-
-
[原创]看雪.京东 2018CTF 第四题 密界寻踪 writeup
-
发表于: 2018-6-22 17:44
-
有大数运算和AES算法。
- 2.分析流程
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | .text:0045C106 _main_0_0: ; CODE XREF: _main_0j.text:0045C106 jz short loc_45C10C.text:0045C108 jnz short loc_45C10C.text:0045C10A jmp short loc_45C10E.text:0045C10C ; ---------------------------------------------------------------------------.text:0045C10C.text:0045C10C loc_45C10C: ; CODE XREF: .text:_main_0_0j.text:0045C10C ; .text:0045C108j.text:0045C10C jmp short near ptr loc_45C10E+1.text:0045C10E ; ---------------------------------------------------------------------------.text:0045C10E.text:0045C10E loc_45C10E: ; CODE XREF: .text:0045C10Aj.text:0045C10E ; .text:loc_45C10Cj.text:0045C10E adc dword ptr [ebp+74h], 0E8027504h.text:0045C115 add ch, bl.text:0045C117 add [ecx+370EC8Bh], eax.text:0045C11D jno short near ptr loc_45C11F+1.text:0045C11F.text:0045C11F loc_45C11F: ; CODE XREF: .text:0045C11Dj.text:0045C11F ; .text:0045C125j.text:0045C11F call near ptr 0E9C2ADA7h.text:0045C124 push cs.text:0045C125 jo short near ptr loc_45C11F+2.text:0045C127 call dword ptr [eax+0] |
入口处做了乱套。比较少也没什么影响,直接f7单步步过即可。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | .text:0045C106 _main_0_0: ; CODE XREF: _main_0j.text:0045C106 jz short loc_45C10C.text:0045C108 jnz short loc_45C10C.text:0045C10A jmp short loc_45C10E.text:0045C10C ; ---------------------------------------------------------------------------.text:0045C10C.text:0045C10C loc_45C10C: ; CODE XREF: .text:_main_0_0j.text:0045C10C ; .text:0045C108j.text:0045C10C jmp short near ptr loc_45C10E+1.text:0045C10E ; ---------------------------------------------------------------------------.text:0045C10E.text:0045C10E loc_45C10E: ; CODE XREF: .text:0045C10Aj.text:0045C10E ; .text:loc_45C10Cj.text:0045C10E adc dword ptr [ebp+74h], 0E8027504h.text:0045C115 add ch, bl.text:0045C117 add [ecx+370EC8Bh], eax.text:0045C11D jno short near ptr loc_45C11F+1.text:0045C11F.text:0045C11F loc_45C11F: ; CODE XREF: .text:0045C11Dj.text:0045C11F ; .text:0045C125j.text:0045C11F call near ptr 0E9C2ADA7h.text:0045C124 push cs.text:0045C125 jo short near ptr loc_45C11F+2.text:0045C127 call dword ptr [eax+0] |
入口处做了乱套。比较少也没什么影响,直接f7单步步过即可。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | .text:0045C106 _main_0_0: ; CODE XREF: _main_0j.text:0045C106 jz short loc_45C10C.text:0045C108 jnz short loc_45C10C.text:0045C10A jmp short loc_45C10E.text:0045C10C ; ---------------------------------------------------------------------------.text:0045C10C.text:0045C10C loc_45C10C: ; CODE XREF: .text:_main_0_0j.text:0045C10C ; .text:0045C108j.text:0045C10C jmp short near ptr loc_45C10E+1.text:0045C10E ; ---------------------------------------------------------------------------.text:0045C10E.text:0045C10E loc_45C10E: ; CODE XREF: .text:0045C10Aj.text:0045C10E ; .text:loc_45C10Cj.text:0045C10E adc dword ptr [ebp+74h], 0E8027504h.text:0045C115 add ch, bl.text:0045C117 add [ecx+370EC8Bh], eax.text:0045C11D jno short near ptr loc_45C11F+1.text:0045C11F.text:0045C11F loc_45C11F: ; CODE XREF: .text:0045C11Dj.text:0045C11F ; .text:0045C125j.text:0045C11F call near ptr 0E9C2ADA7h.text:0045C124 push cs.text:0045C125 jo short near ptr loc_45C11F+2.text:0045C127 call dword ptr [eax+0] |
入口处做了乱套。比较少也没什么影响,直接f7单步步过即可。
反调试:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | int sub_4023E0(){ int result; // eax@3 char v1; // [sp+Ch] [bp-2C0h]@1 struct _PROCESS_INFORMATION ProcessInformation; // [sp+4Ch] [bp-280h]@2 struct _STARTUPINFOA StartupInfo; // [sp+5Ch] [bp-270h]@2 void *v4; // [sp+A0h] [bp-22Ch]@1 char v5; // [sp+A4h] [bp-228h]@1 char v6; // [sp+A5h] [bp-227h]@1 char v7; // [sp+D5h] [bp-1F7h]@1 CHAR ApplicationName; // [sp+D8h] [bp-1F4h]@1 memset(&v1, 0xCCu, 0x2C0u); v5 = 0; memset(&v6, 0, 0x30u); v7 = 0; v4 = GetModuleFileName_401064(); memcpy(&ApplicationName, v4, 0x1F4u); if ( CheckDbg_4010C8() ) { result = dword_495728++ + 1; } else { memcpy(&v5, &unk_495640, 0x32u); memset(&StartupInfo, 0, 0x44u); StartupInfo.cb = 68; StartupInfo.dwFlags = 1; StartupInfo.wShowWindow = 1; if ( CreateProcessA(&ApplicationName, 0, 0, 0, 0, 0x10u, 0, 0, &StartupInfo, &ProcessInformation) ) { dword_495728 = 2; CloseHandle(ProcessInformation.hProcess); result = CloseHandle(ProcessInformation.hThread); } else { result = printf("error"); } } return result;} |
主要是检测父进程名称,是explorer.exe则关闭当前进程,然后另外启动一个进程。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | int sub_4023E0(){ int result; // eax@3 char v1; // [sp+Ch] [bp-2C0h]@1 struct _PROCESS_INFORMATION ProcessInformation; // [sp+4Ch] [bp-280h]@2 struct _STARTUPINFOA StartupInfo; // [sp+5Ch] [bp-270h]@2 void *v4; // [sp+A0h] [bp-22Ch]@1 char v5; // [sp+A4h] [bp-228h]@1 char v6; // [sp+A5h] [bp-227h]@1 char v7; // [sp+D5h] [bp-1F7h]@1 CHAR ApplicationName; // [sp+D8h] [bp-1F4h]@1 memset(&v1, 0xCCu, 0x2C0u); v5 = 0; memset(&v6, 0, 0x30u); v7 = 0; v4 = GetModuleFileName_401064(); memcpy(&ApplicationName, v4, 0x1F4u); if ( CheckDbg_4010C8() ) { result = dword_495728++ + 1; } else { memcpy(&v5, &unk_495640, 0x32u); memset(&StartupInfo, 0, 0x44u); StartupInfo.cb = 68; StartupInfo.dwFlags = 1; StartupInfo.wShowWindow = 1; if ( CreateProcessA(&ApplicationName, 0, 0, 0, 0, 0x10u, 0, 0, &StartupInfo, &ProcessInformation) ) { dword_495728 = 2; CloseHandle(ProcessInformation.hProcess); result = CloseHandle(ProcessInformation.hThread); } else { result = printf("error"); } } return result;} |
主要是检测父进程名称,是explorer.exe则关闭当前进程,然后另外启动一个进程。
直接改跳转跳过。
主要验证流程:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 | .text:004031D2 call j_print_ctf_403040.text:004031D7 call sub_40100A.text:004031DC lea edx, [ebp-14h].text:004031DF push edx.text:004031E0 call decode_string_401078 ; successs.text:004031E5 add esp, 4.text:004031E8 lea eax, [ebp-20h].text:004031EB push eax.text:004031EC call decode_string_401078 ; error.text:004031F1 add esp, 4.text:004031F4 push 18h.text:004031F6 lea ecx, [ebp-38h].text:004031F9 push ecx.text:004031FA push offset aS_0 ; "%s".text:004031FF call _scanf.text:00403204 add esp, 0Ch.text:00403207 lea edx, [ebp-38h].text:0040320A push edx ; char *.text:0040320B call _strlen.text:00403210 add esp, 4.text:00403213 cmp eax, 17h ; 长度17.text:00403216 jbe short loc_40322B.text:00403218 lea eax, [ebp-20h].text:0040321B push eax ; char *.text:0040321C call _printf.text:00403221 add esp, 4.text:00403224 push 0 ; int.text:00403226 call _exit.text:0040322B ; ---------------------------------------------------------------------------.text:0040322B.text:0040322B loc_40322B: ; CODE XREF: sub_40315C+BAj.text:0040322B lea ecx, [ebp-35h].text:0040322E push ecx ; char *.text:0040322F call _strlen.text:00403234 add esp, 4.text:00403237 push eax.text:00403238 push offset unk_495660 ; 放在这里.text:0040323D lea edx, [ebp-35h].text:00403240 push edx.text:00403241 call j_Covert_string_to_hex_string_402220.text:00403246 add esp, 0Ch.text:00403249 call check1_40125D ; 大数运算.text:0040324E mov [ebp-4], eax.text:00403251 push 3 ; size_t.text:00403253 lea eax, [ebp-38h].text:00403256 push eax ; void *.text:00403257 lea ecx, [ebp-3Ch].text:0040325A push ecx ; void *.text:0040325B call _memcpy.text:00403260 add esp, 0Ch.text:00403263 lea edx, [ebp-3Ch].text:00403266 push edx.text:00403267 call check_isdigit_40108C.text:0040326C add esp, 4.text:0040326F and eax, 0FFh.text:00403274 test eax, eax.text:00403276 jz short loc_403289.text:00403278 lea eax, [ebp-3Ch].text:0040327B push eax.text:0040327C call check2_40128F.text:00403281 add esp, 4.text:00403284 mov [ebp-8], eax.text:00403287 jmp short loc_403299.text:00403289 ; ---------------------------------------------------------------------------.text:00403289.text:00403289 loc_403289: ; CODE XREF: sub_40315C+11Aj.text:00403289 lea ecx, [ebp-20h].text:0040328C push ecx ; char *.text:0040328D call _printf.text:00403292 add esp, 4.text:00403295 xor eax, eax.text:00403297 jmp short loc_4032CD.text:00403299 ; ---------------------------------------------------------------------------.text:00403299.text:00403299 loc_403299: ; CODE XREF: sub_40315C+12Bj.text:00403299 mov edx, [ebp-4].text:0040329C add edx, [ebp-8].text:0040329F cmp edx, 2.text:004032A2 jnz short loc_4032B2.text:004032A4 lea eax, [ebp-14h].text:004032A7 push eax ; char *.text:004032A8 call _printf.text:004032AD add esp, 4.text:004032B0 jmp short loc_4032BE.text:004032B2 ; ---------------------------------------------------------------------------.text:004032B2.text:004032B2 loc_4032B2: ; CODE XREF: sub_40315C+146j.text:004032B2 lea ecx, [ebp-20h].text:004032B5 push ecx ; char *.text:004032B6 call _printf |
两个check函数比较长,中间也加了乱序代码感染分析 。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 | .text:004031D2 call j_print_ctf_403040.text:004031D7 call sub_40100A.text:004031DC lea edx, [ebp-14h].text:004031DF push edx.text:004031E0 call decode_string_401078 ; successs.text:004031E5 add esp, 4.text:004031E8 lea eax, [ebp-20h].text:004031EB push eax.text:004031EC call decode_string_401078 ; error.text:004031F1 add esp, 4.text:004031F4 push 18h.text:004031F6 lea ecx, [ebp-38h].text:004031F9 push ecx.text:004031FA push offset aS_0 ; "%s".text:004031FF call _scanf.text:00403204 add esp, 0Ch.text:00403207 lea edx, [ebp-38h].text:0040320A push edx ; char *.text:0040320B call _strlen.text:00403210 add esp, 4.text:00403213 cmp eax, 17h ; 长度17.text:00403216 jbe short loc_40322B.text:00403218 lea eax, [ebp-20h].text:0040321B push eax ; char *.text:0040321C call _printf.text:00403221 add esp, 4.text:00403224 push 0 ; int.text:00403226 call _exit.text:0040322B ; ---------------------------------------------------------------------------.text:0040322B.text:0040322B loc_40322B: ; CODE XREF: sub_40315C+BAj.text:0040322B lea ecx, [ebp-35h].text:0040322E push ecx ; char *.text:0040322F call _strlen.text:00403234 add esp, 4.text:00403237 push eax.text:00403238 push offset unk_495660 ; 放在这里.text:0040323D lea edx, [ebp-35h].text:00403240 push edx.text:00403241 call j_Covert_string_to_hex_string_402220.text:00403246 add esp, 0Ch.text:00403249 call check1_40125D ; 大数运算.text:0040324E mov [ebp-4], eax.text:00403251 push 3 ; size_t.text:00403253 lea eax, [ebp-38h].text:00403256 push eax ; void *.text:00403257 lea ecx, [ebp-3Ch].text:0040325A push ecx ; void *.text:0040325B call _memcpy.text:00403260 add esp, 0Ch.text:00403263 lea edx, [ebp-3Ch].text:00403266 push edx.text:00403267 call check_isdigit_40108C.text:0040326C add esp, 4.text:0040326F and eax, 0FFh.text:00403274 test eax, eax.text:00403276 jz short loc_403289.text:00403278 lea eax, [ebp-3Ch].text:0040327B push eax.text:0040327C call check2_40128F.text:00403281 add esp, 4.text:00403284 mov [ebp-8], eax.text:00403287 jmp short loc_403299.text:00403289 ; ---------------------------------------------------------------------------.text:00403289.text:00403289 loc_403289: ; CODE XREF: sub_40315C+11Aj.text:00403289 lea ecx, [ebp-20h].text:0040328C push ecx ; char *.text:0040328D call _printf.text:00403292 add esp, 4.text:00403295 xor eax, eax.text:00403297 jmp short loc_4032CD.text:00403299 ; ---------------------------------------------------------------------------.text:00403299.text:00403299 loc_403299: ; CODE XREF: sub_40315C+12Bj.text:00403299 mov edx, [ebp-4].text:0040329C add edx, [ebp-8].text:0040329F cmp edx, 2.text:004032A2 jnz short loc_4032B2.text:004032A4 lea eax, [ebp-14h].text:004032A7 push eax ; char *.text:004032A8 call _printf.text:004032AD add esp, 4.text:004032B0 jmp short loc_4032BE.text:004032B2 ; ---------------------------------------------------------------------------.text:004032B2.text:004032B2 loc_4032B2: ; CODE XREF: sub_40315C+146j.text:004032B2 lea ecx, [ebp-20h].text:004032B5 push ecx ; char *.text:004032B6 call _printf |
两个check函数比较长,中间也加了乱序代码感染分析 。
check1 是一个rsa算法。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 | .text:00402630.text:00402630 push ebp.text:00402631 mov ebp, esp.text:00402633 sub esp, 374h.text:00402639 push ebx.text:0040263A push esi.text:0040263B push edi.text:0040263C lea edi, [ebp+var_374].text:00402642 mov ecx, 0DDh.text:00402647 mov eax, 0CCCCCCCCh.text:0040264C rep stosd.text:0040264E push 10h.text:00402650 push 1F4h.text:00402655 call mirsys_4095A0.text:0040265A add esp, 8.text:0040265D mov [ebp+var_4], eax.text:00402660 mov [ebp+var_CC], 33h.text:00402667 mov [ebp+var_CB], 32h.text:0040266E mov [ebp+var_CA], 3Bh.text:00402675 mov [ebp+var_C9], 47h.text:0040267C mov [ebp+var_C8], 47h.text:00402683 mov [ebp+var_C7], 44h.text:0040268A mov [ebp+var_C6], 30h.text:00402691 mov [ebp+var_C5], 4Bh.text:00402698 mov [ebp+var_C4], 4Dh.text:0040269F mov [ebp+var_C3], 3Ch.text:004026A6 mov [ebp+var_C2], 4Eh.text:004026AD mov [ebp+var_C1], 4Fh.text:004026B4 mov [ebp+var_C0], 4Eh.text:004026BB mov [ebp+var_BF], 38h.text:004026C2 mov [ebp+var_BE], 3Bh.text:004026C9 mov [ebp+var_BD], 25h.text:004026D0 mov [ebp+var_BC], 20h.text:004026D7 mov [ebp+var_BB], 24h.text:004026DE mov [ebp+var_BA], 57h.text:004026E5 mov [ebp+var_B9], 24h.text:004026EC mov [ebp+var_B8], 22h.text:004026F3 mov [ebp+var_B7], 52h.text:004026FA mov [ebp+var_B6], 2Eh.text:00402701 mov [ebp+var_B5], 2Fh.text:00402708 mov [ebp+var_B4], 21h.text:0040270F mov [ebp+var_B3], 5Ch.text:00402716 mov [ebp+var_B2], 2Eh.text:0040271D mov [ebp+var_B1], 5Ah.text:00402724 mov [ebp+var_B0], 2Dh.text:0040272B mov [ebp+var_AF], 28h.text:00402732 mov [ebp+var_AE], 27h.text:00402739 mov [ebp+var_AD], 11h.text:00402740 mov [ebp+var_AC], 67h.text:00402747 mov [ebp+var_AB], 17h.text:0040274E mov [ebp+var_AA], 10h.text:00402755 mov [ebp+var_A9], 10h.text:0040275C mov [ebp+var_A8], 60h.text:00402763 mov [ebp+var_A7], 67h.text:0040276A mov [ebp+var_A6], 63h.text:00402771 mov [ebp+var_A5], 1Ah.text:00402778 mov [ebp+var_A4], 1Ah.text:0040277F mov [ebp+var_A3], 1Fh.text:00402786 mov [ebp+var_A2], 6Fh.text:0040278D mov [ebp+var_A1], 19h.text:00402794 mov [ebp+var_A0], 6Eh.text:0040279B mov [ebp+var_9F], 1Ah.text:004027A2 mov [ebp+var_9E], 16h.text:004027A9 mov [ebp+var_9D], 71h.text:004027B0 mov [ebp+var_9C], 75h.text:004027B7 mov [ebp+var_9B], 76h.text:004027BE mov [ebp+var_9A], 4.text:004027C5 mov [ebp+var_99], 6.text:004027CC mov [ebp+var_98], 71h.text:004027D3 mov [ebp+var_97], 4.text:004027DA mov [ebp+var_96], 73h.text:004027E1 mov [ebp+var_95], 7Ah.text:004027E8 mov [ebp+var_94], 1.text:004027EF mov [ebp+var_93], 0Eh.text:004027F6 mov [ebp+var_92], 0Bh.text:004027FD mov [ebp+var_91], 78h.text:00402804 mov [ebp+var_90], 8.text:0040280B mov [ebp+var_8F], 0Dh.text:00402812 mov [ebp+var_8E], 0Fh.text:00402819 mov [ebp+var_8D], 74h.text:00402820 mov ecx, 22h.text:00402825 xor eax, eax.text:00402827 lea edi, [ebp+var_8C].text:0040282D rep stosd.text:0040282F mov [ebp+var_194], 0.text:00402836 mov ecx, 31h.text:0040283B xor eax, eax.text:0040283D lea edi, [ebp+var_193].text:00402843 rep stosd.text:00402845 stosw.text:00402847 stosb.text:00402848 mov [ebp+var_25C], 0.text:0040284F mov ecx, 31h.text:00402854 xor eax, eax.text:00402856 lea edi, [ebp+var_25B].text:0040285C rep stosd.text:0040285E stosw.text:00402860 stosb.text:00402861 mov [ebp+var_324], 36h.text:00402868 mov [ebp+var_323], 66h.text:0040286F mov [ebp+var_322], 62h.text:00402876 mov [ebp+var_321], 37h.text:0040287D mov [ebp+var_320], 3Ch.text:00402884 mov [ebp+var_31F], 62h.text:0040288B mov [ebp+var_31E], 62h.text:00402892 mov [ebp+var_31D], 3Eh.text:00402899 mov [ebp+var_31C], 3Fh.text:004028A0 mov [ebp+var_31B], 3Ah.text:004028A7 mov [ebp+var_31A], 3Ah.text:004028AE mov [ebp+var_319], 3Ah.text:004028B5 mov [ebp+var_318], 39h.text:004028BC mov [ebp+var_317], 39h.text:004028C3 mov [ebp+var_316], 38h.text:004028CA mov [ebp+var_315], 72h.text:004028D1 mov [ebp+var_314], 20h.text:004028D8 mov [ebp+var_313], 73h.text:004028DF mov [ebp+var_312], 75h.text:004028E6 mov [ebp+var_311], 77h.text:004028ED mov [ebp+var_310], 26h.text:004028F4 mov [ebp+var_30F], 72h.text:004028FB mov [ebp+var_30E], 74h.text:00402902 mov [ebp+var_30D], 20h.text:00402909 mov [ebp+var_30C], 7Ch.text:00402910 mov [ebp+var_30B], 29h.text:00402917 mov [ebp+var_30A], 2Bh.text:0040291E mov [ebp+var_309], 25h.text:00402925 mov [ebp+var_308], 79h.text:0040292C mov [ebp+var_307], 7Dh.text:00402933 mov [ebp+var_306], 2Bh.text:0040293A mov [ebp+var_305], 12h.text:00402941 mov [ebp+var_304], 18h.text:00402948 mov [ebp+var_303], 40h.text:0040294F mov [ebp+var_302], 16h.text:00402956 mov [ebp+var_301], 40h.text:0040295D mov [ebp+var_300], 40h.text:00402964 mov [ebp+var_2FF], 1Eh.text:0040296B mov [ebp+var_2FE], 12h.text:00402972 mov [ebp+var_2FD], 1Dh.text:00402979 mov [ebp+var_2FC], 4Fh.text:00402980 mov [ebp+var_2FB], 1Ah.text:00402987 mov [ebp+var_2FA], 4Fh.text:0040298E mov [ebp+var_2F9], 1Ah.text:00402995 mov [ebp+var_2F8], 1Ch.text:0040299C mov [ebp+var_2F7], 18h.text:004029A3 mov [ebp+var_2F6], 4Bh.text:004029AA mov [ebp+var_2F5], 2.text:004029B1 mov [ebp+var_2F4], 3.text:004029B8 mov [ebp+var_2F3], 7.text:004029BF mov [ebp+var_2F2], 51h.text:004029C6 mov [ebp+var_2F1], 1.text:004029CD mov [ebp+var_2F0], 2.text:004029D4 mov [ebp+var_2EF], 6.text:004029DB mov [ebp+var_2EE], 55h.text:004029E2 mov [ebp+var_2ED], 0Eh.text:004029E9 mov [ebp+var_2EC], 1.text:004029F0 mov [ebp+var_2EB], 58h.text:004029F7 mov [ebp+var_2EA], 3.text:004029FE mov [ebp+var_2E9], 4.text:00402A05 mov [ebp+var_2E8], 5Ch.text:00402A0C mov [ebp+var_2E7], 0Bh.text:00402A13 mov [ebp+var_2E6], 7.text:00402A1A mov [ebp+var_2E5], 75h.text:00402A21 mov ecx, 22h.text:00402A26 xor eax, eax.text:00402A28 lea edi, [ebp+var_2E4].text:00402A2E rep stosd.text:00402A30 call sub_402A3A.text:00402A35.text:00402A35 loc_402A35: ; CODE XREF: sub_402A3Ap.text:00402A35 call near ptr 12B3225h.text:00402A35 sub_402630 endp ; sp-analysis failed.text:00402A35.text:00402A3A.text:00402A3A ; =============== S U B R O U T I N E =======================================.text:00402A3A.text:00402A3A.text:00402A3A sub_402A3A proc near ; CODE XREF: sub_402630+400p.text:00402A3A call near ptr loc_402A35+1.text:00402A3F add esp, 8.text:00402A42 lea eax, [ebp-0CCh].text:00402A48 push eax.text:00402A49 call decode_string_401078.text:00402A4E add esp, 4.text:00402A51 lea ecx, [ebp-324h].text:00402A57 push ecx.text:00402A58 call decode_string_401078.text:00402A5D add esp, 4.text:00402A60 mov edx, [ebp-4].text:00402A63 mov dword ptr [edx+234h], 16 ; mip->IOBASE=16; //将原来的10进制改为16进制模式.text:00402A6D push 0.text:00402A6F call mirsys_func1_409350.text:00402A74 add esp, 4.text:00402A77 mov [ebp-328h], eax.text:00402A7D push 0.text:00402A7F call mirsys_func1_409350.text:00402A84 add esp, 4.text:00402A87 mov [ebp-32Ch], eax.text:00402A8D push 0.text:00402A8F call mirsys_func1_409350.text:00402A94 add esp, 4.text:00402A97 mov [ebp-334h], eax.text:00402A9D push 0.text:00402A9F call mirsys_func1_409350.text:00402AA4 add esp, 4.text:00402AA7 mov [ebp-330h], eax.text:00402AAD push offset unk_495660.text:00402AB2 mov eax, [ebp-334h].text:00402AB8 push eax.text:00402AB9 call mirsys_cinstr_40D1E0.text:00402ABE add esp, 8.text:00402AC1 lea ecx, [ebp-324h].text:00402AC7 push ecx.text:00402AC8 mov edx, [ebp-328h].text:00402ACE push edx.text:00402ACF call mirsys_cinstr_40D1E0.text:00402AD4 add esp, 8.text:00402AD7 push offset a3e9 ; "3e9".text:00402ADC mov eax, [ebp-32Ch].text:00402AE2 push eax.text:00402AE3 call mirsys_cinstr_40D1E0.text:00402AE8 add esp, 8.text:00402AEB mov ecx, [ebp-328h].text:00402AF1 push ecx.text:00402AF2 mov edx, [ebp-334h].text:00402AF8 push edx.text:00402AF9 call mirsys_compare_40A2C0 ; 函数原型: int compare(big x, big y);.text:00402AF9 ;.text:00402AF9 ; 功能说明: 比较两个大数的大小.text:00402AF9 ;.text:00402AF9 ; 返回值: x>y时返回+1, x=y时返回0, x<y时返回-1.text:00402AFE add esp, 8.text:00402B01 cmp eax, 0FFFFFFFFh.text:00402B04 jnz loc_402BD4.text:00402B0A mov eax, [ebp-330h].text:00402B10 push eax.text:00402B11 mov ecx, [ebp-328h].text:00402B17 push ecx.text:00402B18 mov edx, [ebp-32Ch].text:00402B1E push edx.text:00402B1F mov eax, [ebp-334h].text:00402B25 push eax.text:00402B26 call mirsys_powmod_40C110 ; 函数原型: void powmod(big x, big y,big z, big w);.text:00402B26 ;.text:00402B26 ; 功能说明: 模幂运算,w=xy mod z.text:00402B2B add esp, 10h.text:00402B2E push 0.text:00402B30 lea ecx, [ebp-194h].text:00402B36 push ecx.text:00402B37 mov edx, [ebp-330h].text:00402B3D push edx.text:00402B3E push 0.text:00402B40 call mirsys_get_40B280.text:00402B45 add esp, 10h.text:00402B48 mov eax, [ebp-328h].text:00402B4E push eax.text:00402B4F call mirsys_mirkill_409CA0.text:00402B54 add esp, 4.text:00402B57 mov ecx, [ebp-32Ch].text:00402B5D push ecx.text:00402B5E call mirsys_mirkill_409CA0.text:00402B63 add esp, 4.text:00402B66 mov edx, [ebp-334h].text:00402B6C push edx.text:00402B6D call mirsys_mirkill_409CA0.text:00402B72 add esp, 4.text:00402B75 mov eax, [ebp-330h].text:00402B7B push eax.text:00402B7C call mirsys_mirkill_409CA0.text:00402B81 add esp, 4.text:00402B84 call sub_409CC0.text:00402B89 lea ecx, [ebp-194h].text:00402B8F push ecx ; char *.text:00402B90 call _strlen.text:00402B95 add esp, 4.text:00402B98 push eax.text:00402B99 lea edx, [ebp-25Ch].text:00402B9F push edx.text:00402BA0 lea eax, [ebp-194h].text:00402BA6 push eax.text:00402BA7 call charAry2String_40100F.text:00402BAC add esp, 0Ch.text:00402BAF lea ecx, [ebp-25Ch].text:00402BB5 push ecx ; char *.text:00402BB6 lea edx, [ebp-0CCh].text:00402BBC push edx ; char *.text:00402BBD call _strcmp.text:00402BC2 add esp, 8.text:00402BC5 test eax, eax.text:00402BC7 jnz short loc_402BD0.text:00402BC9 mov eax, 1.text:00402BCE jmp short loc_402BD6.text:00402BD0 ; ---------------------------------------------------------------------------.text:00402BD0.text:00402BD0 loc_402BD0: ; CODE XREF: sub_402A3A+18Dj.text:00402BD0 xor eax, eax.text:00402BD2 jmp short loc_402BD6.text:00402BD4 ; ---------------------------------------------------------------------------.text:00402BD4.text:00402BD4 loc_402BD4: ; CODE XREF: sub_402A3A+CAj.text:00402BD4 xor eax, eax.text:00402BD6.text:00402BD6 loc_402BD6: ; CODE XREF: sub_402A3A+194j.text:00402BD6 ; sub_402A3A+198j.text:00402BD6 pop edi.text:00402BD7 pop esi.text:00402BD8 pop ebx.text:00402BD9 add esp, 374h.text:00402BDF cmp ebp, esp.text:00402BE1 call __chkesp.text:00402BE6 mov esp, ebp.text:00402BE8 pop ebp.text:00402BE9 retn.text:00402BE9 sub_402A3A endp ; sp-analysis failed |
主要过程:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 | .text:00402630.text:00402630 push ebp.text:00402631 mov ebp, esp.text:00402633 sub esp, 374h.text:00402639 push ebx.text:0040263A push esi.text:0040263B push edi.text:0040263C lea edi, [ebp+var_374].text:00402642 mov ecx, 0DDh.text:00402647 mov eax, 0CCCCCCCCh.text:0040264C rep stosd.text:0040264E push 10h.text:00402650 push 1F4h.text:00402655 call mirsys_4095A0.text:0040265A add esp, 8.text:0040265D mov [ebp+var_4], eax.text:00402660 mov [ebp+var_CC], 33h.text:00402667 mov [ebp+var_CB], 32h.text:0040266E mov [ebp+var_CA], 3Bh.text:00402675 mov [ebp+var_C9], 47h.text:0040267C mov [ebp+var_C8], 47h.text:00402683 mov [ebp+var_C7], 44h.text:0040268A mov [ebp+var_C6], 30h.text:00402691 mov [ebp+var_C5], 4Bh.text:00402698 mov [ebp+var_C4], 4Dh.text:0040269F mov [ebp+var_C3], 3Ch.text:004026A6 mov [ebp+var_C2], 4Eh.text:004026AD mov [ebp+var_C1], 4Fh.text:004026B4 mov [ebp+var_C0], 4Eh.text:004026BB mov [ebp+var_BF], 38h.text:004026C2 mov [ebp+var_BE], 3Bh.text:004026C9 mov [ebp+var_BD], 25h.text:004026D0 mov [ebp+var_BC], 20h.text:004026D7 mov [ebp+var_BB], 24h.text:004026DE mov [ebp+var_BA], 57h.text:004026E5 mov [ebp+var_B9], 24h.text:004026EC mov [ebp+var_B8], 22h.text:004026F3 mov [ebp+var_B7], 52h.text:004026FA mov [ebp+var_B6], 2Eh.text:00402701 mov [ebp+var_B5], 2Fh.text:00402708 mov [ebp+var_B4], 21h.text:0040270F mov [ebp+var_B3], 5Ch.text:00402716 mov [ebp+var_B2], 2Eh.text:0040271D mov [ebp+var_B1], 5Ah.text:00402724 mov [ebp+var_B0], 2Dh.text:0040272B mov [ebp+var_AF], 28h.text:00402732 mov [ebp+var_AE], 27h.text:00402739 mov [ebp+var_AD], 11h.text:00402740 mov [ebp+var_AC], 67h.text:00402747 mov [ebp+var_AB], 17h.text:0040274E mov [ebp+var_AA], 10h.text:00402755 mov [ebp+var_A9], 10h.text:0040275C mov [ebp+var_A8], 60h.text:00402763 mov [ebp+var_A7], 67h.text:0040276A mov [ebp+var_A6], 63h.text:00402771 mov [ebp+var_A5], 1Ah.text:00402778 mov [ebp+var_A4], 1Ah.text:0040277F mov [ebp+var_A3], 1Fh.text:00402786 mov [ebp+var_A2], 6Fh.text:0040278D mov [ebp+var_A1], 19h.text:00402794 mov [ebp+var_A0], 6Eh.text:0040279B mov [ebp+var_9F], 1Ah.text:004027A2 mov [ebp+var_9E], 16h.text:004027A9 mov [ebp+var_9D], 71h.text:004027B0 mov [ebp+var_9C], 75h.text:004027B7 mov [ebp+var_9B], 76h.text:004027BE mov [ebp+var_9A], 4.text:004027C5 mov [ebp+var_99], 6.text:004027CC mov [ebp+var_98], 71h.text:004027D3 mov [ebp+var_97], 4.text:004027DA mov [ebp+var_96], 73h.text:004027E1 mov [ebp+var_95], 7Ah.text:004027E8 mov [ebp+var_94], 1.text:004027EF mov [ebp+var_93], 0Eh.text:004027F6 mov [ebp+var_92], 0Bh.text:004027FD mov [ebp+var_91], 78h.text:00402804 mov [ebp+var_90], 8.text:0040280B mov [ebp+var_8F], 0Dh.text:00402812 mov [ebp+var_8E], 0Fh.text:00402819 mov [ebp+var_8D], 74h.text:00402820 mov ecx, 22h.text:00402825 xor eax, eax.text:00402827 lea edi, [ebp+var_8C].text:0040282D rep stosd.text:0040282F mov [ebp+var_194], 0.text:00402836 mov ecx, 31h.text:0040283B xor eax, eax.text:0040283D lea edi, [ebp+var_193].text:00402843 rep stosd.text:00402845 stosw.text:00402847 stosb.text:00402848 mov [ebp+var_25C], 0.text:0040284F mov ecx, 31h.text:00402854 xor eax, eax.text:00402856 lea edi, [ebp+var_25B].text:0040285C rep stosd.text:0040285E stosw.text:00402860 stosb.text:00402861 mov [ebp+var_324], 36h.text:00402868 mov [ebp+var_323], 66h.text:0040286F mov [ebp+var_322], 62h.text:00402876 mov [ebp+var_321], 37h.text:0040287D mov [ebp+var_320], 3Ch.text:00402884 mov [ebp+var_31F], 62h.text:0040288B mov [ebp+var_31E], 62h.text:00402892 mov [ebp+var_31D], 3Eh.text:00402899 mov [ebp+var_31C], 3Fh.text:004028A0 mov [ebp+var_31B], 3Ah.text:004028A7 mov [ebp+var_31A], 3Ah.text:004028AE mov [ebp+var_319], 3Ah.text:004028B5 mov [ebp+var_318], 39h.text:004028BC mov [ebp+var_317], 39h.text:004028C3 mov [ebp+var_316], 38h.text:004028CA mov [ebp+var_315], 72h.text:004028D1 mov [ebp+var_314], 20h.text:004028D8 mov [ebp+var_313], 73h.text:004028DF mov [ebp+var_312], 75h.text:004028E6 mov [ebp+var_311], 77h.text:004028ED mov [ebp+var_310], 26h.text:004028F4 mov [ebp+var_30F], 72h.text:004028FB mov [ebp+var_30E], 74h.text:00402902 mov [ebp+var_30D], 20h.text:00402909 mov [ebp+var_30C], 7Ch.text:00402910 mov [ebp+var_30B], 29h.text:00402917 mov [ebp+var_30A], 2Bh.text:0040291E mov [ebp+var_309], 25h.text:00402925 mov [ebp+var_308], 79h.text:0040292C mov [ebp+var_307], 7Dh.text:00402933 mov [ebp+var_306], 2Bh.text:0040293A mov [ebp+var_305], 12h.text:00402941 mov [ebp+var_304], 18h.text:00402948 mov [ebp+var_303], 40h.text:0040294F mov [ebp+var_302], 16h.text:00402956 mov [ebp+var_301], 40h.text:0040295D mov [ebp+var_300], 40h.text:00402964 mov [ebp+var_2FF], 1Eh.text:0040296B mov [ebp+var_2FE], 12h.text:00402972 mov [ebp+var_2FD], 1Dh.text:00402979 mov [ebp+var_2FC], 4Fh.text:00402980 mov [ebp+var_2FB], 1Ah.text:00402987 mov [ebp+var_2FA], 4Fh.text:0040298E mov [ebp+var_2F9], 1Ah.text:00402995 mov [ebp+var_2F8], 1Ch.text:0040299C mov [ebp+var_2F7], 18h.text:004029A3 mov [ebp+var_2F6], 4Bh.text:004029AA mov [ebp+var_2F5], 2.text:004029B1 mov [ebp+var_2F4], 3.text:004029B8 mov [ebp+var_2F3], 7.text:004029BF mov [ebp+var_2F2], 51h.text:004029C6 mov [ebp+var_2F1], 1.text:004029CD mov [ebp+var_2F0], 2.text:004029D4 mov [ebp+var_2EF], 6.text:004029DB mov [ebp+var_2EE], 55h.text:004029E2 mov [ebp+var_2ED], 0Eh.text:004029E9 mov [ebp+var_2EC], 1.text:004029F0 mov [ebp+var_2EB], 58h.text:004029F7 mov [ebp+var_2EA], 3.text:004029FE mov [ebp+var_2E9], 4.text:00402A05 mov [ebp+var_2E8], 5Ch.text:00402A0C mov [ebp+var_2E7], 0Bh.text:00402A13 mov [ebp+var_2E6], 7.text:00402A1A mov [ebp+var_2E5], 75h.text:00402A21 mov ecx, 22h.text:00402A26 xor eax, eax.text:00402A28 lea edi, [ebp+var_2E4].text:00402A2E rep stosd.text:00402A30 call sub_402A3A.text:00402A35.text:00402A35 loc_402A35: ; CODE XREF: sub_402A3Ap.text:00402A35 call near ptr 12B3225h.text:00402A35 sub_402630 endp ; sp-analysis failed.text:00402A35.text:00402A3A.text:00402A3A ; =============== S U B R O U T I N E =======================================.text:00402A3A.text:00402A3A.text:00402A3A sub_402A3A proc near ; CODE XREF: sub_402630+400p.text:00402A3A call near ptr loc_402A35+1.text:00402A3F add esp, 8.text:00402A42 lea eax, [ebp-0CCh].text:00402A48 push eax.text:00402A49 call decode_string_401078.text:00402A4E add esp, 4.text:00402A51 lea ecx, [ebp-324h].text:00402A57 push ecx.text:00402A58 call decode_string_401078.text:00402A5D add esp, 4.text:00402A60 mov edx, [ebp-4].text:00402A63 mov dword ptr [edx+234h], 16 ; mip->IOBASE=16; //将原来的10进制改为16进制模式.text:00402A6D push 0.text:00402A6F call mirsys_func1_409350.text:00402A74 add esp, 4.text:00402A77 mov [ebp-328h], eax.text:00402A7D push 0.text:00402A7F call mirsys_func1_409350.text:00402A84 add esp, 4.text:00402A87 mov [ebp-32Ch], eax.text:00402A8D push 0.text:00402A8F call mirsys_func1_409350.text:00402A94 add esp, 4.text:00402A97 mov [ebp-334h], eax.text:00402A9D push 0.text:00402A9F call mirsys_func1_409350.text:00402AA4 add esp, 4.text:00402AA7 mov [ebp-330h], eax.text:00402AAD push offset unk_495660.text:00402AB2 mov eax, [ebp-334h].text:00402AB8 push eax.text:00402AB9 call mirsys_cinstr_40D1E0.text:00402ABE add esp, 8.text:00402AC1 lea ecx, [ebp-324h].text:00402AC7 push ecx.text:00402AC8 mov edx, [ebp-328h].text:00402ACE push edx.text:00402ACF call mirsys_cinstr_40D1E0.text:00402AD4 add esp, 8.text:00402AD7 push offset a3e9 ; "3e9".text:00402ADC mov eax, [ebp-32Ch].text:00402AE2 push eax.text:00402AE3 call mirsys_cinstr_40D1E0.text:00402AE8 add esp, 8.text:00402AEB mov ecx, [ebp-328h].text:00402AF1 push ecx.text:00402AF2 mov edx, [ebp-334h].text:00402AF8 push edx.text:00402AF9 call mirsys_compare_40A2C0 ; 函数原型: int compare(big x, big y);.text:00402AF9 ;.text:00402AF9 ; 功能说明: 比较两个大数的大小.text:00402AF9 ;.text:00402AF9 ; 返回值: x>y时返回+1, x=y时返回0, x<y时返回-1.text:00402AFE add esp, 8.text:00402B01 cmp eax, 0FFFFFFFFh.text:00402B04 jnz loc_402BD4.text:00402B0A mov eax, [ebp-330h].text:00402B10 push eax.text:00402B11 mov ecx, [ebp-328h].text:00402B17 push ecx.text:00402B18 mov edx, [ebp-32Ch].text:00402B1E push edx.text:00402B1F mov eax, [ebp-334h].text:00402B25 push eax.text:00402B26 call mirsys_powmod_40C110 ; 函数原型: void powmod(big x, big y,big z, big w);.text:00402B26 ;.text:00402B26 ; 功能说明: 模幂运算,w=xy mod z.text:00402B2B add esp, 10h.text:00402B2E push 0.text:00402B30 lea ecx, [ebp-194h].text:00402B36 push ecx.text:00402B37 mov edx, [ebp-330h].text:00402B3D push edx.text:00402B3E push 0.text:00402B40 call mirsys_get_40B280.text:00402B45 add esp, 10h.text:00402B48 mov eax, [ebp-328h].text:00402B4E push eax.text:00402B4F call mirsys_mirkill_409CA0.text:00402B54 add esp, 4.text:00402B57 mov ecx, [ebp-32Ch].text:00402B5D push ecx.text:00402B5E call mirsys_mirkill_409CA0.text:00402B63 add esp, 4.text:00402B66 mov edx, [ebp-334h].text:00402B6C push edx.text:00402B6D call mirsys_mirkill_409CA0.text:00402B72 add esp, 4.text:00402B75 mov eax, [ebp-330h].text:00402B7B push eax.text:00402B7C call mirsys_mirkill_409CA0.text:00402B81 add esp, 4.text:00402B84 call sub_409CC0.text:00402B89 lea ecx, [ebp-194h].text:00402B8F push ecx ; char *.text:00402B90 call _strlen.text:00402B95 add esp, 4.text:00402B98 push eax.text:00402B99 lea edx, [ebp-25Ch].text:00402B9F push edx.text:00402BA0 lea eax, [ebp-194h].text:00402BA6 push eax.text:00402BA7 call charAry2String_40100F.text:00402BAC add esp, 0Ch.text:00402BAF lea ecx, [ebp-25Ch].text:00402BB5 push ecx ; char *.text:00402BB6 lea edx, [ebp-0CCh].text:00402BBC push edx ; char *.text:00402BBD call _strcmp.text:00402BC2 add esp, 8.text:00402BC5 test eax, eax.text:00402BC7 jnz short loc_402BD0.text:00402BC9 mov eax, 1.text:00402BCE jmp short loc_402BD6.text:00402BD0 ; ---------------------------------------------------------------------------.text:00402BD0.text:00402BD0 loc_402BD0: ; CODE XREF: sub_402A3A+18Dj.text:00402BD0 xor eax, eax.text:00402BD2 jmp short loc_402BD6.text:00402BD4 ; ---------------------------------------------------------------------------.text:00402BD4.text:00402BD4 loc_402BD4: ; CODE XREF: sub_402A3A+CAj.text:00402BD4 xor eax, eax.text:00402BD6.text:00402BD6 loc_402BD6: ; CODE XREF: sub_402A3A+194j.text:00402BD6 ; sub_402A3A+198j.text:00402BD6 pop edi.text:00402BD7 pop esi.text:00402BD8 pop ebx.text:00402BD9 add esp, 374h.text:00402BDF cmp ebp, esp.text:00402BE1 call __chkesp.text:00402BE6 mov esp, ebp.text:00402BE8 pop ebp.text:00402BE9 retn.text:00402BE9 sub_402A3A endp ; sp-analysis failed |
主要过程:
1.取注册码的第4位后边的字符串,转成16进制字符串。
2.利用 mirsys 计算
powmod:
1 2 3 4 5 | 函数原型: void powmod(big x, big y,big z, big w);功能说明: 模幂运算,w=xy mod z |
X就是输入的字符串
1 2 3 4 5 | 函数原型: void powmod(big x, big y,big z, big w);功能说明: 模幂运算,w=xy mod z |
X就是输入的字符串
Y是0x3e9
Z是7da39de66016477b1afc3dc8e309dc429b5de855f0d616d225b570b68b88a585 上边解密出来的字符串
计算出来的值W与208CBB7CD6ECC6450019FDF016D07D978F5F0681F534EAD235D5C49ADD72D2DB840D5304比较,相等既成功。
等于就是一个RSA加密过程。
其中E=0x3e9
N= 0x7da39de66016477b1afc3dc8e309dc429b5de855f0d616d225b570b68b88a585
M= 0x208CBB7CD6ECC6450019FDF016D07D978F5F0681F534EAD235D5C49ADD72D2DB840D5304 密文。
利用在线网站http://www.factordb.com/index.php?query=56828191929550499896142468009756520490526164668720784286547535509684830643589
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
