Need help identifying modified blowfish algo

[ionioni]

upper function std::string *__fastcall linx::LCEncryption::EncryptDecrypt(std::string *pStrOutput, const char **ppInput, int mode)

Code:

v7 = lenInput % 8;
if ( lenInput % 8 )
  v7 = 8 - v7;
lSize = lenInput + v7;
v9 = lenInput + v7 + 1;
pInput = operator new[](v9);
memset(pInput, 0, v9);
strcpy(pInput, *ppInput);
CBlowFish::CBlowFish();
BYTE key[2] = {0};
CBlowFish::Initialize(key, 2);//???              
if (mode)
{
  pOutput = operator new[](2 * lSize);
  memset(pOutput, 0, 2 * lSize);
  CBlowFish::Encode(pInput, pOutput, lSize);
  bits = (8 * lSize);
  lenBase32Str = linx::LCBase32::toLen(bits);
  Base32Str = operator new[](lenBase32Str);
  memset(Base32Str, 0, lenBase32Str);
  linx::LCBase32::toBaseStr(Base32Str, lenBase32Str, pOutput, bits);
  v24 = strlen(Base32Str);
  std::string::assign(pStrOutput, Base32Str, v24);
}

Looks like standard BF, in encryption mode (arg3 mode !0) takes a string as arg2 and returns a base32 of the encoded BF as arg1, I've also checked the random digit tables from the a binary and they're identical to the standard BF (for eg. this)

Maybe if you can show some sample pairs of input/output strings to LCEncryption::EncryptDecrypt

I don't have the proper arm env to debug the exe, tried it in qemu but it cries for missing so libs and some (QT) are compiled for this embedded app (ie not something that can be googled for) maybe if you can make a rootfs of the env or don't know, do a find / -name \*.so and only pack those (you have at least read access because of the a binary)