Crypto or not?

Thank you for your answers.

I'm going to add somethings.

0041901F |> 8B4C24 14 /MOV ECX,DWORD PTR SS:[ESP+14]
This line put 4Ch in ECX, it's a constant.

00419023 |> 8D441C 20 LEA EAX,DWORD PTR SS:[ESP+EBX+20]
00419027 |. 0FB63C08 |MOVZX EDI,BYTE PTR DS:[EAX+ECX]
This lines take a byte in list of 16 bytes which are used in this algo.

After this code there is others loops but for me, it's this algo the first problem.
I don't understand how to reverse it because it use bytes together.

P.S. Peid find CRC32b.

[dyn!o]

The fragment you posted doesn't calculate CRC32. If PEID has detected its signature then it should give you the reference offset (address) too. Compare the referenced address with the listing area and if it doesn't mach (it shouldn't indeed) then just disassemble the referenced pointer and verify if it's not a mistake or fake signature.

I will repeat the following suggestion: put a breakpoint on 0x419065, take ECX as the late data pointer and substract few bytes (76 decimal? strange value... or maybe its multiplicity? that would give you at least even value) - you should see the result of discussed loop and then I suggest to put a memory access breakpoint on the first byte of the result. You should be a step ahead from revealing the "secret" (or maybe am I dreaming? ).

If you won't try - you don't win.

Good luck and regards.

I don't understand what you want I do.
I know what the algo do but I don't know how to reverse it.

I converted it in pseudo code, if it can help someone.

byte origine array [8];
byte final array [17];
int cpt1,cpt2,cpt3,cpt4;

for (cpt1=0;cpt1<8;cpt1++)
{
carac = origine[cpt1];
cpt4 = 0 ;
for (cpt2=0;cpt2<8;cpt2++)
{
carac2 = origine[cpt2];
carac2 = carac * carac2;
cpt3 = cpt4;
while(carac2!=0)
{
carac2 = carac2 + resultat[cpt3] ;
resultat[cpt3] = carac2 % 100 ;
carac2 = carac2 div 100 ;
cpt3++ ;
}
cpt4++;
}
}

[dyn!o]

"I know what the algo do"
That's strange because in the first post you have written:

"Someone recognize this algo and it is possible to reverse it?"
So it looks you don't know (at least for me).

I suggested you to recognize it first, but now you amazed me totally by writting the pseudo code + claiming you "recognize this algo" and at the same time.... asking for help. I'm a little bit lost. You know what does the algorithm do and you don't know how to "reverse it"?

Regards.

Ok, I will try to clear up my problem.
I know what the algo do since that I succeeded in transcribing it in pseudo code. But I do not see how to reverse it.
How to recover the bytes of "origine" starting from the bytes of "resultat".
Do you inderstand what I say?
Sorry not to be very clear.

[taos]

carac2 = carac2 + resultat[cpt3] ;
????
the original value of resultat[cpt3] is...?
You can try with simple values to test how it works.

[Michel]

Don't you think the while-loop may become infinite ?

Nevertheless I sujest you, if you want reverse only few values, to write a bruteforce loop comparing the result with the value you want to reverse.