n
\nMy focus, as covered in last week’s Lesson<\/a>, is this expression from the original code:<\/p>\n

0x79481E6BBCC01223 + ((dcf_t)0x1222DC << 64)<\/code><\/p>\n

This manipulation isn’t based on a loop or a changing value, so the result is consistent throughout the code. Yet, instead of setting a specific value, the above expression buries it with a bit shift operation that I can’t get any programmer’s calculator to output. If I output it in the code, I get 0x79481E6BBCC01223, which is the original value — not helpful. So this expression could just be a rouse.<\/p>\n

Regardless, based on the code from last week’s Lesson, here is my attempt to reverse engineer the encryption:<\/p>\n

2025_04_26-Lesson.c<\/a><\/h3>\n
\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n\r\ntypedef __int128_t bignum;\r\n\r\nbignum iface(char c, int i)\r\n{\r\n    bignum r;\r\n\r\n    r = ((c-65) | ((bignum)0x1FULL >> i * 5)) << i * 5;\r\n    \/* original expression\r\n    c = (((s & ((dcf_t)0x1FULL << i * 5)) >> i * 5 ) + 65);\r\n       *\/<\/span>\r\n    return r;\r\n}\r\n\r\nint main()\r\n{\r\n    char buffer[18];\r\n    int i;\r\n    bignum target,modifier,result;\r\n\r\n    fgets(buffer,18,stdin);\r\n\r\n    \/* hidden value is 17 digits long *\/<\/span>\r\n    target = 0x79481E6BBCC01223;\r\n    modifier = (bignum)0x1222DC << 64;\r\n\r\n    result = 0;\r\n    for ( i=17; i>0; i-- )\r\n    {\r\n        result += iface(buffer[i], i) + modifier;\r\n    }\r\n\r\n    printf(\"%llX\\n\",(unsigned long long)target);\r\n    printf(\"%llX\\n\",(unsigned long long)result);\r\n\r\n    return 0;\r\n}<\/pre>\n
The main()<\/em> function prompts for a string to input. It sends each character to the iface()<\/em> function, where the character is manipulated into a value. This value is returned and used to build the result<\/code> variable in the main()<\/em> function.<\/p>\n
Once the loop has processed the string, the new value is output along with the original code’s value. They should match, providing that the exact string is input and my decryption method is sound.<\/p>\n
Here’s a sample run:<\/p>\n
DREAM_ON_ASSHOLES
\n79481E6BBCC01223
\n79481E6BBCC01220<\/code><\/p>\n
No prompt appears, so I type the text DREAM_ON_ASSHOLES<\/strong>. You see the result. The values almost match, off by three.<\/p>\n
Another way to test the code is to use the new value generated, 0x79481E6BBCC01220, and set it into the original code to run it backwards. Here is the original programs output when used with the new value:<\/p>\n
AREAM_ON_ASSHOLES<\/code><\/p>\n
The first letter ‘A’ is off by three, which follows. But where does the three come from? I even tried processing the string backwards, and the first letter was still ‘A’.<\/p>\n
Then I tried using an alphabet string, ABCDEFGHIJKLMNOPQ. This string converted into the value 0xC5A928398A418823. When put into the original code, the output is ABCDEFGHIJKLMOLES<\/code>. Weirdly, it retains the last part of the original string, “OLES.”<\/p>\n
I’m at a loss.<\/p>\n
Obviously, whoever coded this encryption method is quite clever not only at the process but at obfuscation. Perhaps someone else can look at what’s going on and see what I’m missing or offer some insight as to how the program works and which method was used to originally encrypt the string — if it’s indeed being encrypted and not just disguised.<\/p>\n","protected":false},"excerpt":{"rendered":"
I attempt to reverse engineer the Silicon Valley<\/em> easter egg. Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-6923","post","type-post","status-publish","format-standard","hentry","category-main"],"_links":{"self":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/6923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6923"}],"version-history":[{"count":4,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/6923\/revisions"}],"predecessor-version":[{"id":6959,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/6923\/revisions\/6959"}],"wp:attachment":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}