[求助]小白发个求助帖！功力太弱，看不懂！！！-密码应用-看雪-安全社区|安全招聘|kanxue.com

[求助]小白发个求助帖！功力太弱，看不懂！！！

2017-12-6 10:57 18942

[求助]小白发个求助帖！功力太弱，看不懂！！！

chenjabc

2017-12-6 10:57

18942

先感谢！！！
说明：这是从汇编翻译过来的，肯定有一些新手犯的错！多指教下！！！
代码：

#include <stdio.h>

typedef unsigned int ulong;
typedef unsigned short int uword;
typedef unsigned char ubyte;

ulong CalculateKey(ulong key)
{
    ubyte buf[16] = {0};
    ubyte constant[4] = {0x16, 0x75, 0xe4, 0x7f};
    ubyte *pConstant = constant;
    ubyte *pBuf0x7 = NULL;
    ubyte *pBuf0x3 = NULL;
    ubyte *pBuf0xb = NULL;
    ubyte *pBufFirst = NULL;
    ubyte *pBufLast = NULL;
    ubyte RH4 = 0, RL5 = 0, RL4 = 1;
    uword R2 = 0, R3 = 0, R4 = 0, R6 = 0;
    ulong R10R2 = 0, R2R4 = 0;

    /*
     *buf[4] = 0;
     *buf[5] = 0;
     *buf[6] = 0;
     *buf[7] = 0;
     */

    // 高字节存储在数组低位字节
    *(buf) = (ubyte)(key >> 24U);
    *(buf + 1) = (ubyte)(key >> 16U);
    *(buf + 2) = (ubyte)(key >> 8U);
    *(buf + 3) = (ubyte)(key);

    // 指针赋值
    pBuf0x7 = buf + 0x7;
    pBufLast = buf + 0x0f;
    pBuf0x3 = buf + 0x3;
    pBufFirst = buf + 0;
    pBuf0xb = buf + 0xb;

    R3 = 0x4;

    do
    {
        //R2 = pBuf0x3;
        RH4 = *pConstant; // 0x16, 0x75, 0xe4, 0x7f
        RH4 ^= *pBuf0x3;
        pBuf0x3 -= 1;
        *pBufLast = RH4;

        RL5 = 0x80;
        RL4 = 0x01;
        R6 = 0;

        // 将*pBufFirst位倒序写到*pBuf0x7
        do
        {
            if(RL5 & *pBufFirst)
            {
                *pBuf0x7 |= RL4;
            }

            RL5 = RL5 >> 1;
            RL4 += RL4;
        }while(R6++ < 7);

        *pBuf0x7 ^= *pConstant;
        pConstant++;

        RL5 = 0x04 - R3;
        RL5 <<= 3;

        //RH4 = *pBufLast;
        //R10R2 = RH4;
        //R4 = RH4 = *pBuf0x7;
        R10R2 = *pBuf0x7 + *pBufLast;

        R4 = RL5;

        if(R4 != 0)
        {
            if(R4 >= 0x10)
            {
                R4 -= 0x10;
                R10R2 <<= R4 + 16U;
            }
            else
            {
                R6 = (uword)R10R2;
                R10R2 <<= R4;
                R4 = 0x10 - R4;
                R6 = R6 >> R4;

                R10R2 |= (ulong)R6 << 16U;
            }
        }

        R2R4 += R10R2; // 其实是加上MAC累加器
        R2 = (uword)(R2R4 >> 16U);
        R4 = (uword)R2R4;
        pBufLast -= 1;
        pBuf0x7 -= 1;


        if(RL5 != 0 && RL5 >= 0x10)
        {
            RL5 -= 0x10;
            R4 = R2;
            R4 >>= RL5;
        }
        else
        {
            R4 = (R4 >> RL5) | (R2 >> (0x10 - RL5));
        }

        *pBuf0xb = R4 & 0xff;
        pBuf0xb -= 1;
        pBufFirst += 1;

    }while(R3-- >= 2); // 循环4次

    //R3 = MAH;
    //R2 = MAL;
    return R2R4;
}

int main(int argc, char **argv)
{
    ulong key = 0;

    printf("Input hex value: ");
    while (scanf("%x", &key)) {
        printf("key: 0x%x\n", CalculateKey(key));
        printf("Input hex value: ");
    }

    return 0;
}

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

收藏・0

点赞・0

打赏

最新回复 (2)
天街雪币： 140 活跃值： (94) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 2 粉丝 0 关注私信	天街 2022-7-4 11:09 2 楼 0 这是哪个车型哪个模块的安全校验算法呢，很简单的呀，优化下就好了
method 雪币： 1916 活跃值： (3623) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 81 粉丝 2 关注私信	method 2022-7-4 11:49 3 楼 0 没汇编咋看
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复