首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 看雪社区
  2. 密码应用
    3. 发新帖
[原创]BASE64解密代码(ASM)
2013-8-28 23:54 12488

[原创]BASE64解密代码(ASM)

光刃 活跃值
3
2013-8-28 23:54
12488
全部自己编写,所以bug多多
CrackBase64 proc

xor ecx,ecx
xor ebx,ebx
xor edx,edx
xor ebp,ebp

.while(ecx<Hex_sum) ;Hex_sum 密文长度
  shr ecx,2;寄存器不够用,经此而已
  
  mov eax,[lpBuffer] ;lpBuffer密文字符串地址(指针)
  mov eax,[eax+ecx*4]
  xor edx,edx
  xor ebx,ebx
  .while(edx<4)
   .if(al>=41h && al<=5ah)
    sub al,41h
   .elseif (al>=61h && al<=7ah)
    sub al,47h
   .elseif (al>=30h && al<=39h)
    add al,4
   .elseif(al==2bh)
    mov al,3eh
   .elseif (al==2fh)
    mov al,3fh
   .elseif(al==3dh)
    mov al,00h
   .else
   
   .endif
   mov ebp,eax
   and ebp,3FH
   add ebx,ebp
   rol ebx,6
   ror eax,8
   inc edx
  .endw
  shr ebx,6
  mov ebp,ecx
  add ebp,ecx
  add ebp,ecx
  
  add ebp,lpBufferTemp (目标地址) (指针)
  rol ebx ,10H
  mov [ebp],bl
  rol ebx,8
  
  inc ebp
  
  mov [ebp],bl
  rol ebx,8
  
  inc ebp
  mov [ebp],bl
  
  inc ebp
  
  inc ecx
  shl ecx,2
.endw

ret
CrackBase64 endp

[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界

收藏
点赞3
打赏
分享
最新回复 (4)
pxhb
雪    币: 6026
活跃值: (3940)
能力值: ( LV7,RANK:110 )
在线值:
发帖
回帖
粉丝
私信
pxhb 2 2013-8-29 07:39
2
0
感谢分享,
zhczf
雪    币: 10243
活跃值: (16482)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
zhczf 2013-8-29 08:54
3
0
支持楼主分享汇编源代码
abc赵先生
雪    币: 3
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
abc赵先生 2013-8-29 09:47
4
0
楼主好人啊~
shenger
雪    币: 45
活跃值: (55)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
shenger 2013-8-29 17:01
5
0
正巧刚刚在做一个Base64的CrackMe。逆出来的代码太难看了 ,呵呵
#include <stdio.h>

unsigned char Table[500]={0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x3E,0xFF,0xFF,0xFF,0x3F,0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF
,0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF
,0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF
,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
,0x02,0x00,0x00,0x00,0x57,0xF6,0x84,0xDC,0xA8,0x09,0x7B,0x23,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF};

void Base64(char *szUserName, char *szResult);
void main()
{
	char szUser[]={"QUFodHRwOi8vbWRsMTAubXlkb3duLmNvbS95dWxlLzIwMDcwMS8yMDA3bXQuV01WWlo="};
	char szResult[20]={""};
	Base64(szUser,szResult);
	printf("%s\n",szResult);
}

void Base64(char *szUserName, char *szResult)
{
	unsigned int i,j=0,k;
	unsigned int eax,ebx,ecx,edx,ebp;
	unsigned char al,ah,bl,bh,cl,ch,dl,dh;
	unsigned char c;
	
	i=0;
	
	while(c!=0)
	{
		c=szUserName[i];
		i=i+4;
	}
	eax=0x3D;
	al=eax & 0xFF;
	ah=(eax & 0xFF00)>>8;

	ebp=i-4;
	if(ebp==0)
		return;
	if(al==szUserName[ebp-1])
	{
		dl=1;
		szUserName[ebp-1]=ah;
	}
	else{dl=0;}
	if(al==szUserName[ebp-2])
	{
		al=1;
		szUserName[ebp-1]=ah;
	}
	else{al=0;}
	al=al+dl;
	eax=al;
	ebp=ebp/4;
	edx=ebp+ebp*2;
	edx=edx-eax;
	while(ebp!=0)
	{
		ecx=*((int*)szUserName);

		cl=ecx & 0xFF;
		ch=(ecx & 0xFF00)>>8;
		al=Table[cl];
		ah=Table[ch];
		
		ecx=ecx>>16;
		cl=ecx & 0x000000FF;
		ch=(ecx & 0x0000FF00)>>8;

		szUserName=szUserName+4;
		
		bl=Table[cl];
		bh=Table[ch];
		
		dl=ah;
		dh=bl;
		
		al=al<<2;
		bl=bl>>2;
		dh=dh<<6;
		ah=ah<<4;
		dl=dl>>4;
		
		bh=bh | dh;
		al=al | dl;
		ah=ah | bl;
		
		szResult[j]=al;
		szResult[j+2]=bh;
		szResult[j+1]=ah;
		j=j+3;
		
		ebp--;
	}
	szResult[j]='\0';
}
游客
登录 | 注册 方可回帖
 回帖  表情 雪币赚取及消费
高级回复
返回