破解思路:本题的重点在于单个字符的变换强度。真实的编码table从头到尾不会在内存中显示。所以攻击者需要先将断点设置在charEncrypt处,找出编码的变换规则,然后找到修改过后的编码table,根据变换规则推导出真正的编码table。
/*base64编/解码用的基础字符集*/
static char charEncrypt(int data)
{
char *table = TABLE1;
data = table[data];
if(data>=65 && data<=90)
{
data = (155-data) ;
return (char)data;
}
if(data>=97&&data<=122)
{
data = (data-64);
return (char)data;
}
if(data>=48&&data<=57)
{
data = (data + 50) ;
return (char)data;
}
if(data==43)
{
data = 119;
return (char)data;
}
if(data==47)
data = 121;
return (char)data;
}
static int base64_encode( const uint8_t *bindata, char *base64, int binlength)
{
int i, j;
uint8_t current;
for ( i = 0, j = 0 ; i < binlength ; i += 3 ) {
current = (bindata[i] >> 2) ;
current &= (uint8_t)0x3F;
base64[j++] = charEncrypt((int)current);
current = ( (uint8_t)(bindata[i] << 4 ) ) & ( (uint8_t)0x30 ) ;
if ( i + 1 >= binlength ) {
base64[j++] = charEncrypt((int)current);
base64[j++] = '=';
base64[j++] = '=';
break;
}
current |= ( (uint8_t)(bindata[i+1] >> 4) ) & ( (uint8_t) 0x0F );
base64[j++] = charEncrypt((int)current);
current = ( (uint8_t)(bindata[i+1] << 2) ) & ( (uint8_t)0x3C ) ;
if ( i + 2 >= binlength ) {
base64[j++] = charEncrypt((int)current);
base64[j++] = '=';
break;
}
current |= ( (uint8_t)(bindata[i+2] >> 6) ) & ( (uint8_t) 0x03 );
base64[j++] = charEncrypt((int)current);
current = ( (uint8_t)bindata[i+2] ) & ( (uint8_t)0x3F ) ;
base64[j++] = charEncrypt((int)current);
}
base64[j] = '\0';
return j;
}
int main (int argc, char **argv)
{
char str1[55];
printf("please enter Serial:");
scanf(" %s",str1);
if(strlen(str1)>=50)
{
printf("error\n");
exit;
}
char *base64_str = calloc(1, 1024);
base64_encode(str1, base64_str, strlen(str1));
char *str = "!NGV%,$h1f4S3%2P(hkQ94==";
if(!strcmp(str,base64_str))
{
printf("Success\n");
} else{
printf("Please Try Again\n");
}
free(base64_str);
system("pause");
return 0;
}
