I have a microcontroller running a program, of which I don't have the source code. This program writes a value in an EEPROM chip. This value (let's say it ranges between 0 and 10000) is first "encrypted", then stored as 2 bytes.
For example, if the value before "encryption" is 1000, which is 0x03E8, it will be encrypted and stored in EEPROM as 0x03EB
What I found to always "decrypt" the value, simply substract the most significant byte : 0x03EB - 0x03 = 0x03E8.
So if I want to encrypt value 1000, I do the reverse, obviously I ADD the most significant byte : 0x03E8 + 0x03 = 0x03EB . It works in this case.
If I take another value, for example 7160 which is 0x1BF8. I know that the program will encrypt this value as 0x1C14, and again substracting the MSB : 0x1C14 - 0x1C = 0x1BF8.
But this time, if I want to reverse it, of course adding the Most significant byte is wrong : 0x1BF8 + 0x1B = 0x1C13, which is not the expected 0x1C14 as when encrypted by the program.
So how to properly "encrypt" any value and get the expected result ?
There are many possible encryption algorithms and simple addition/subtraction is clearly not being used in this case. More likely, exclusive OR is used in some sequence of operations, with some key.
If you collect a number of known valid encryption examples, it is often possible to guess or deduce the pattern.
No, I expect 0x1BF8 to be encrypted as 0x1C14, as that is what the program outputs. I am trying to replicate what is done by the program, it looks simple but I can't find what it is doing exactly
Please post some other examples of what the program outputs. Very useful information would result if the inputs differ by only a single bit, so I suggest to input 0, 1, 2, 4, 8 up to 0x8000 and post the results.
game developers protecting important values against cheater by storing modified value and if game see stored unmodified value it know that cheat is activated and reset game or something. modification is something like: Enc= value * 1.0039106;
Some examples of output, for input values < decimal 256 might be informative.
Multiplying by 1.0039 or by (1 + 1/256) is basically the same thing as adding the MSB to the LSB, with the possibility of adding the carry, suggested by @david_2018.
That is straight 16 bit hex number. The Arduino and most others use that, not decimal so it is not encrypted. You can use an online hex calculator or possibly your pocket calculator to decoe. If you tell the Arduino to simply print it it will make it decimal.