前几天分析的一个东西

Eddy 发布于2011-5-19 12:48:24 分类: 技术心得 已浏览loading 网友评论0条 我要评论

KeyGen(VC6编写)

[color=#0000D0]#include[/color] [color=#808080]"stdafx.h"[/color]
[color=#0000D0]#include[/color] 
[color=#0000D0]#include[/color] <[color=#0000D0]string[/color]>
[color=#0000D0]#include[/color] 
[color=#0000D0]#include[/color] 
[color=#0000D0]using[/color] [color=#0000D0]namespace[/color] [color=#0000D0]std[/color];

[color=#008000]//定义密钥结构体[/color]
[color=#0000D0]typedef[/color] [color=#0000D0]struct[/color]
{
    [color=#0000D0]DWORD[/color] s0;
    [color=#0000D0]DWORD[/color] s1;
    [color=#0000D0]DWORD[/color] s2;
    [color=#0000D0]DWORD[/color] s3;
    [color=#0000D0]DWORD[/color] s4;
    [color=#0000D0]DWORD[/color] s5;
    [color=#0000D0]DWORD[/color] s6;
    [color=#0000D0]DWORD[/color] s7;
    [color=#0000D0]DWORD[/color] s8;
    [color=#0000D0]DWORD[/color] s9;
    [color=#0000D0]DWORD[/color] s10;
    [color=#0000D0]DWORD[/color] s11;
    [color=#0000D0]DWORD[/color] s12;
    [color=#0000D0]DWORD[/color] s13;
} key, *pkey;

[color=#008000]//修改自IDA[/color]
[color=#0000D0]int[/color] [color=#0000D0]__stdcall[/color] text_101D950(pkey t, [color=#0000D0]int[/color] a2)
{
    [color=#0000D0]int[/color] result; [color=#008000]// eax@12[/color]
    [color=#0000D0]DWORD[/color] v3; [color=#008000]// [sp+0h] [bp-14h]@1[/color]
    [color=#0000D0]signed[/color] [color=#0000D0]int[/color] v4; [color=#008000]// [sp+4h] [bp-10h]@1[/color]
    [color=#0000D0]unsigned[/color] [color=#0000D0]__int8[/color] v5; [color=#008000]// [sp+13h] [bp-1h]@1[/color]
    [color=#0000D0]int[/color] v6; [color=#008000]// [sp+8h] [bp-Ch]@1[/color]
    [color=#0000D0]int[/color] v7; [color=#008000]// [sp+Ch] [bp-8h]@1[/color]
    
    v3 = ([color=#0000D0]DWORD[/color])t;
    v4 = 0;
    v5 = 0;[color=#008000]//key[/color]
    v6 = *([color=#0000D0]DWORD[/color] *)(([color=#0000D0]DWORD[/color])t + 12) & 1;
    v7 = *([color=#0000D0]DWORD[/color] *)(([color=#0000D0]DWORD[/color])t + 16) & 1;
    v4 = 0;
    [color=#0000D0]while[/color] ( v4 < 8 )
    {
        [color=#0000D0]if[/color] ( *([color=#0000D0]DWORD[/color] *)(v3 + 8) & 1 )
        {
            *([color=#0000D0]DWORD[/color] *)(v3 + 8) = *([color=#0000D0]DWORD[/color] *)(v3 + 44) | (([color=#0000D0]unsigned[/color] [color=#0000D0]int[/color])(*([color=#0000D0]DWORD[/color] *)(v3 + 20) ^ *([color=#0000D0]DWORD[/color] *)(v3 + 8)) >> 1);
            [color=#0000D0]if[/color] ( *([color=#0000D0]DWORD[/color] *)(v3 + 12) & 1 )
            {
                *([color=#0000D0]DWORD[/color] *)(v3 + 12) = *([color=#0000D0]DWORD[/color] *)(v3 + 48) | (([color=#0000D0]unsigned[/color] [color=#0000D0]int[/color])(*([color=#0000D0]DWORD[/color] *)(v3 + 24) ^ *([color=#0000D0]DWORD[/color] *)(v3 + 12)) >> 1);
                v6 = 1;
            }
            [color=#0000D0]else[/color]
            {
                *([color=#0000D0]DWORD[/color] *)(v3 + 12) = *([color=#0000D0]DWORD[/color] *)(v3 + 36) & (*([color=#0000D0]DWORD[/color] *)(v3 + 12) >> 1);
                v6 = 0;
            }
        }
        [color=#0000D0]else[/color]
        {
            *([color=#0000D0]DWORD[/color] *)(v3 + 8) = *([color=#0000D0]DWORD[/color] *)(v3 + 32) & (*([color=#0000D0]DWORD[/color] *)(v3 + 8) >> 1);
            [color=#0000D0]if[/color] ( *([color=#0000D0]DWORD[/color] *)(v3 + 16) & 1 )
            {
                *([color=#0000D0]DWORD[/color] *)(v3 + 16) = *([color=#0000D0]DWORD[/color] *)(v3 + 52) | (([color=#0000D0]unsigned[/color] [color=#0000D0]int[/color])(*([color=#0000D0]DWORD[/color] *)(v3 + 28) ^ *([color=#0000D0]DWORD[/color] *)(v3 + 16)) >> 1);
                v7 = 1;
            }
            [color=#0000D0]else[/color]
            {
                *([color=#0000D0]DWORD[/color] *)(v3 + 16) = *([color=#0000D0]DWORD[/color] *)(v3 + 40) & (*([color=#0000D0]DWORD[/color] *)(v3 + 16) >> 1);
                v7 = 0;
            }
        }
        v5 = ([color=#0000D0]unsigned[/color] [color=#0000D0]__int8[/color])(([color=#0000D0]BYTE[/color])v7 ^ ([color=#0000D0]BYTE[/color])v6) | ([color=#0000D0]unsigned[/color] [color=#0000D0]__int8[/color])(2 * v5);
        ++v4;
    }
    a2 ^= v5;
    result = a2;
    [color=#0000D0]if[/color] ( !result )
    {
        result = v5;
        a2 ^= v5;
    }
    [color=#0000D0]return[/color] result;
}


[color=#0000D0]void[/color] main([color=#0000D0]int[/color] argc, [color=#0000D0]char[/color]* argv[])
{
    pkey pkey1,pkey2;
    key [color=#FF0000]ss[/color],[color=#FF0000]st[/color];
    [color=#008000]//初始化KEY[/color]
    [color=#FF0000]ss[/color].s0=0x0102D8FC;
    [color=#FF0000]ss[/color].s1=0x78839F60;
    [color=#008000]//关键是下面3个值[/color]
    [color=#FF0000]ss[/color].s2=0xFFFFFFD3;
    [color=#FF0000]ss[/color].s3=0xFFB31027;
    [color=#FF0000]ss[/color].s4=0xFFAA1856;

    [color=#FF0000]ss[/color].s5=0x80000062;
    [color=#FF0000]ss[/color].s6=0x40000020;
    [color=#FF0000]ss[/color].s7=0x10000002;
    [color=#FF0000]ss[/color].s8=0x7FFFFFFF;
    [color=#FF0000]ss[/color].s9=0x3FFFFFFF;
    [color=#FF0000]ss[/color].s10=0x0FFFFFFF;
    [color=#FF0000]ss[/color].s11=0x80000000;
    [color=#FF0000]ss[/color].s12=0xC0000000;
    [color=#FF0000]ss[/color].s13=0xF0000000;

    [color=#FF0000]st[/color]=[color=#FF0000]ss[/color];
    pkey1=&[color=#FF0000]ss[/color];
    pkey2=&[color=#FF0000]st[/color];

    [color=#008000]//穷举来算号[/color]
    [color=#0000D0]DWORD[/color] i=0;
    [color=#008000]//输入SN[/color]
    [color=#0000D0]string[/color] sn;
        [color=#FF0000]cout[/color]<<[color=#808080]"SN: "[/color];
    [color=#FF0000]cin[/color]>>sn;

    [color=#008000]//插入0C01[/color]
    [color=#0000D0]string[/color] constS([color=#808080]"0C01"[/color]);
    sn.insert(5,constS);
    
    [color=#008000]//计算各字符之和[/color]
    [color=#0000D0]WORD[/color] sum=0;
    [color=#0000D0]for[/color] (i=0;i    {
        sum+=([color=#0000D0]int[/color])sn[i];
    }
    
    [color=#008000]//在1、3位置插入计算出来的和,这一段写的很挫,估计也只有我看的懂了[/color]
    [color=#0000D0]char[/color] *ste= [color=#0000D0]new[/color] [color=#0000D0]char[/color][3];
    [color=#FF0000]itoa[/color]([color=#b000b0]LOBYTE[/color](sum),ste,16);
    [color=#0000D0]string[/color] is(ste);
    is[0]=toupper(is[0]);
    is[1]=toupper(is[1]);
    sn.insert(1,is);
    sn.erase(2,1);
    sn.insert(3,is);
    sn.erase(3,1);

    [color=#008000]//穷举出KEY[/color]
    [color=#0000D0]string[/color]::size_type ii,len;
    [color=#0000D0]string[/color] getkey;
    [color=#0000D0]char[/color] *t= [color=#0000D0]new[/color] [color=#0000D0]char[/color][2];
    [color=#0000D0]int[/color] a1,a2,temp;

    len=sn.size();
    [color=#0000D0]for[/color] (ii=0;ii    {
        a1=([color=#0000D0]int[/color])sn[ii];
        temp=0;
        [color=#0000D0]while[/color]([color=#0000D0]TRUE[/color])
        {
            temp++;
            [color=#FF0000]ss[/color]=[color=#FF0000]st[/color];[color=#008000]//还原[/color]
            a2=text_101D950(pkey1,temp);
            [color=#0000D0]if[/color] (a1==a2)
            {
                [color=#008000]//cout<                [color=#FF0000]itoa[/color](temp,t,16);
                getkey+=t;
                [color=#0000D0]break[/color];
            }
        }
        [color=#FF0000]st[/color]=[color=#FF0000]ss[/color];
    }

    [color=#008000]//转大写[/color]
    [color=#0000D0]for[/color] ([color=#0000D0]string[/color]::size_type index = 0; index != getkey.length(); index++)
    {
        getkey[index]=toupper(getkey[index]);
    }
    
    [color=#008000]//加入连字符"-"[/color]
    [color=#0000D0]string[/color] st2;
    [color=#0000D0]for[/color] (index = 0; index < getkey.length(); index = index + 4)
    {
        st2+=getkey.substr(index,4) + [color=#808080]"-"[/color];
    }
    
    [color=#0000D0]delete[/color] ste,t;

    [color=#008000]//输出最终结果[/color]
    [color=#FF0000]cout[/color]<<[color=#808080]"Key is: "[/color]<    
    [color=#FF0000]cin[/color]>>sn;
}

已经有(0)位网友发表了评论,你也评一评吧!
原创文章如转载,请注明:转载自Eddy Blog
原文地址:http://www.rrgod.com/technique/780.html     欢迎订阅Eddy Blog

记住我的信息,下次不用再输入 欢迎给Eddy Blog留言