-
-
[原创]5.5.2拆解KeyFile保护示例PacMe源代码还原
-
2015-1-12 10:06
-
如题,最近在精读《加密与解密》,捎带练练手。代码简陋,大牛轻砸,欢迎同道交流
#include <stdio.h>
#include <windows.h>
int main(void)
{
HANDLE hFile;
BYTE byteLen, byteStep;
DWORD dwReadSize, dwAddResult;
CHAR arrUserName[256] = {0};
BYTE arrSeq[18];
INT i, j, iPrev, iCurrent, iFlag;
CHAR strMaze[256] =
"****************"
"C*......*...****"
".*.****...*....*"
".*..**********.*"
"..*....*...*...*"
"*.****.*.*...***"
"*.*....*.*******"
"..*.***..*.....*"
".*..***.**.***.*"
"...****....*X..*"
"****************";
hFile = CreateFile(
"KwazyWeb.bit",
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);
if(hFile == INVALID_HANDLE_VALUE)
{
fprintf(stderr, "CreateFile Error: %d\n", GetLastError());
return -1;
}
//读取用户名长度
ReadFile(hFile, &byteLen, 1, &dwReadSize, NULL);
// printf("UserName Length: %d\n", byteLen);
if(!byteLen)
{
fprintf(stderr, "Wrong UserName Length!\n");
CloseHandle(hFile);
return -2;
}
//读取用户名
ReadFile(hFile, arrUserName, byteLen, &dwReadSize, NULL);
//用户名逐字节相加(结果只用低8位)
for(i = 0, dwAddResult = 0; i < byteLen; i++)
{
dwAddResult += arrUserName[i];
}
// printf("User Name Added_Result: %08X, Low_8_Bits: %04X\n", dwAddResult, (BYTE)dwAddResult);
//读取验证序列(18字节)
ReadFile(hFile, arrSeq, 18, &dwReadSize, NULL);
/*for(i = 0; i < 18; i++)
{
if(i % 6 == 0) printf("\n");
printf("%02X ", arrSeq[i]);
}
printf("\n"); */
///////////////////////////////////////////////////////////
////验证核心
iCurrent = 16;
// printf("%c\n", strMaze[iCurrent]);
//XOR处理验证序列,得到真正的迷宫移动步骤序列
for(i = 0; i < 18; i++)
{
arrSeq[i] ^= ((BYTE)dwAddResult);
}
/*for(i = 0; i < 18; i++)
{
if(i % 6 == 0) printf("\n");
printf("%02X ", arrSeq[i]);
}
printf("\n"); */
for(i = 0, iFlag = 1; i < 18; i++) //逐个使用18个序列字节
{
for(j = 6; j >= 0; j -= 2) //每个字节分为4个2比特数(0,1,2,3),确定移动方向
//所以总的移动步骤为18*4=72步
{
//0--UP, 1--RIGHT, 2--DOWN, 3--LEFT
byteStep = (arrSeq[i] >> j) & 0x03;
// printf("%d ", byteStep);
iPrev = iCurrent;
switch(byteStep)
{
case 0: iCurrent -= 16; //UP
break;
case 1: iCurrent += 1; //RIGHT
break;
case 2: iCurrent += 16; //DOWN
break;
case 3: iCurrent -= 1; //LEFT
break;
}
if(strMaze[iCurrent] == '*' || strMaze[iCurrent] == ' ')
{
iFlag = 0;
break;
}
else if(strMaze[iCurrent] == 'X')
{
MessageBox(NULL, "Congratulations!", "Success..", MB_OK);
break;
}
else //strMaze[iCurrent] == '.'
{
strMaze[iCurrent] == 'C';
strMaze[iPrev] == ' ';
}
}
// printf("\n");
}
////验证核心
///////////////////////////////////////////////////////////
CloseHandle(hFile);
if(!iFlag) //验证失败
{
fprintf(stderr, "Crack Fail!!!\n");
return -3;
}
else
{
printf("Crack Success!!!\n");
return 0;
}
}
#include <stdio.h>
#include <windows.h>
int main(void)
{
HANDLE hFile;
BYTE byteLen, byteStep;
DWORD dwReadSize, dwAddResult;
CHAR arrUserName[256] = {0};
BYTE arrSeq[18];
INT i, j, iPrev, iCurrent, iFlag;
CHAR strMaze[256] =
"****************"
"C*......*...****"
".*.****...*....*"
".*..**********.*"
"..*....*...*...*"
"*.****.*.*...***"
"*.*....*.*******"
"..*.***..*.....*"
".*..***.**.***.*"
"...****....*X..*"
"****************";
hFile = CreateFile(
"KwazyWeb.bit",
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);
if(hFile == INVALID_HANDLE_VALUE)
{
fprintf(stderr, "CreateFile Error: %d\n", GetLastError());
return -1;
}
//读取用户名长度
ReadFile(hFile, &byteLen, 1, &dwReadSize, NULL);
// printf("UserName Length: %d\n", byteLen);
if(!byteLen)
{
fprintf(stderr, "Wrong UserName Length!\n");
CloseHandle(hFile);
return -2;
}
//读取用户名
ReadFile(hFile, arrUserName, byteLen, &dwReadSize, NULL);
//用户名逐字节相加(结果只用低8位)
for(i = 0, dwAddResult = 0; i < byteLen; i++)
{
dwAddResult += arrUserName[i];
}
// printf("User Name Added_Result: %08X, Low_8_Bits: %04X\n", dwAddResult, (BYTE)dwAddResult);
//读取验证序列(18字节)
ReadFile(hFile, arrSeq, 18, &dwReadSize, NULL);
/*for(i = 0; i < 18; i++)
{
if(i % 6 == 0) printf("\n");
printf("%02X ", arrSeq[i]);
}
printf("\n"); */
///////////////////////////////////////////////////////////
////验证核心
iCurrent = 16;
// printf("%c\n", strMaze[iCurrent]);
//XOR处理验证序列,得到真正的迷宫移动步骤序列
for(i = 0; i < 18; i++)
{
arrSeq[i] ^= ((BYTE)dwAddResult);
}
/*for(i = 0; i < 18; i++)
{
if(i % 6 == 0) printf("\n");
printf("%02X ", arrSeq[i]);
}
printf("\n"); */
for(i = 0, iFlag = 1; i < 18; i++) //逐个使用18个序列字节
{
for(j = 6; j >= 0; j -= 2) //每个字节分为4个2比特数(0,1,2,3),确定移动方向
//所以总的移动步骤为18*4=72步
{
//0--UP, 1--RIGHT, 2--DOWN, 3--LEFT
byteStep = (arrSeq[i] >> j) & 0x03;
// printf("%d ", byteStep);
iPrev = iCurrent;
switch(byteStep)
{
case 0: iCurrent -= 16; //UP
break;
case 1: iCurrent += 1; //RIGHT
break;
case 2: iCurrent += 16; //DOWN
break;
case 3: iCurrent -= 1; //LEFT
break;
}
if(strMaze[iCurrent] == '*' || strMaze[iCurrent] == ' ')
{
iFlag = 0;
break;
}
else if(strMaze[iCurrent] == 'X')
{
MessageBox(NULL, "Congratulations!", "Success..", MB_OK);
break;
}
else //strMaze[iCurrent] == '.'
{
strMaze[iCurrent] == 'C';
strMaze[iPrev] == ' ';
}
}
// printf("\n");
}
////验证核心
///////////////////////////////////////////////////////////
CloseHandle(hFile);
if(!iFlag) //验证失败
{
fprintf(stderr, "Crack Fail!!!\n");
return -3;
}
else
{
printf("Crack Success!!!\n");
return 0;
}
}
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
wjllz
