解密算法汇编代码如下:
0040767F . 90 NOP
00407680 > 8BCE MOV ECX,ESI
00407682 . 83E1 03 AND ECX,3
00407685 . 8A8C0D B0F6FFFF MOV CL,BYTE PTR SS:[EBP+ECX-950] ;密钥04 07 76 19
0040768C . 328C35 C8FAFFFF XOR CL,BYTE PTR SS:[EBP+ESI-538]
00407693 . 46 INC ESI
00407694 . 8AC1 MOV AL,CL
00407696 . 8AD1 MOV DL,CL
00407698 . D0E8 SHR AL,1
0040769A . 02D2 ADD DL,DL
0040769C . 32C2 XOR AL,DL
0040769E . 02C9 ADD CL,CL
004076A0 . 24 55 AND AL,55
004076A2 . 32C1 XOR AL,CL
004076A4 . 8AD0 MOV DL,AL
004076A6 . 8AC8 MOV CL,AL
004076A8 . C0E9 02 SHR CL,2
004076AB . 02D2 ADD DL,DL
004076AD . 02D2 ADD DL,DL
004076AF . 32CA XOR CL,DL
004076B1 . 02C0 ADD AL,AL
004076B3 . 80E1 33 AND CL,33
004076B6 . 02C0 ADD AL,AL
004076B8 . 32C8 XOR CL,AL
004076BA . C0C1 04 ROL CL,4
004076BD . 888C35 C7FAFFFF MOV BYTE PTR SS:[EBP+ESI-539],CL
004076C4 . 3BF7 CMP ESI,EDI
004076C6 .^ 7C B8 JL SHORT OfficeTa.00407680
004076C8 > 8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C]
IDA反编译F5伪代码如下:
v70 = 0;
v103 = v106;
if ( v104 > 0 )
{
v71 = v104;
do
{
v72 = v110[v70] ^ *((_BYTE *)&v103 + (v70 & 3));
++v70;
v73 = 4 * (2 * v72 ^ (2 * v72 ^ (v72 >> 1)) & 0x55);
v74 = __ROL__(v73 ^ (v73 ^ ((unsigned __int8)(2 * v72 ^ (2 * v72 ^ (v72 >> 1)) & 0x55) >> 2)) & 0x33, 4);
*(&v109 + v70) = v74;
}
while ( v70 < v71 );
}
求解这个算法的加密算法,谢谢各位大牛。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课