happytown的第11个CreakMe算法简单分析+KeyGen-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

happytown的第11个CreakMe算法简单分析+KeyGen

2006-5-13 19:20 9600

happytown的第11个CreakMe算法简单分析+KeyGen

小虾

2006-5-13 19:20

9600

happytown的第11个CreakMe算法简单分析+KeyGen

; 最近比较清闲，也为了学习一下使用IDA，所以顺手分析了一下。

; 作者都说了，这个CrackMe是KeyFile的保护方式，所以优先选择下断CreateFileA函数，运行程序，中断在这里。
.text:004010B3                push 0             ; hTemplateFile
.text:004010B5                push 80h          ; dwFlagsAndAttributes
.text:004010BA                push 3             ; dwCreationDisposition
.text:004010BC                push 0             ; lpSecurityAttributes
.text:004010BE                push 0             ; dwShareMode
.text:004010C0                push 80000000h    ; dwDesiredAccess
.text:004010C5                push offset FileName ; "Key.reg" 说明Key文件名是Key.reg
.text:004010CA                call CreateFileA
.text:004010CF                cmp    eax, 0FFFFFFFFh
.text:004010D2                jz    loc_401210
.text:004010D8                mov    [ebp+hFile], eax
.text:004010DB                push 0             ; lpFileSizeHigh
.text:004010DD                push [ebp+hFile]    ; hFile
.text:004010E0                call GetFileSize    ; 获取文件的大小
.text:004010E5                mov    [ebp+var_10], eax
.text:004010E8                cmp    [ebp+var_10], 19h ; 判断文件的大小
.text:004010EC                jnb    short loc_4010F8  ; 文件的大小小于19个字节就Over
.text:004010EE                jmp    loc_40119C       ; 程序Over
.text:004010F3 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪嫩/color]
.text:004010F3                jmp    loc_40119C
.text:004010F8 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪嫩/color]
.text:004010F8
.text:004010F8 loc_4010F8:                            ; CODE XREF: DialogFunc+BEj
.text:004010F8                push 0             ; lpOverlapped
.text:004010FA                lea    eax, [ebp+NumberOfBytesRead]
.text:004010FD                push eax          ; lpNumberOfBytesRead
.text:004010FE                push 100h          ; nNumberOfBytesToRead
.text:00401103                push offset unk_4041B8 ; lpBuffer
.text:00401108                push [ebp+hFile]    ; hFile
.text:0040110B                call ReadFile       ; 读取文件内容，保存在4041b8缓冲区中
.text:00401110                xor    edx, edx
.text:00401112                xor    ebx, ebx
.text:00401114                lea    eax, unk_4041B8 ; 取得4041b8缓冲区的地址
.text:0040111A                add    eax, 14h       ; 缓冲区地址指针前进14h位
.text:0040111D                mov    dl, [eax]    ; 取出缓冲区第14h位的内容
.text:0040111F                cmp    dl, bl       ; 是否为零
.text:00401121                jnz    short loc_40119C ;不为零则程序就Over，从这里可以知道Key文件的第14h位必须是NULL
.text:00401123                mov    ecx, 14h
.text:00401128                inc    eax          ; eax指向缓冲区的第15h位内容
.text:00401129                mov    [ebp+var_14], eax ; 保存
.text:0040112C                xor    ecx, ecx
.text:0040112E
.text:0040112E loc_40112E:                            ; CODE XREF: DialogFunc+106j
.text:0040112E                mov    dl, [ecx+eax] ; 下面的循环是从缓冲区的第15位起计算后面的数据长度
.text:00401131                inc    ecx          ; 从缓冲区的第15位起后的数据是用MD5来加密的。
.text:00401132                cmp    dl, bl
.text:00401134                jnz    short loc_40112E ; 为零则退出循环(以NULL作为结束判断)
.text:00401136                dec    ecx             ; 长度减1
.text:00401137                mov    [ebp+var_18], ecx ; 保存

;下面是调用MD5函数，函数原型供参考如下：
;MD5 proc lpdwKeyFile[15h],lpnNameLen1,lpnNameLen2,lpdwMd5Count,dwCount
.text:0040113A                push 0                ; dwCount
.text:0040113C                lea    eax, [ebp+var_38]
.text:0040113F                push eax             ; lpdwMd5Count
.text:00401140                push [ebp+var_18]    ; lpnNameLen2
.text:00401143                push [ebp+var_18]    ; lpnNameLen1
.text:00401146                push [ebp+var_14]    ; lpdwKeyFile[15h]
.text:00401149                call sub_401290       ; MD5Encrypt，MD5加密函数，这个函数就不贴了，有兴趣的朋友就看我的源码吧。
.text:0040114E                mov    ecx, 14h
.text:00401153                lea    esi, unk_4041B8 ; lpdwKeyFile
.text:00401159                lea    edi, [ebp+var_38] ; lpdwMdtCount
.text:0040115C                repe cmpsb             ; 比较，若lpdwKeyFile和lpdwMd5Count的数据不等则Over
.text:0040115E                jnz    short loc_40119C  ; 这里不跳就注册成功

; 下面是设置注册成功的信息
.text:00401160                push [ebp+var_14]
.text:00401163                push offset aRegisteredToS ; "Registered to: %s"
.text:00401168                push offset byte_4042B8 ; LPSTR
.text:0040116D                call wsprintfA
.text:00401172                add    esp, 0Ch
.text:00401175                push 3F3h          ; nIDDlgItem
.text:0040117A                push [ebp+hDlg]    ; hDlg
.text:0040117D                call GetDlgItem
.text:00401182                push 0             ; bEnable
.text:00401184                push eax          ; hWnd
.text:00401185                call EnableWindow
.text:0040118A                push offset byte_4042B8 ; lpString
.text:0040118F                push 3F3h          ; nIDDlgItem
.text:00401194                push [ebp+hDlg]    ; hDlg
.text:00401197                call SetDlgItemTextA
.text:0040119C
.text:0040119C loc_40119C:                            ; CODE XREF: DialogFunc+C0j
.text:0040119C                                        ; DialogFunc+C5j ...
.text:0040119C                jmp    short loc_401210
.text:0040119E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪嫩/color]
.text:0040119E
.text:0040119E loc_40119E:                            ; CODE XREF: DialogFunc+Ej
.text:0040119E                cmp    eax, 111h
.text:004011A3                jnz    short loc_4011F6
.text:004011A5                mov    eax, [ebp+arg_8]
.text:004011A8                cmp    ax, 3EFh
.text:004011AC                jnz    short loc_4011BA
.text:004011AE                push 0             ; nResult
.text:004011B0                push [ebp+hDlg]    ; hDlg
.text:004011B3                call EndDialog
.text:004011B8                jmp    short loc_401210
.text:004011BA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

收藏・1

免费・7

打赏

最新回复 (8)
小虾雪币： 2367 活跃值： (756) 能力值： (RANK：410 ) 在线值：发帖 36 回帖 2248 粉丝 7 关注私信	小虾 10 2006-5-13 19:21 2 楼 0 ;附件KeyGen源码 .586 .model flat, stdcall option casemap :none include windows.inc include user32.inc include kernel32.inc includelib user32.lib includelib kernel32.lib _MD5 proto :DWORD,:DWORD,:DWORD,:DWORD,:DWORD DlgProc proto :DWORD,:DWORD,:DWORD,:DWORD .const DLG_MAIN equ 100 DLG_NAME_EDIT equ 1000 DLG_CREATE_KEY_FILE equ 1001 .data szNameErr db "用户名不能为空！！！",0 lpszFileName db "Key.reg",0 lpszCreateFileErr db "Key文件创建失败！！！",0 lpszCreateFileSucceed db "恭喜你，Key文件创建成功！！！",0 lpszNameLenErr db "用户名长度不能少于5位！！！",0 .data? hInstance dd ? .CODE START: invoke GetModuleHandle,NULL mov hInstance,eax invoke DialogBoxParam,hInstance,DLG_MAIN,0,offset DlgProc,0 invoke ExitProcess,0 DlgProc proc hWnd,uMsg,wParam,lParam LOCAL @szName[255]:Byte LOCAL @szKey[255]:Byte LOCAL @dwMd5Count[5]:DWORD LOCAL hFile:HWND LOCAL lpNumberOfBytesRead:DWORD LOCAL nNameLen:DWORD .if uMsg==WM_INITDIALOG invoke LoadIcon,hInstance,100 invoke SendMessage,hWnd,WM_SETICON,ICON_SMALL,eax .elseif uMsg==WM_COMMAND mov eax,wParam .if ax==DLG_CREATE_KEY_FILE invoke RtlZeroMemory,addr @szName,sizeof @szName invoke RtlZeroMemory,addr @szKey,sizeof @szKey invoke RtlZeroMemory,addr @dwMd5Count,sizeof @dwMd5Count invoke GetDlgItemText,hWnd,DLG_NAME_EDIT,addr @szName,sizeof @szName ;获取用户名 .if !eax invoke MessageBox,hWnd,offset szNameErr,NULL,MB_OK mov eax,TRUE ret .elseif eax <= 5 invoke MessageBox,hWnd,offset lpszNameLenErr,NULL,MB_OK mov eax,TRUE ret .endif mov nNameLen,eax pushad invoke _MD5,addr @szName,nNameLen,nNameLen,addr @szKey,NULL ;加密用户名 popad invoke CreateFile,addr lpszFileName,\ ;创建Key文件 GENERIC_READ or GENERIC_WRITE,\ FILE_SHARE_READ,\ NULL, CREATE_ALWAYS,\ FILE_ATTRIBUTE_NORMAL,\ NULL .if eax == INVALID_HANDLE_VALUE invoke MessageBox,hWnd,offset lpszCreateFileErr,NULL,MB_OK mov eax,TRUE ret .endif mov hFile,eax invoke SetFilePointer,hFile,NULL,NULL,FILE_BEGIN invoke WriteFile,hFile,addr @szKey,14h,addr lpNumberOfBytesRead,NULL ;写入加密的用户名Md5Key invoke FlushFileBuffers,hFile invoke SetFilePointer,hFile,15h,NULL,FILE_BEGIN invoke WriteFile,hFile,addr @szName,nNameLen,addr lpNumberOfBytesRead,NULL ;写入未加密的用户名 invoke FlushFileBuffers,hFile invoke CloseHandle,HFILE ;结束 invoke SetDlgItemText,hWnd,DLG_NAME_EDIT,offset lpszCreateFileSucceed .endif .elseif uMsg==WM_CLOSE invoke EndDialog,hWnd,FALSE .else mov eax,FALSE ret .endif mov eax,TRUE ret DlgProc endp ;MD5函数懒的写了，直接在作者的程序中提取出来。 _MD5 proc lpEnStr,lpiLen1,lpiLen2,lpMD5Count,nCount var_5C = dword ptr -5Ch var_58 = dword ptr -58h var_54 = dword ptr -54h var_50 = dword ptr -50h var_4C = dword ptr -4Ch var_48 = dword ptr -48h var_44 = dword ptr -44h var_40 = dword ptr -40h var_3C = dword ptr -3Ch var_38 = dword ptr -38h var_34 = dword ptr -34h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_28 = dword ptr -28h var_24 = dword ptr -24h var_20 = dword ptr -20h var_1C = dword ptr -1Ch var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = byte ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h add esp, 0FFFFFFA4h push edi push esi push ebx mov eax, [ebp+arg_10] or eax, eax jz short loc_4012A3 dec eax jnz short loc_4012C8 loc_4012A3: ; CODE XREF: sub_401290+Ej mov edi, [ebp+arg_C] mov dword ptr [edi], 96385241h mov dword ptr [edi+4], 0ABECBDAFh mov dword ptr [edi+8], 95175346h mov dword ptr [edi+0Ch], 85265413h mov dword ptr [edi+10h], 97641382h loc_4012C8: ; CODE XREF: sub_401290+11j xor eax, eax mov [ebp+var_4], eax mov [ebp+var_8], al loc_4012D0: ; CODE XREF: sub_401290+E48j mov esi, [ebp+arg_0] lea edi, [ebp+var_5C] mov ecx, 10h mov ebx, [ebp+var_4] loc_4012DE: ; CODE XREF: sub_401290+5Ej lea edx, [ebx+4] cmp edx, [ebp+arg_4] ja short loc_4012F5 mov eax, [ebx+esi] bswap eax stosd mov ebx, edx loop loc_4012DE mov [ebp+var_4], ebx jmp short loc_40134E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪? loc_4012F5: ; CODE XREF: sub_401290+54j mov eax, [ebp+arg_10] or eax, eax jz short loc_401305 cmp eax, 3 jnz loc_4020ED loc_401305: ; CODE XREF: sub_401290+6Aj mov edx, ecx cmp ebx, [ebp+arg_4] ja short loc_401336 sub eax, eax mov ch, 4 loc_401310: ; CODE XREF: sub_401290+8Ej cmp ebx, [ebp+arg_4] jz short loc_401320 shl eax, 8 mov al, [ebx+esi] inc ebx dec ch jmp short loc_401310 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪? loc_401320: ; CODE XREF: sub_401290+83j inc ebx mov [ebp+var_4], ebx shl eax, 8 mov al, 80h loc_401329: ; CODE XREF: sub_401290+A0j dec ch jz short loc_401332 shl eax, 8 jmp short loc_401329 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪? loc_401332: ; CODE XREF: sub_401290+9Bj stosd dec ecx jz short loc_40134E loc_401336: ; CODE XREF: sub_401290+7Aj sub eax, eax rep stosd cmp dl, 3 jb short loc_40134E mov al, 8 mul [ebp+arg_8] mov [ebp+var_24], edx mov [ebp+var_20], eax mov [ebp+var_8], 1 loc_40134E: ; CODE XREF: sub_401290+63j ; sub_401290+A4j ... mov eax, [ebp+arg_C] mov edx, [eax+10h] mov [ebp+var_1C], edx mov edx, [eax+0Ch] mov [ebp+var_18], edx mov edx, [eax+8] mov [ebp+var_14], edx mov ecx, [eax+4] mov [ebp+var_10], ecx mov ecx, [eax] mov [ebp+var_C], ecx rol ecx, 5 xor edx, [ebp+var_18] and edx, [ebp+var_10] xor edx, [ebp+var_18] add edx, [ebp+var_5C] add edx, ecx add edx, [ebp+var_1C] add edx, 5A827999h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] and edx, [ebp+var_C] xor edx, [ebp+var_14] add edx, [ebp+var_58] add edx, ecx add edx, [ebp+var_18] add edx, 5A827999h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] and edx, [ebp+var_1C] xor edx, [ebp+var_10] add edx, [ebp+var_54] add edx, ecx add edx, [ebp+var_14] add edx, 5A827999h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] and edx, [ebp+var_18] xor edx, [ebp+var_C] add edx, [ebp+var_50] add edx, ecx add edx, [ebp+var_10] add edx, 5A827999h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] and edx, [ebp+var_14] xor edx, [ebp+var_1C] add edx, [ebp+var_4C] add edx, ecx add edx, [ebp+var_C] add edx, 5A827999h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] and edx, [ebp+var_10] xor edx, [ebp+var_18] add edx, [ebp+var_48] add edx, ecx add edx, [ebp+var_1C] add edx, 5A827999h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] and edx, [ebp+var_C] xor edx, [ebp+var_14] add edx, [ebp+var_44] add edx, ecx add edx, [ebp+var_18] add edx, 5A827999h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] and edx, [ebp+var_1C] xor edx, [ebp+var_10] add edx, [ebp+var_40] add edx, ecx add edx, [ebp+var_14] add edx, 5A827999h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] and edx, [ebp+var_18] xor edx, [ebp+var_C] add edx, [ebp+var_3C] add edx, ecx add edx, [ebp+var_10] add edx, 5A827999h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] and edx, [ebp+var_14] xor edx, [ebp+var_1C] add edx, [ebp+var_38] add edx, ecx add edx, [ebp+var_C] add edx, 5A827999h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] and edx, [ebp+var_10] xor edx, [ebp+var_18] add edx, [ebp+var_34] add edx, ecx add edx, [ebp+var_1C] add edx, 5A827999h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] and edx, [ebp+var_C] xor edx, [ebp+var_14] add edx, [ebp+var_30] add edx, ecx add edx, [ebp+var_18] add edx, 5A827999h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] and edx, [ebp+var_1C] xor edx, [ebp+var_10] add edx, [ebp+var_2C] add edx, ecx add edx, [ebp+var_14] add edx, 5A827999h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] and edx, [ebp+var_18] xor edx, [ebp+var_C] add edx, [ebp+var_28] add edx, ecx add edx, [ebp+var_10] add edx, 5A827999h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] and edx, [ebp+var_14] xor edx, [ebp+var_1C] add edx, [ebp+var_24] add edx, ecx add edx, [ebp+var_C] add edx, 5A827999h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] and edx, [ebp+var_10] xor edx, [ebp+var_18] add edx, [ebp+var_20] add edx, ecx add edx, [ebp+var_1C] add edx, 5A827999h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx xor ebx, ebx loc_4015F0: ; CODE XREF: sub_401290+399j add bl, 8 and bl, 3Fh mov eax, ss:[ebx+ebp+var_5C] add bl, 18h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] add bl, 14h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] sub bl, 34h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] rol eax, 1 mov ss:[ebx+ebp+var_5C], eax add bl, 4 test bl, 3Fh jnz short loc_4015F0 rol ecx, 5 xor edx, [ebp+var_14] and edx, [ebp+var_C] xor edx, [ebp+var_14] add edx, [ebp+var_5C] add edx, ecx add edx, [ebp+var_18] add edx, 5A827999h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] and edx, [ebp+var_1C] xor edx, [ebp+var_10] add edx, [ebp+var_58] add edx, ecx add edx, [ebp+var_14] add edx, 5A827999h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] and edx, [ebp+var_18] xor edx, [ebp+var_C] add edx, [ebp+var_54] add edx, ecx add edx, [ebp+var_10] add edx, 5A827999h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] and edx, [ebp+var_14] xor edx, [ebp+var_1C] add edx, [ebp+var_50] add edx, ecx add edx, [ebp+var_C] add edx, 5A827999h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_4C] add edx, ecx add edx, [ebp+var_1C] add edx, 6ED9EBA1h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_48] add edx, ecx add edx, [ebp+var_18] add edx, 6ED9EBA1h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_44] add edx, ecx add edx, [ebp+var_14] add edx, 6ED9EBA1h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_40] add edx, ecx add edx, [ebp+var_10] add edx, 6ED9EBA1h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_3C] add edx, ecx add edx, [ebp+var_C] add edx, 6ED9EBA1h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_38] add edx, ecx add edx, [ebp+var_1C] add edx, 6ED9EBA1h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_34] add edx, ecx add edx, [ebp+var_18] add edx, 6ED9EBA1h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_30] add edx, ecx add edx, [ebp+var_14] add edx, 6ED9EBA1h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_2C] add edx, ecx add edx, [ebp+var_10] add edx, 6ED9EBA1h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_28] add edx, ecx add edx, [ebp+var_C] add edx, 6ED9EBA1h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_24] add edx, ecx add edx, [ebp+var_1C] add edx, 6ED9EBA1h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_20] add edx, ecx add edx, [ebp+var_18] add edx, 6ED9EBA1h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx xor ebx, ebx loc_401889: ; CODE XREF: sub_401290+632j add bl, 8 and bl, 3Fh mov eax, ss:[ebx+ebp+var_5C] add bl, 18h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] add bl, 14h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] sub bl, 34h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] rol eax, 1 mov ss:[ebx+ebp+var_5C], eax add bl, 4 test bl, 3Fh jnz short loc_401889 rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_5C] add edx, ecx add edx, [ebp+var_14] add edx, 6ED9EBA1h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_58] add edx, ecx add edx, [ebp+var_10] add edx, 6ED9EBA1h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_54] add edx, ecx add edx, [ebp+var_C] add edx, 6ED9EBA1h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_50] add edx, ecx add edx, [ebp+var_1C] add edx, 6ED9EBA1h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_4C] add edx, ecx add edx, [ebp+var_18] add edx, 6ED9EBA1h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_48] add edx, ecx add edx, [ebp+var_14] add edx, 6ED9EBA1h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_44] add edx, ecx add edx, [ebp+var_10] add edx, 6ED9EBA1h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_40] add edx, ecx add edx, [ebp+var_C] add edx, 6ED9EBA1h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 mov eax, [ebp+var_10] or edx, eax and edx, [ebp+var_18] and eax, [ebp+var_14] or edx, eax add edx, [ebp+var_3C] add edx, ecx add edx, [ebp+var_1C] add edx, 8F1BBCDCh mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 mov eax, [ebp+var_C] or edx, eax and edx, [ebp+var_14] and eax, [ebp+var_10] or edx, eax add edx, [ebp+var_38] add edx, ecx add edx, [ebp+var_18] add edx, 8F1BBCDCh mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 mov eax, [ebp+var_1C] or edx, eax and edx, [ebp+var_10] and eax, [ebp+var_C] or edx, eax add edx, [ebp+var_34] add edx, ecx add edx, [ebp+var_14] add edx, 8F1BBCDCh mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 mov eax, [ebp+var_18] or edx, eax and edx, [ebp+var_C] and eax, [ebp+var_1C] or edx, eax add edx, [ebp+var_30] add edx, ecx add edx, [ebp+var_10] add edx, 8F1BBCDCh mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 mov eax, [ebp+var_14] or edx, eax and edx, [ebp+var_1C] and eax, [ebp+var_18] or edx, eax add edx, [ebp+var_2C] add edx, ecx add edx, [ebp+var_C] add edx, 8F1BBCDCh mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 mov eax, [ebp+var_10] or edx, eax and edx, [ebp+var_18] and eax, [ebp+var_14] or edx, eax add edx, [ebp+var_28] add edx, ecx add edx, [ebp+var_1C] add edx, 8F1BBCDCh mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 mov eax, [ebp+var_C] or edx, eax and edx, [ebp+var_14] and eax, [ebp+var_10] or edx, eax add edx, [ebp+var_24] add edx, ecx add edx, [ebp+var_18] add edx, 8F1BBCDCh mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 mov eax, [ebp+var_1C] or edx, eax and edx, [ebp+var_10] and eax, [ebp+var_C] or edx, eax add edx, [ebp+var_20] add edx, ecx add edx, [ebp+var_14] add edx, 8F1BBCDCh mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx xor ebx, ebx loc_401B4E: ; CODE XREF: sub_401290+8F7j add bl, 8 and bl, 3Fh mov eax, ss:[ebx+ebp+var_5C] add bl, 18h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] add bl, 14h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] sub bl, 34h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] rol eax, 1 mov ss:[ebx+ebp+var_5C], eax add bl, 4 test bl, 3Fh jnz short loc_401B4E rol ecx, 5 mov eax, [ebp+var_18] or edx, eax and edx, [ebp+var_C] and eax, [ebp+var_1C] or edx, eax add edx, [ebp+var_5C] add edx, ecx add edx, [ebp+var_10] add edx, 8F1BBCDCh mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 mov eax, [ebp+var_14] or edx, eax and edx, [ebp+var_1C] and eax, [ebp+var_18] or edx, eax add edx, [ebp+var_58] add edx, ecx add edx, [ebp+var_C] add edx, 8F1BBCDCh mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 mov eax, [ebp+var_10] or edx, eax and edx, [ebp+var_18] and eax, [ebp+var_14] or edx, eax add edx, [ebp+var_54] add edx, ecx add edx, [ebp+var_1C] add edx, 8F1BBCDCh mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 mov eax, [ebp+var_C] or edx, eax and edx, [ebp+var_14] and eax, [ebp+var_10] or edx, eax add edx, [ebp+var_50] add edx, ecx add edx, [ebp+var_18] add edx, 8F1BBCDCh mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 mov eax, [ebp+var_1C] or edx, eax and edx, [ebp+var_10] and eax, [ebp+var_C] or edx, eax add edx, [ebp+var_4C] add edx, ecx add edx, [ebp+var_14] add edx, 8F1BBCDCh mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 mov eax, [ebp+var_18] or edx, eax and edx, [ebp+var_C] and eax, [ebp+var_1C] or edx, eax add edx, [ebp+var_48] add edx, ecx add edx, [ebp+var_10] add edx, 8F1BBCDCh mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 mov eax, [ebp+var_14] or edx, eax and edx, [ebp+var_1C] and eax, [ebp+var_18] or edx, eax add edx, [ebp+var_44] add edx, ecx add edx, [ebp+var_C] add edx, 8F1BBCDCh mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 mov eax, [ebp+var_10] or edx, eax and edx, [ebp+var_18] and eax, [ebp+var_14] or edx, eax add edx, [ebp+var_40] add edx, ecx add edx, [ebp+var_1C] add edx, 8F1BBCDCh mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 mov eax, [ebp+var_C] or edx, eax and edx, [ebp+var_14] and eax, [ebp+var_10] or edx, eax add edx, [ebp+var_3C] add edx, ecx add edx, [ebp+var_18] add edx, 8F1BBCDCh mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 mov eax, [ebp+var_1C] or edx, eax and edx, [ebp+var_10] and eax, [ebp+var_C] or edx, eax add edx, [ebp+var_38] add edx, ecx add edx, [ebp+var_14] add edx, 8F1BBCDCh mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 mov eax, [ebp+var_18] or edx, eax and edx, [ebp+var_C] and eax, [ebp+var_1C] or edx, eax add edx, [ebp+var_34] add edx, ecx add edx, [ebp+var_10] add edx, 8F1BBCDCh mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 mov eax, [ebp+var_14] or edx, eax and edx, [ebp+var_1C] and eax, [ebp+var_18] or edx, eax add edx, [ebp+var_30] add edx, ecx add edx, [ebp+var_C] add edx, 8F1BBCDCh mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_2C] add edx, ecx add edx, [ebp+var_1C] add edx, 0CA62C1D6h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_28] add edx, ecx add edx, [ebp+var_18] add edx, 0CA62C1D6h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_24] add edx, ecx add edx, [ebp+var_14] add edx, 0CA62C1D6h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_20] add edx, ecx add edx, [ebp+var_10] add edx, 0CA62C1D6h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx xor ebx, ebx loc_401E2F: ; CODE XREF: sub_401290+BD8j add bl, 8 and bl, 3Fh mov eax, ss:[ebx+ebp+var_5C] add bl, 18h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] add bl, 14h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] sub bl, 34h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] rol eax, 1 mov ss:[ebx+ebp+var_5C], eax add bl, 4 test bl, 3Fh jnz short loc_401E2F rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_5C] add edx, ecx add edx, [ebp+var_C] add edx, 0CA62C1D6h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_58] add edx, ecx add edx, [ebp+var_1C] add edx, 0CA62C1D6h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_54] add edx, ecx add edx, [ebp+var_18] add edx, 0CA62C1D6h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_50] add edx, ecx add edx, [ebp+var_14] add edx, 0CA62C1D6h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_4C] add edx, ecx add edx, [ebp+var_10] add edx, 0CA62C1D6h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_48] add edx, ecx add edx, [ebp+var_C] add edx, 0CA62C1D6h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_44] add edx, ecx add edx, [ebp+var_1C] add edx, 0CA62C1D6h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_40] add edx, ecx add edx, [ebp+var_18] add edx, 0CA62C1D6h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_3C] add edx, ecx add edx, [ebp+var_14] add edx, 0CA62C1D6h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_38] add edx, ecx add edx, [ebp+var_10] add edx, 0CA62C1D6h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_34] add edx, ecx add edx, [ebp+var_C] add edx, 0CA62C1D6h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_30] add edx, ecx add edx, [ebp+var_1C] add edx, 0CA62C1D6h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_2C] add edx, ecx add edx, [ebp+var_18] add edx, 0CA62C1D6h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_28] add edx, ecx add edx, [ebp+var_14] add edx, 0CA62C1D6h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_24] add edx, ecx add edx, [ebp+var_10] add edx, 0CA62C1D6h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_20] add edx, ecx add edx, [ebp+var_C] add edx, 0CA62C1D6h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx mov eax, [ebp+arg_C] add [eax], ecx mov ecx, [ebp+var_10] add [eax+4], ecx add [eax+8], edx mov edx, [ebp+var_18] add [eax+0Ch], edx mov edx, [ebp+var_1C] add [eax+10h], edx cmp [ebp+var_8], 0 jz loc_4012D0 mov edi, [ebp+arg_C] mov ecx, 5 loc_4020E6: ; CODE XREF: sub_401290+E5Bj mov eax, [edi] bswap eax stosd loop loc_4020E6 loc_4020ED: ; CODE XREF: sub_401290+6Fj pop ebx pop esi pop edi ret _MD5 endp end START 上传的附件： keygen.rar （4.59kb，17次下载）
thinkSJ 雪币： 196 活跃值： (135) 能力值： ( LV10，RANK：170 ) 在线值：发帖 9 回帖 611 粉丝 1 关注私信	thinkSJ 4 2006-5-13 19:31 3 楼 0 Xuexi
wan 雪币： 333 活跃值： (40) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 312 粉丝 0 关注私信	wan 2006-5-13 20:16 4 楼 0 最初由 thinkSJ* 发布* Xuexi 学习
Ryosuke 雪币： 370 活跃值： (78) 能力值： ( LV9，RANK：970 ) 在线值：发帖 26 回帖 195 粉丝 3 关注私信	Ryosuke 24 2006-5-13 20:41 5 楼 0 用的不是md5，呵呵，md5是128bit的，16个BYTE的，这里是160bit，20个字节的，是SHA的变种。
inraining 雪币： 234 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 15 回帖 411 粉丝 0 关注私信	inraining 2 2006-5-13 21:07 6 楼 0 呵呵,都是强人,我还没有时间研究,先学习下.最近对MASM比较感兴趣,小虾的src还比较有用:)
aalloverred 雪币： 342 活跃值： (318) 能力值： ( LV12，RANK：740 ) 在线值：发帖 22 回帖 148 粉丝 0 关注私信	aalloverred 18 2006-5-13 21:36 7 楼 0 peid=>KANAL=> "SHA1 [Compress] :: 000011AC :: 00401DAC" 参考(照抄)了狂编的SHA1算法示例 http://www.aogosoft.com/downpage.asp?mode=downsource&id=120 我也贴个源码 .586 .Model Flat, StdCall Option Casemap :None include windows.inc include user32.inc include kernel32.inc include gdi32.inc include comdlg32.inc includelib user32.lib includelib kernel32.lib includelib gdi32.lib includelib comdlg32.lib include rsrc.inc .data WindowsName db "KeyGen for HappyTown crackme_0011 by aal",0 MainClassName db "KeyGenT",0 dlgtxt db "错误!",0 szShortName db "用户名太短（〉=4）",0 szKeyFileName db "Key.reg",0 szKeyFileDone db "注册文件生成!",0 txtSize dd 0 DecDat dd 8 dup(0) username db 256 dup(0) sb dd 0 .data? hInstance dd ? SHA1XOR4 macro xor ebx,ebx @@: add bl,8 and bl,3Fh mov eax,@fx[ebx] ;off=24 add bl,18h and bl,3Fh xor eax,@fx[ebx] ;off=84 add bl,14h and bl,3Fh xor eax,@fx[ebx] ;off=134 sub bl,34h and bl,3Fh xor eax,@fx[ebx] ;off=0 rol eax,1 mov @fx[ebx],eax add bl,4 test bl,3Fh jnz @B endm ;---------- SHA1FUNC1 macro p1,p2,p3,p4 rol ecx,5 xor edx,p1 and edx,p2 xor edx,p1 add edx,p3 add edx,ecx add edx,p4 add edx,5A827999h ;2^30sqr(2) mov p4,edx mov ecx,edx mov edx,p2 rol edx,1Eh mov p2,edx endm ;---------- SHA1FUNC2 macro p1,p2,p3,p4 rol ecx,5 xor edx,p1 xor edx,p2 add edx,p3 add edx,ecx add edx,p4 add edx,6ED9EBA1h ;2^30sqr(3) mov p4,edx mov ecx,edx mov edx,p2 rol edx,1Eh mov p2,edx endm ;---------- SHA1FUNC3 macro p1,p2,p3,p4,p5 rol ecx,5 mov eax,p2 or edx,eax and edx,p1 and eax,p3 or edx,eax add edx,p4 add edx,ecx add edx,p5 add edx,8F1BBCDCh ;2^30sqr(5) mov p5,edx mov ecx,edx mov edx,p2 rol edx,1Eh mov p2,edx endm ;---------- SHA1FUNC4 macro p1,p2,p3,p4 rol ecx,5 xor edx,p1 xor edx,p2 add edx,p3 add edx,ecx add edx,p4 add edx,0CA62C1D6h ;2^30*sqr(10) mov p4,edx mov ecx,edx mov edx,p2 rol edx,1Eh mov p2,edx endm ;---------------- .code SHA1_EnCode proc uses ebx esi edi pSrc,nSize,nTotal,pDest,nSlice local @pRead,@End[4]:byte local @fy[5] local @fx[10h] mov eax,nSlice or eax,eax ;一次性提交? jz setBeg dec eax ;数据开始段? jnz SkipBeg setBeg: mov edi,pDest mov dword ptr [edi],96385241h mov dword ptr [edi+4],0ABECBDAFh mov dword ptr [edi+8],95175346h mov dword ptr [edi+12],85265413h mov dword ptr [edi+16],97641382h SkipBeg: xor eax,eax mov @pRead,eax mov @End,al LoopBlk: mov esi,pSrc lea edi,@fx mov ecx,10h ;每次提取64字节,因此当文件未结束时,nSize必须以64字节(40h)对齐 mov ebx,@pRead @@: lea edx,[ebx+4] cmp edx,nSize ja @F mov eax,[esi+ebx] bswap eax stosd mov ebx,edx loop @B mov @pRead,ebx jmp Enc1 @@: mov eax,nSlice or eax,eax ;一次性提交? jz setEnd cmp eax,3 ;数据结束段? jnz Result setEnd: mov edx,ecx cmp ebx,nSize ja Tail0 sub eax,eax mov ch,4 @@: cmp ebx,nSize jz @F shl eax,8 mov al,[esi+ebx] inc ebx dec ch jmp @B @@: inc ebx mov @pRead,ebx shl eax,8 mov al,80h @@: dec ch jz @F shl eax,8 jmp @B @@: stosd dec ecx jz Enc1 Tail0: sub eax,eax rep stosd cmp dl,3 jb Enc1 mov al,8 mul nTotal mov dword ptr @fx[38h],edx mov dword ptr @fx[3Ch],eax mov @End,1 ;---------- Enc1: mov eax,pDest mov edx,[eax+10h] mov @fy[00h],edx mov edx,[eax+0Ch] mov @fy[04h],edx mov edx,[eax+08h] mov @fy[08h],edx mov ecx,[eax+04h] mov @fy[0Ch],ecx mov ecx,[eax] mov @fy[10h],ecx ;---------- SHA1FUNC1 @fy[04h],@fy[0Ch],@fx[00h],@fy[00h] SHA1FUNC1 @fy[08h],@fy[10h],@fx[04h],@fy[04h] SHA1FUNC1 @fy[0Ch],@fy[00h],@fx[08h],@fy[08h] SHA1FUNC1 @fy[10h],@fy[04h],@fx[0Ch],@fy[0Ch] SHA1FUNC1 @fy[00h],@fy[08h],@fx[10h],@fy[10h] SHA1FUNC1 @fy[04h],@fy[0Ch],@fx[14h],@fy[00h] SHA1FUNC1 @fy[08h],@fy[10h],@fx[18h],@fy[04h] SHA1FUNC1 @fy[0Ch],@fy[00h],@fx[1Ch],@fy[08h] SHA1FUNC1 @fy[10h],@fy[04h],@fx[20h],@fy[0Ch] SHA1FUNC1 @fy[00h],@fy[08h],@fx[24h],@fy[10h] SHA1FUNC1 @fy[04h],@fy[0Ch],@fx[28h],@fy[00h] SHA1FUNC1 @fy[08h],@fy[10h],@fx[2Ch],@fy[04h] SHA1FUNC1 @fy[0Ch],@fy[00h],@fx[30h],@fy[08h] SHA1FUNC1 @fy[10h],@fy[04h],@fx[34h],@fy[0Ch] SHA1FUNC1 @fy[00h],@fy[08h],@fx[38h],@fy[10h] SHA1FUNC1 @fy[04h],@fy[0Ch],@fx[3Ch],@fy[00h] SHA1XOR4 SHA1FUNC1 @fy[08h],@fy[10h],@fx[00h],@fy[04h] SHA1FUNC1 @fy[0Ch],@fy[00h],@fx[04h],@fy[08h] SHA1FUNC1 @fy[10h],@fy[04h],@fx[08h],@fy[0Ch] SHA1FUNC1 @fy[00h],@fy[08h],@fx[0Ch],@fy[10h] ;---------- SHA1FUNC2 @fy[04h],@fy[0Ch],@fx[10h],@fy[00h] SHA1FUNC2 @fy[08h],@fy[10h],@fx[14h],@fy[04h] SHA1FUNC2 @fy[0Ch],@fy[00h],@fx[18h],@fy[08h] SHA1FUNC2 @fy[10h],@fy[04h],@fx[1Ch],@fy[0Ch] SHA1FUNC2 @fy[00h],@fy[08h],@fx[20h],@fy[10h] SHA1FUNC2 @fy[04h],@fy[0Ch],@fx[24h],@fy[00h] SHA1FUNC2 @fy[08h],@fy[10h],@fx[28h],@fy[04h] SHA1FUNC2 @fy[0Ch],@fy[00h],@fx[2Ch],@fy[08h] SHA1FUNC2 @fy[10h],@fy[04h],@fx[30h],@fy[0Ch] SHA1FUNC2 @fy[00h],@fy[08h],@fx[34h],@fy[10h] SHA1FUNC2 @fy[04h],@fy[0Ch],@fx[38h],@fy[00h] SHA1FUNC2 @fy[08h],@fy[10h],@fx[3Ch],@fy[04h] SHA1XOR4 SHA1FUNC2 @fy[0Ch],@fy[00h],@fx[00h],@fy[08h] SHA1FUNC2 @fy[10h],@fy[04h],@fx[04h],@fy[0Ch] SHA1FUNC2 @fy[00h],@fy[08h],@fx[08h],@fy[10h] SHA1FUNC2 @fy[04h],@fy[0Ch],@fx[0Ch],@fy[00h] SHA1FUNC2 @fy[08h],@fy[10h],@fx[10h],@fy[04h] SHA1FUNC2 @fy[0Ch],@fy[00h],@fx[14h],@fy[08h] SHA1FUNC2 @fy[10h],@fy[04h],@fx[18h],@fy[0Ch] SHA1FUNC2 @fy[00h],@fy[08h],@fx[1Ch],@fy[10h] ;---------- SHA1FUNC3 @fy[04h],@fy[0Ch],@fy[08h],@fx[20h],@fy[00h] SHA1FUNC3 @fy[08h],@fy[10h],@fy[0Ch],@fx[24h],@fy[04h] SHA1FUNC3 @fy[0Ch],@fy[00h],@fy[10h],@fx[28h],@fy[08h] SHA1FUNC3 @fy[10h],@fy[04h],@fy[00h],@fx[2Ch],@fy[0Ch] SHA1FUNC3 @fy[00h],@fy[08h],@fy[04h],@fx[30h],@fy[10h] SHA1FUNC3 @fy[04h],@fy[0Ch],@fy[08h],@fx[34h],@fy[00h] SHA1FUNC3 @fy[08h],@fy[10h],@fy[0Ch],@fx[38h],@fy[04h] SHA1FUNC3 @fy[0Ch],@fy[00h],@fy[10h],@fx[3Ch],@fy[08h] SHA1XOR4 SHA1FUNC3 @fy[10h],@fy[04h],@fy[00h],@fx[00h],@fy[0Ch] SHA1FUNC3 @fy[00h],@fy[08h],@fy[04h],@fx[04h],@fy[10h] SHA1FUNC3 @fy[04h],@fy[0Ch],@fy[08h],@fx[08h],@fy[00h] SHA1FUNC3 @fy[08h],@fy[10h],@fy[0Ch],@fx[0Ch],@fy[04h] SHA1FUNC3 @fy[0Ch],@fy[00h],@fy[10h],@fx[10h],@fy[08h] SHA1FUNC3 @fy[10h],@fy[04h],@fy[00h],@fx[14h],@fy[0Ch] SHA1FUNC3 @fy[00h],@fy[08h],@fy[04h],@fx[18h],@fy[10h] SHA1FUNC3 @fy[04h],@fy[0Ch],@fy[08h],@fx[1Ch],@fy[00h] SHA1FUNC3 @fy[08h],@fy[10h],@fy[0Ch],@fx[20h],@fy[04h] SHA1FUNC3 @fy[0Ch],@fy[00h],@fy[10h],@fx[24h],@fy[08h] SHA1FUNC3 @fy[10h],@fy[04h],@fy[00h],@fx[28h],@fy[0Ch] SHA1FUNC3 @fy[00h],@fy[08h],@fy[04h],@fx[2Ch],@fy[10h] SHA1FUNC4 @fy[04h],@fy[0Ch],@fx[30h],@fy[00h] SHA1FUNC4 @fy[08h],@fy[10h],@fx[34h],@fy[04h] SHA1FUNC4 @fy[0Ch],@fy[00h],@fx[38h],@fy[08h] SHA1FUNC4 @fy[10h],@fy[04h],@fx[3Ch],@fy[0Ch] SHA1XOR4 SHA1FUNC4 @fy[00h],@fy[08h],@fx[00h],@fy[10h] SHA1FUNC4 @fy[04h],@fy[0Ch],@fx[04h],@fy[00h] SHA1FUNC4 @fy[08h],@fy[10h],@fx[08h],@fy[04h] SHA1FUNC4 @fy[0Ch],@fy[00h],@fx[0Ch],@fy[08h] SHA1FUNC4 @fy[10h],@fy[04h],@fx[10h],@fy[0Ch] SHA1FUNC4 @fy[00h],@fy[08h],@fx[14h],@fy[10h] SHA1FUNC4 @fy[04h],@fy[0Ch],@fx[18h],@fy[00h] SHA1FUNC4 @fy[08h],@fy[10h],@fx[1Ch],@fy[04h] SHA1FUNC4 @fy[0Ch],@fy[00h],@fx[20h],@fy[08h] SHA1FUNC4 @fy[10h],@fy[04h],@fx[24h],@fy[0Ch] SHA1FUNC4 @fy[00h],@fy[08h],@fx[28h],@fy[10h] SHA1FUNC4 @fy[04h],@fy[0Ch],@fx[2Ch],@fy[00h] SHA1FUNC4 @fy[08h],@fy[10h],@fx[30h],@fy[04h] SHA1FUNC4 @fy[0Ch],@fy[00h],@fx[34h],@fy[08h] SHA1FUNC4 @fy[10h],@fy[04h],@fx[38h],@fy[0Ch] SHA1FUNC4 @fy[00h],@fy[08h],@fx[3Ch],@fy[10h] mov eax,pDest add [eax],ecx mov ecx,@fy[0Ch] add [eax+04h],ecx add [eax+08h],edx mov edx,@fy[04h] add [eax+0Ch],edx mov edx,@fy[00h] add [eax+10h],edx cmp @End,0 jz LoopBlk mov edi,pDest mov ecx,5 @@: mov eax,[edi] bswap eax stosd loop @B Result: ret SHA1_EnCode endp ;-------------- SHA1_GetCode PROC PUBLIC pSrc:DWORD,nSize:DWORD,pDest:DWORD invoke SHA1_EnCode,pSrc,nSize,nSize,pDest,0 ret SHA1_GetCode ENDP KeyGen proc uses ebx esi edi,hWnd:DWORD local hFile xor al,al mov byte ptr[username+1],al invoke GetDlgItemText,hWnd,IDC_EDT1,addr username+1,255 cmp eax,4 jl wrong mov txtSize,eax invoke SHA1_GetCode,addr username+1,txtSize,addr DecDat mov eax,txtSize inc eax mov txtSize,eax invoke CreateFile,addr szKeyFileName,GENERIC_WRITE,FILE_SHARE_READ,\ NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL mov hFile,eax invoke WriteFile,hFile,addr DecDat,20,addr sb,NULL invoke WriteFile,hFile,addr username,dword ptr [txtSize],addr sb,NULL invoke CloseHandle,hFile invoke MessageBox,hWnd,addr szKeyFileDone,addr WindowsName,MB_OK jmp Result wrong: invoke MessageBox,hWnd,addr szShortName,addr dlgtxt,MB_OK Result: ret KeyGen endp dlgproc proc hWnd:DWORD,wMsg:DWORD,wParam:DWORD,lParam:DWORD mov eax,wMsg .if eax == WM_CLOSE invoke EndDialog,hWnd,NULL .elseif eax == WM_COMMAND mov eax,wParam .if eax == IDC_BTN1 invoke KeyGen,hWnd .endif .else mov eax,FALSE ret .endif mov eax,TRUE ret dlgproc endp ;========================================= start: invoke GetModuleHandle,NULL mov hInstance,eax invoke DialogBoxParam,hInstance,IDD_DLG1,NULL,addr dlgproc,NULL invoke ExitProcess,eax ;======================================= end start 上传的附件： keygen.zip （1.88kb，5次下载）
斩天雪币： 225 活跃值： (961) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 115 粉丝 0 关注私信	斩天 2006-5-14 09:11 8 楼 0 汇编高手的对决
happytown 雪币： 721 活跃值： (350) 能力值： ( LV9，RANK：1250 ) 在线值：发帖 132 回帖 1022 粉丝 1 关注私信	happytown 31 2006-5-15 08:03 9 楼 0 的确是变形的SHA1。
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复

小虾

发帖

2248

回帖

410

RANK

关注

私信

他的文章

[原创]Exe程序尾部附加数据添加程序(含源码)

关于我们

联系我们

企业服务

看雪公众号

最新回复 (8)
小虾雪币： 2367 活跃值： (756) 能力值： (RANK：410 ) 在线值：发帖 36 回帖 2248 粉丝 7 关注私信	小虾 10 2006-5-13 19:21 2 楼 0 ;附件KeyGen源码 .586 .model flat, stdcall option casemap :none include windows.inc include user32.inc include kernel32.inc includelib user32.lib includelib kernel32.lib _MD5 proto :DWORD,:DWORD,:DWORD,:DWORD,:DWORD DlgProc proto :DWORD,:DWORD,:DWORD,:DWORD .const DLG_MAIN equ 100 DLG_NAME_EDIT equ 1000 DLG_CREATE_KEY_FILE equ 1001 .data szNameErr db "用户名不能为空！！！",0 lpszFileName db "Key.reg",0 lpszCreateFileErr db "Key文件创建失败！！！",0 lpszCreateFileSucceed db "恭喜你，Key文件创建成功！！！",0 lpszNameLenErr db "用户名长度不能少于5位！！！",0 .data? hInstance dd ? .CODE START: invoke GetModuleHandle,NULL mov hInstance,eax invoke DialogBoxParam,hInstance,DLG_MAIN,0,offset DlgProc,0 invoke ExitProcess,0 DlgProc proc hWnd,uMsg,wParam,lParam LOCAL @szName[255]:Byte LOCAL @szKey[255]:Byte LOCAL @dwMd5Count[5]:DWORD LOCAL hFile:HWND LOCAL lpNumberOfBytesRead:DWORD LOCAL nNameLen:DWORD .if uMsg==WM_INITDIALOG invoke LoadIcon,hInstance,100 invoke SendMessage,hWnd,WM_SETICON,ICON_SMALL,eax .elseif uMsg==WM_COMMAND mov eax,wParam .if ax==DLG_CREATE_KEY_FILE invoke RtlZeroMemory,addr @szName,sizeof @szName invoke RtlZeroMemory,addr @szKey,sizeof @szKey invoke RtlZeroMemory,addr @dwMd5Count,sizeof @dwMd5Count invoke GetDlgItemText,hWnd,DLG_NAME_EDIT,addr @szName,sizeof @szName ;获取用户名 .if !eax invoke MessageBox,hWnd,offset szNameErr,NULL,MB_OK mov eax,TRUE ret .elseif eax <= 5 invoke MessageBox,hWnd,offset lpszNameLenErr,NULL,MB_OK mov eax,TRUE ret .endif mov nNameLen,eax pushad invoke _MD5,addr @szName,nNameLen,nNameLen,addr @szKey,NULL ;加密用户名 popad invoke CreateFile,addr lpszFileName,\ ;创建Key文件 GENERIC_READ or GENERIC_WRITE,\ FILE_SHARE_READ,\ NULL, CREATE_ALWAYS,\ FILE_ATTRIBUTE_NORMAL,\ NULL .if eax == INVALID_HANDLE_VALUE invoke MessageBox,hWnd,offset lpszCreateFileErr,NULL,MB_OK mov eax,TRUE ret .endif mov hFile,eax invoke SetFilePointer,hFile,NULL,NULL,FILE_BEGIN invoke WriteFile,hFile,addr @szKey,14h,addr lpNumberOfBytesRead,NULL ;写入加密的用户名Md5Key invoke FlushFileBuffers,hFile invoke SetFilePointer,hFile,15h,NULL,FILE_BEGIN invoke WriteFile,hFile,addr @szName,nNameLen,addr lpNumberOfBytesRead,NULL ;写入未加密的用户名 invoke FlushFileBuffers,hFile invoke CloseHandle,HFILE ;结束 invoke SetDlgItemText,hWnd,DLG_NAME_EDIT,offset lpszCreateFileSucceed .endif .elseif uMsg==WM_CLOSE invoke EndDialog,hWnd,FALSE .else mov eax,FALSE ret .endif mov eax,TRUE ret DlgProc endp ;MD5函数懒的写了，直接在作者的程序中提取出来。 _MD5 proc lpEnStr,lpiLen1,lpiLen2,lpMD5Count,nCount var_5C = dword ptr -5Ch var_58 = dword ptr -58h var_54 = dword ptr -54h var_50 = dword ptr -50h var_4C = dword ptr -4Ch var_48 = dword ptr -48h var_44 = dword ptr -44h var_40 = dword ptr -40h var_3C = dword ptr -3Ch var_38 = dword ptr -38h var_34 = dword ptr -34h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_28 = dword ptr -28h var_24 = dword ptr -24h var_20 = dword ptr -20h var_1C = dword ptr -1Ch var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = byte ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h add esp, 0FFFFFFA4h push edi push esi push ebx mov eax, [ebp+arg_10] or eax, eax jz short loc_4012A3 dec eax jnz short loc_4012C8 loc_4012A3: ; CODE XREF: sub_401290+Ej mov edi, [ebp+arg_C] mov dword ptr [edi], 96385241h mov dword ptr [edi+4], 0ABECBDAFh mov dword ptr [edi+8], 95175346h mov dword ptr [edi+0Ch], 85265413h mov dword ptr [edi+10h], 97641382h loc_4012C8: ; CODE XREF: sub_401290+11j xor eax, eax mov [ebp+var_4], eax mov [ebp+var_8], al loc_4012D0: ; CODE XREF: sub_401290+E48j mov esi, [ebp+arg_0] lea edi, [ebp+var_5C] mov ecx, 10h mov ebx, [ebp+var_4] loc_4012DE: ; CODE XREF: sub_401290+5Ej lea edx, [ebx+4] cmp edx, [ebp+arg_4] ja short loc_4012F5 mov eax, [ebx+esi] bswap eax stosd mov ebx, edx loop loc_4012DE mov [ebp+var_4], ebx jmp short loc_40134E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪? loc_4012F5: ; CODE XREF: sub_401290+54j mov eax, [ebp+arg_10] or eax, eax jz short loc_401305 cmp eax, 3 jnz loc_4020ED loc_401305: ; CODE XREF: sub_401290+6Aj mov edx, ecx cmp ebx, [ebp+arg_4] ja short loc_401336 sub eax, eax mov ch, 4 loc_401310: ; CODE XREF: sub_401290+8Ej cmp ebx, [ebp+arg_4] jz short loc_401320 shl eax, 8 mov al, [ebx+esi] inc ebx dec ch jmp short loc_401310 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪? loc_401320: ; CODE XREF: sub_401290+83j inc ebx mov [ebp+var_4], ebx shl eax, 8 mov al, 80h loc_401329: ; CODE XREF: sub_401290+A0j dec ch jz short loc_401332 shl eax, 8 jmp short loc_401329 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪? loc_401332: ; CODE XREF: sub_401290+9Bj stosd dec ecx jz short loc_40134E loc_401336: ; CODE XREF: sub_401290+7Aj sub eax, eax rep stosd cmp dl, 3 jb short loc_40134E mov al, 8 mul [ebp+arg_8] mov [ebp+var_24], edx mov [ebp+var_20], eax mov [ebp+var_8], 1 loc_40134E: ; CODE XREF: sub_401290+63j ; sub_401290+A4j ... mov eax, [ebp+arg_C] mov edx, [eax+10h] mov [ebp+var_1C], edx mov edx, [eax+0Ch] mov [ebp+var_18], edx mov edx, [eax+8] mov [ebp+var_14], edx mov ecx, [eax+4] mov [ebp+var_10], ecx mov ecx, [eax] mov [ebp+var_C], ecx rol ecx, 5 xor edx, [ebp+var_18] and edx, [ebp+var_10] xor edx, [ebp+var_18] add edx, [ebp+var_5C] add edx, ecx add edx, [ebp+var_1C] add edx, 5A827999h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] and edx, [ebp+var_C] xor edx, [ebp+var_14] add edx, [ebp+var_58] add edx, ecx add edx, [ebp+var_18] add edx, 5A827999h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] and edx, [ebp+var_1C] xor edx, [ebp+var_10] add edx, [ebp+var_54] add edx, ecx add edx, [ebp+var_14] add edx, 5A827999h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] and edx, [ebp+var_18] xor edx, [ebp+var_C] add edx, [ebp+var_50] add edx, ecx add edx, [ebp+var_10] add edx, 5A827999h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] and edx, [ebp+var_14] xor edx, [ebp+var_1C] add edx, [ebp+var_4C] add edx, ecx add edx, [ebp+var_C] add edx, 5A827999h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] and edx, [ebp+var_10] xor edx, [ebp+var_18] add edx, [ebp+var_48] add edx, ecx add edx, [ebp+var_1C] add edx, 5A827999h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] and edx, [ebp+var_C] xor edx, [ebp+var_14] add edx, [ebp+var_44] add edx, ecx add edx, [ebp+var_18] add edx, 5A827999h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] and edx, [ebp+var_1C] xor edx, [ebp+var_10] add edx, [ebp+var_40] add edx, ecx add edx, [ebp+var_14] add edx, 5A827999h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] and edx, [ebp+var_18] xor edx, [ebp+var_C] add edx, [ebp+var_3C] add edx, ecx add edx, [ebp+var_10] add edx, 5A827999h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] and edx, [ebp+var_14] xor edx, [ebp+var_1C] add edx, [ebp+var_38] add edx, ecx add edx, [ebp+var_C] add edx, 5A827999h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] and edx, [ebp+var_10] xor edx, [ebp+var_18] add edx, [ebp+var_34] add edx, ecx add edx, [ebp+var_1C] add edx, 5A827999h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] and edx, [ebp+var_C] xor edx, [ebp+var_14] add edx, [ebp+var_30] add edx, ecx add edx, [ebp+var_18] add edx, 5A827999h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] and edx, [ebp+var_1C] xor edx, [ebp+var_10] add edx, [ebp+var_2C] add edx, ecx add edx, [ebp+var_14] add edx, 5A827999h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] and edx, [ebp+var_18] xor edx, [ebp+var_C] add edx, [ebp+var_28] add edx, ecx add edx, [ebp+var_10] add edx, 5A827999h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] and edx, [ebp+var_14] xor edx, [ebp+var_1C] add edx, [ebp+var_24] add edx, ecx add edx, [ebp+var_C] add edx, 5A827999h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] and edx, [ebp+var_10] xor edx, [ebp+var_18] add edx, [ebp+var_20] add edx, ecx add edx, [ebp+var_1C] add edx, 5A827999h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx xor ebx, ebx loc_4015F0: ; CODE XREF: sub_401290+399j add bl, 8 and bl, 3Fh mov eax, ss:[ebx+ebp+var_5C] add bl, 18h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] add bl, 14h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] sub bl, 34h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] rol eax, 1 mov ss:[ebx+ebp+var_5C], eax add bl, 4 test bl, 3Fh jnz short loc_4015F0 rol ecx, 5 xor edx, [ebp+var_14] and edx, [ebp+var_C] xor edx, [ebp+var_14] add edx, [ebp+var_5C] add edx, ecx add edx, [ebp+var_18] add edx, 5A827999h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] and edx, [ebp+var_1C] xor edx, [ebp+var_10] add edx, [ebp+var_58] add edx, ecx add edx, [ebp+var_14] add edx, 5A827999h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] and edx, [ebp+var_18] xor edx, [ebp+var_C] add edx, [ebp+var_54] add edx, ecx add edx, [ebp+var_10] add edx, 5A827999h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] and edx, [ebp+var_14] xor edx, [ebp+var_1C] add edx, [ebp+var_50] add edx, ecx add edx, [ebp+var_C] add edx, 5A827999h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_4C] add edx, ecx add edx, [ebp+var_1C] add edx, 6ED9EBA1h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_48] add edx, ecx add edx, [ebp+var_18] add edx, 6ED9EBA1h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_44] add edx, ecx add edx, [ebp+var_14] add edx, 6ED9EBA1h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_40] add edx, ecx add edx, [ebp+var_10] add edx, 6ED9EBA1h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_3C] add edx, ecx add edx, [ebp+var_C] add edx, 6ED9EBA1h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_38] add edx, ecx add edx, [ebp+var_1C] add edx, 6ED9EBA1h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_34] add edx, ecx add edx, [ebp+var_18] add edx, 6ED9EBA1h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_30] add edx, ecx add edx, [ebp+var_14] add edx, 6ED9EBA1h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_2C] add edx, ecx add edx, [ebp+var_10] add edx, 6ED9EBA1h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_28] add edx, ecx add edx, [ebp+var_C] add edx, 6ED9EBA1h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_24] add edx, ecx add edx, [ebp+var_1C] add edx, 6ED9EBA1h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_20] add edx, ecx add edx, [ebp+var_18] add edx, 6ED9EBA1h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx xor ebx, ebx loc_401889: ; CODE XREF: sub_401290+632j add bl, 8 and bl, 3Fh mov eax, ss:[ebx+ebp+var_5C] add bl, 18h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] add bl, 14h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] sub bl, 34h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] rol eax, 1 mov ss:[ebx+ebp+var_5C], eax add bl, 4 test bl, 3Fh jnz short loc_401889 rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_5C] add edx, ecx add edx, [ebp+var_14] add edx, 6ED9EBA1h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_58] add edx, ecx add edx, [ebp+var_10] add edx, 6ED9EBA1h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_54] add edx, ecx add edx, [ebp+var_C] add edx, 6ED9EBA1h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_50] add edx, ecx add edx, [ebp+var_1C] add edx, 6ED9EBA1h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_4C] add edx, ecx add edx, [ebp+var_18] add edx, 6ED9EBA1h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_48] add edx, ecx add edx, [ebp+var_14] add edx, 6ED9EBA1h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_44] add edx, ecx add edx, [ebp+var_10] add edx, 6ED9EBA1h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_40] add edx, ecx add edx, [ebp+var_C] add edx, 6ED9EBA1h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 mov eax, [ebp+var_10] or edx, eax and edx, [ebp+var_18] and eax, [ebp+var_14] or edx, eax add edx, [ebp+var_3C] add edx, ecx add edx, [ebp+var_1C] add edx, 8F1BBCDCh mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 mov eax, [ebp+var_C] or edx, eax and edx, [ebp+var_14] and eax, [ebp+var_10] or edx, eax add edx, [ebp+var_38] add edx, ecx add edx, [ebp+var_18] add edx, 8F1BBCDCh mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 mov eax, [ebp+var_1C] or edx, eax and edx, [ebp+var_10] and eax, [ebp+var_C] or edx, eax add edx, [ebp+var_34] add edx, ecx add edx, [ebp+var_14] add edx, 8F1BBCDCh mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 mov eax, [ebp+var_18] or edx, eax and edx, [ebp+var_C] and eax, [ebp+var_1C] or edx, eax add edx, [ebp+var_30] add edx, ecx add edx, [ebp+var_10] add edx, 8F1BBCDCh mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 mov eax, [ebp+var_14] or edx, eax and edx, [ebp+var_1C] and eax, [ebp+var_18] or edx, eax add edx, [ebp+var_2C] add edx, ecx add edx, [ebp+var_C] add edx, 8F1BBCDCh mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 mov eax, [ebp+var_10] or edx, eax and edx, [ebp+var_18] and eax, [ebp+var_14] or edx, eax add edx, [ebp+var_28] add edx, ecx add edx, [ebp+var_1C] add edx, 8F1BBCDCh mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 mov eax, [ebp+var_C] or edx, eax and edx, [ebp+var_14] and eax, [ebp+var_10] or edx, eax add edx, [ebp+var_24] add edx, ecx add edx, [ebp+var_18] add edx, 8F1BBCDCh mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 mov eax, [ebp+var_1C] or edx, eax and edx, [ebp+var_10] and eax, [ebp+var_C] or edx, eax add edx, [ebp+var_20] add edx, ecx add edx, [ebp+var_14] add edx, 8F1BBCDCh mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx xor ebx, ebx loc_401B4E: ; CODE XREF: sub_401290+8F7j add bl, 8 and bl, 3Fh mov eax, ss:[ebx+ebp+var_5C] add bl, 18h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] add bl, 14h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] sub bl, 34h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] rol eax, 1 mov ss:[ebx+ebp+var_5C], eax add bl, 4 test bl, 3Fh jnz short loc_401B4E rol ecx, 5 mov eax, [ebp+var_18] or edx, eax and edx, [ebp+var_C] and eax, [ebp+var_1C] or edx, eax add edx, [ebp+var_5C] add edx, ecx add edx, [ebp+var_10] add edx, 8F1BBCDCh mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 mov eax, [ebp+var_14] or edx, eax and edx, [ebp+var_1C] and eax, [ebp+var_18] or edx, eax add edx, [ebp+var_58] add edx, ecx add edx, [ebp+var_C] add edx, 8F1BBCDCh mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 mov eax, [ebp+var_10] or edx, eax and edx, [ebp+var_18] and eax, [ebp+var_14] or edx, eax add edx, [ebp+var_54] add edx, ecx add edx, [ebp+var_1C] add edx, 8F1BBCDCh mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 mov eax, [ebp+var_C] or edx, eax and edx, [ebp+var_14] and eax, [ebp+var_10] or edx, eax add edx, [ebp+var_50] add edx, ecx add edx, [ebp+var_18] add edx, 8F1BBCDCh mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 mov eax, [ebp+var_1C] or edx, eax and edx, [ebp+var_10] and eax, [ebp+var_C] or edx, eax add edx, [ebp+var_4C] add edx, ecx add edx, [ebp+var_14] add edx, 8F1BBCDCh mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 mov eax, [ebp+var_18] or edx, eax and edx, [ebp+var_C] and eax, [ebp+var_1C] or edx, eax add edx, [ebp+var_48] add edx, ecx add edx, [ebp+var_10] add edx, 8F1BBCDCh mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 mov eax, [ebp+var_14] or edx, eax and edx, [ebp+var_1C] and eax, [ebp+var_18] or edx, eax add edx, [ebp+var_44] add edx, ecx add edx, [ebp+var_C] add edx, 8F1BBCDCh mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 mov eax, [ebp+var_10] or edx, eax and edx, [ebp+var_18] and eax, [ebp+var_14] or edx, eax add edx, [ebp+var_40] add edx, ecx add edx, [ebp+var_1C] add edx, 8F1BBCDCh mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 mov eax, [ebp+var_C] or edx, eax and edx, [ebp+var_14] and eax, [ebp+var_10] or edx, eax add edx, [ebp+var_3C] add edx, ecx add edx, [ebp+var_18] add edx, 8F1BBCDCh mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 mov eax, [ebp+var_1C] or edx, eax and edx, [ebp+var_10] and eax, [ebp+var_C] or edx, eax add edx, [ebp+var_38] add edx, ecx add edx, [ebp+var_14] add edx, 8F1BBCDCh mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 mov eax, [ebp+var_18] or edx, eax and edx, [ebp+var_C] and eax, [ebp+var_1C] or edx, eax add edx, [ebp+var_34] add edx, ecx add edx, [ebp+var_10] add edx, 8F1BBCDCh mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 mov eax, [ebp+var_14] or edx, eax and edx, [ebp+var_1C] and eax, [ebp+var_18] or edx, eax add edx, [ebp+var_30] add edx, ecx add edx, [ebp+var_C] add edx, 8F1BBCDCh mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_2C] add edx, ecx add edx, [ebp+var_1C] add edx, 0CA62C1D6h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_28] add edx, ecx add edx, [ebp+var_18] add edx, 0CA62C1D6h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_24] add edx, ecx add edx, [ebp+var_14] add edx, 0CA62C1D6h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_20] add edx, ecx add edx, [ebp+var_10] add edx, 0CA62C1D6h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx xor ebx, ebx loc_401E2F: ; CODE XREF: sub_401290+BD8j add bl, 8 and bl, 3Fh mov eax, ss:[ebx+ebp+var_5C] add bl, 18h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] add bl, 14h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] sub bl, 34h and bl, 3Fh xor eax, ss:[ebx+ebp+var_5C] rol eax, 1 mov ss:[ebx+ebp+var_5C], eax add bl, 4 test bl, 3Fh jnz short loc_401E2F rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_5C] add edx, ecx add edx, [ebp+var_C] add edx, 0CA62C1D6h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_58] add edx, ecx add edx, [ebp+var_1C] add edx, 0CA62C1D6h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_54] add edx, ecx add edx, [ebp+var_18] add edx, 0CA62C1D6h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_50] add edx, ecx add edx, [ebp+var_14] add edx, 0CA62C1D6h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_4C] add edx, ecx add edx, [ebp+var_10] add edx, 0CA62C1D6h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_48] add edx, ecx add edx, [ebp+var_C] add edx, 0CA62C1D6h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_44] add edx, ecx add edx, [ebp+var_1C] add edx, 0CA62C1D6h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_40] add edx, ecx add edx, [ebp+var_18] add edx, 0CA62C1D6h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_3C] add edx, ecx add edx, [ebp+var_14] add edx, 0CA62C1D6h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_38] add edx, ecx add edx, [ebp+var_10] add edx, 0CA62C1D6h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_34] add edx, ecx add edx, [ebp+var_C] add edx, 0CA62C1D6h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx rol ecx, 5 xor edx, [ebp+var_18] xor edx, [ebp+var_10] add edx, [ebp+var_30] add edx, ecx add edx, [ebp+var_1C] add edx, 0CA62C1D6h mov [ebp+var_1C], edx mov ecx, edx mov edx, [ebp+var_10] rol edx, 1Eh mov [ebp+var_10], edx rol ecx, 5 xor edx, [ebp+var_14] xor edx, [ebp+var_C] add edx, [ebp+var_2C] add edx, ecx add edx, [ebp+var_18] add edx, 0CA62C1D6h mov [ebp+var_18], edx mov ecx, edx mov edx, [ebp+var_C] rol edx, 1Eh mov [ebp+var_C], edx rol ecx, 5 xor edx, [ebp+var_10] xor edx, [ebp+var_1C] add edx, [ebp+var_28] add edx, ecx add edx, [ebp+var_14] add edx, 0CA62C1D6h mov [ebp+var_14], edx mov ecx, edx mov edx, [ebp+var_1C] rol edx, 1Eh mov [ebp+var_1C], edx rol ecx, 5 xor edx, [ebp+var_C] xor edx, [ebp+var_18] add edx, [ebp+var_24] add edx, ecx add edx, [ebp+var_10] add edx, 0CA62C1D6h mov [ebp+var_10], edx mov ecx, edx mov edx, [ebp+var_18] rol edx, 1Eh mov [ebp+var_18], edx rol ecx, 5 xor edx, [ebp+var_1C] xor edx, [ebp+var_14] add edx, [ebp+var_20] add edx, ecx add edx, [ebp+var_C] add edx, 0CA62C1D6h mov [ebp+var_C], edx mov ecx, edx mov edx, [ebp+var_14] rol edx, 1Eh mov [ebp+var_14], edx mov eax, [ebp+arg_C] add [eax], ecx mov ecx, [ebp+var_10] add [eax+4], ecx add [eax+8], edx mov edx, [ebp+var_18] add [eax+0Ch], edx mov edx, [ebp+var_1C] add [eax+10h], edx cmp [ebp+var_8], 0 jz loc_4012D0 mov edi, [ebp+arg_C] mov ecx, 5 loc_4020E6: ; CODE XREF: sub_401290+E5Bj mov eax, [edi] bswap eax stosd loop loc_4020E6 loc_4020ED: ; CODE XREF: sub_401290+6Fj pop ebx pop esi pop edi ret _MD5 endp end START 上传的附件： keygen.rar （4.59kb，17次下载）
thinkSJ 雪币： 196 活跃值： (135) 能力值： ( LV10，RANK：170 ) 在线值：发帖 9 回帖 611 粉丝 1 关注私信	thinkSJ 4 2006-5-13 19:31 3 楼 0 Xuexi
wan 雪币： 333 活跃值： (40) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 312 粉丝 0 关注私信	wan 2006-5-13 20:16 4 楼 0 最初由 thinkSJ* 发布* Xuexi 学习
Ryosuke 雪币： 370 活跃值： (78) 能力值： ( LV9，RANK：970 ) 在线值：发帖 26 回帖 195 粉丝 3 关注私信	Ryosuke 24 2006-5-13 20:41 5 楼 0 用的不是md5，呵呵，md5是128bit的，16个BYTE的，这里是160bit，20个字节的，是SHA的变种。
inraining 雪币： 234 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 15 回帖 411 粉丝 0 关注私信	inraining 2 2006-5-13 21:07 6 楼 0 呵呵,都是强人,我还没有时间研究,先学习下.最近对MASM比较感兴趣,小虾的src还比较有用:)
aalloverred 雪币： 342 活跃值： (318) 能力值： ( LV12，RANK：740 ) 在线值：发帖 22 回帖 148 粉丝 0 关注私信	aalloverred 18 2006-5-13 21:36 7 楼 0 peid=>KANAL=> "SHA1 [Compress] :: 000011AC :: 00401DAC" 参考(照抄)了狂编的SHA1算法示例 http://www.aogosoft.com/downpage.asp?mode=downsource&id=120 我也贴个源码 .586 .Model Flat, StdCall Option Casemap :None include windows.inc include user32.inc include kernel32.inc include gdi32.inc include comdlg32.inc includelib user32.lib includelib kernel32.lib includelib gdi32.lib includelib comdlg32.lib include rsrc.inc .data WindowsName db "KeyGen for HappyTown crackme_0011 by aal",0 MainClassName db "KeyGenT",0 dlgtxt db "错误!",0 szShortName db "用户名太短（〉=4）",0 szKeyFileName db "Key.reg",0 szKeyFileDone db "注册文件生成!",0 txtSize dd 0 DecDat dd 8 dup(0) username db 256 dup(0) sb dd 0 .data? hInstance dd ? SHA1XOR4 macro xor ebx,ebx @@: add bl,8 and bl,3Fh mov eax,@fx[ebx] ;off=24 add bl,18h and bl,3Fh xor eax,@fx[ebx] ;off=84 add bl,14h and bl,3Fh xor eax,@fx[ebx] ;off=134 sub bl,34h and bl,3Fh xor eax,@fx[ebx] ;off=0 rol eax,1 mov @fx[ebx],eax add bl,4 test bl,3Fh jnz @B endm ;---------- SHA1FUNC1 macro p1,p2,p3,p4 rol ecx,5 xor edx,p1 and edx,p2 xor edx,p1 add edx,p3 add edx,ecx add edx,p4 add edx,5A827999h ;2^30sqr(2) mov p4,edx mov ecx,edx mov edx,p2 rol edx,1Eh mov p2,edx endm ;---------- SHA1FUNC2 macro p1,p2,p3,p4 rol ecx,5 xor edx,p1 xor edx,p2 add edx,p3 add edx,ecx add edx,p4 add edx,6ED9EBA1h ;2^30sqr(3) mov p4,edx mov ecx,edx mov edx,p2 rol edx,1Eh mov p2,edx endm ;---------- SHA1FUNC3 macro p1,p2,p3,p4,p5 rol ecx,5 mov eax,p2 or edx,eax and edx,p1 and eax,p3 or edx,eax add edx,p4 add edx,ecx add edx,p5 add edx,8F1BBCDCh ;2^30sqr(5) mov p5,edx mov ecx,edx mov edx,p2 rol edx,1Eh mov p2,edx endm ;---------- SHA1FUNC4 macro p1,p2,p3,p4 rol ecx,5 xor edx,p1 xor edx,p2 add edx,p3 add edx,ecx add edx,p4 add edx,0CA62C1D6h ;2^30*sqr(10) mov p4,edx mov ecx,edx mov edx,p2 rol edx,1Eh mov p2,edx endm ;---------------- .code SHA1_EnCode proc uses ebx esi edi pSrc,nSize,nTotal,pDest,nSlice local @pRead,@End[4]:byte local @fy[5] local @fx[10h] mov eax,nSlice or eax,eax ;一次性提交? jz setBeg dec eax ;数据开始段? jnz SkipBeg setBeg: mov edi,pDest mov dword ptr [edi],96385241h mov dword ptr [edi+4],0ABECBDAFh mov dword ptr [edi+8],95175346h mov dword ptr [edi+12],85265413h mov dword ptr [edi+16],97641382h SkipBeg: xor eax,eax mov @pRead,eax mov @End,al LoopBlk: mov esi,pSrc lea edi,@fx mov ecx,10h ;每次提取64字节,因此当文件未结束时,nSize必须以64字节(40h)对齐 mov ebx,@pRead @@: lea edx,[ebx+4] cmp edx,nSize ja @F mov eax,[esi+ebx] bswap eax stosd mov ebx,edx loop @B mov @pRead,ebx jmp Enc1 @@: mov eax,nSlice or eax,eax ;一次性提交? jz setEnd cmp eax,3 ;数据结束段? jnz Result setEnd: mov edx,ecx cmp ebx,nSize ja Tail0 sub eax,eax mov ch,4 @@: cmp ebx,nSize jz @F shl eax,8 mov al,[esi+ebx] inc ebx dec ch jmp @B @@: inc ebx mov @pRead,ebx shl eax,8 mov al,80h @@: dec ch jz @F shl eax,8 jmp @B @@: stosd dec ecx jz Enc1 Tail0: sub eax,eax rep stosd cmp dl,3 jb Enc1 mov al,8 mul nTotal mov dword ptr @fx[38h],edx mov dword ptr @fx[3Ch],eax mov @End,1 ;---------- Enc1: mov eax,pDest mov edx,[eax+10h] mov @fy[00h],edx mov edx,[eax+0Ch] mov @fy[04h],edx mov edx,[eax+08h] mov @fy[08h],edx mov ecx,[eax+04h] mov @fy[0Ch],ecx mov ecx,[eax] mov @fy[10h],ecx ;---------- SHA1FUNC1 @fy[04h],@fy[0Ch],@fx[00h],@fy[00h] SHA1FUNC1 @fy[08h],@fy[10h],@fx[04h],@fy[04h] SHA1FUNC1 @fy[0Ch],@fy[00h],@fx[08h],@fy[08h] SHA1FUNC1 @fy[10h],@fy[04h],@fx[0Ch],@fy[0Ch] SHA1FUNC1 @fy[00h],@fy[08h],@fx[10h],@fy[10h] SHA1FUNC1 @fy[04h],@fy[0Ch],@fx[14h],@fy[00h] SHA1FUNC1 @fy[08h],@fy[10h],@fx[18h],@fy[04h] SHA1FUNC1 @fy[0Ch],@fy[00h],@fx[1Ch],@fy[08h] SHA1FUNC1 @fy[10h],@fy[04h],@fx[20h],@fy[0Ch] SHA1FUNC1 @fy[00h],@fy[08h],@fx[24h],@fy[10h] SHA1FUNC1 @fy[04h],@fy[0Ch],@fx[28h],@fy[00h] SHA1FUNC1 @fy[08h],@fy[10h],@fx[2Ch],@fy[04h] SHA1FUNC1 @fy[0Ch],@fy[00h],@fx[30h],@fy[08h] SHA1FUNC1 @fy[10h],@fy[04h],@fx[34h],@fy[0Ch] SHA1FUNC1 @fy[00h],@fy[08h],@fx[38h],@fy[10h] SHA1FUNC1 @fy[04h],@fy[0Ch],@fx[3Ch],@fy[00h] SHA1XOR4 SHA1FUNC1 @fy[08h],@fy[10h],@fx[00h],@fy[04h] SHA1FUNC1 @fy[0Ch],@fy[00h],@fx[04h],@fy[08h] SHA1FUNC1 @fy[10h],@fy[04h],@fx[08h],@fy[0Ch] SHA1FUNC1 @fy[00h],@fy[08h],@fx[0Ch],@fy[10h] ;---------- SHA1FUNC2 @fy[04h],@fy[0Ch],@fx[10h],@fy[00h] SHA1FUNC2 @fy[08h],@fy[10h],@fx[14h],@fy[04h] SHA1FUNC2 @fy[0Ch],@fy[00h],@fx[18h],@fy[08h] SHA1FUNC2 @fy[10h],@fy[04h],@fx[1Ch],@fy[0Ch] SHA1FUNC2 @fy[00h],@fy[08h],@fx[20h],@fy[10h] SHA1FUNC2 @fy[04h],@fy[0Ch],@fx[24h],@fy[00h] SHA1FUNC2 @fy[08h],@fy[10h],@fx[28h],@fy[04h] SHA1FUNC2 @fy[0Ch],@fy[00h],@fx[2Ch],@fy[08h] SHA1FUNC2 @fy[10h],@fy[04h],@fx[30h],@fy[0Ch] SHA1FUNC2 @fy[00h],@fy[08h],@fx[34h],@fy[10h] SHA1FUNC2 @fy[04h],@fy[0Ch],@fx[38h],@fy[00h] SHA1FUNC2 @fy[08h],@fy[10h],@fx[3Ch],@fy[04h] SHA1XOR4 SHA1FUNC2 @fy[0Ch],@fy[00h],@fx[00h],@fy[08h] SHA1FUNC2 @fy[10h],@fy[04h],@fx[04h],@fy[0Ch] SHA1FUNC2 @fy[00h],@fy[08h],@fx[08h],@fy[10h] SHA1FUNC2 @fy[04h],@fy[0Ch],@fx[0Ch],@fy[00h] SHA1FUNC2 @fy[08h],@fy[10h],@fx[10h],@fy[04h] SHA1FUNC2 @fy[0Ch],@fy[00h],@fx[14h],@fy[08h] SHA1FUNC2 @fy[10h],@fy[04h],@fx[18h],@fy[0Ch] SHA1FUNC2 @fy[00h],@fy[08h],@fx[1Ch],@fy[10h] ;---------- SHA1FUNC3 @fy[04h],@fy[0Ch],@fy[08h],@fx[20h],@fy[00h] SHA1FUNC3 @fy[08h],@fy[10h],@fy[0Ch],@fx[24h],@fy[04h] SHA1FUNC3 @fy[0Ch],@fy[00h],@fy[10h],@fx[28h],@fy[08h] SHA1FUNC3 @fy[10h],@fy[04h],@fy[00h],@fx[2Ch],@fy[0Ch] SHA1FUNC3 @fy[00h],@fy[08h],@fy[04h],@fx[30h],@fy[10h] SHA1FUNC3 @fy[04h],@fy[0Ch],@fy[08h],@fx[34h],@fy[00h] SHA1FUNC3 @fy[08h],@fy[10h],@fy[0Ch],@fx[38h],@fy[04h] SHA1FUNC3 @fy[0Ch],@fy[00h],@fy[10h],@fx[3Ch],@fy[08h] SHA1XOR4 SHA1FUNC3 @fy[10h],@fy[04h],@fy[00h],@fx[00h],@fy[0Ch] SHA1FUNC3 @fy[00h],@fy[08h],@fy[04h],@fx[04h],@fy[10h] SHA1FUNC3 @fy[04h],@fy[0Ch],@fy[08h],@fx[08h],@fy[00h] SHA1FUNC3 @fy[08h],@fy[10h],@fy[0Ch],@fx[0Ch],@fy[04h] SHA1FUNC3 @fy[0Ch],@fy[00h],@fy[10h],@fx[10h],@fy[08h] SHA1FUNC3 @fy[10h],@fy[04h],@fy[00h],@fx[14h],@fy[0Ch] SHA1FUNC3 @fy[00h],@fy[08h],@fy[04h],@fx[18h],@fy[10h] SHA1FUNC3 @fy[04h],@fy[0Ch],@fy[08h],@fx[1Ch],@fy[00h] SHA1FUNC3 @fy[08h],@fy[10h],@fy[0Ch],@fx[20h],@fy[04h] SHA1FUNC3 @fy[0Ch],@fy[00h],@fy[10h],@fx[24h],@fy[08h] SHA1FUNC3 @fy[10h],@fy[04h],@fy[00h],@fx[28h],@fy[0Ch] SHA1FUNC3 @fy[00h],@fy[08h],@fy[04h],@fx[2Ch],@fy[10h] SHA1FUNC4 @fy[04h],@fy[0Ch],@fx[30h],@fy[00h] SHA1FUNC4 @fy[08h],@fy[10h],@fx[34h],@fy[04h] SHA1FUNC4 @fy[0Ch],@fy[00h],@fx[38h],@fy[08h] SHA1FUNC4 @fy[10h],@fy[04h],@fx[3Ch],@fy[0Ch] SHA1XOR4 SHA1FUNC4 @fy[00h],@fy[08h],@fx[00h],@fy[10h] SHA1FUNC4 @fy[04h],@fy[0Ch],@fx[04h],@fy[00h] SHA1FUNC4 @fy[08h],@fy[10h],@fx[08h],@fy[04h] SHA1FUNC4 @fy[0Ch],@fy[00h],@fx[0Ch],@fy[08h] SHA1FUNC4 @fy[10h],@fy[04h],@fx[10h],@fy[0Ch] SHA1FUNC4 @fy[00h],@fy[08h],@fx[14h],@fy[10h] SHA1FUNC4 @fy[04h],@fy[0Ch],@fx[18h],@fy[00h] SHA1FUNC4 @fy[08h],@fy[10h],@fx[1Ch],@fy[04h] SHA1FUNC4 @fy[0Ch],@fy[00h],@fx[20h],@fy[08h] SHA1FUNC4 @fy[10h],@fy[04h],@fx[24h],@fy[0Ch] SHA1FUNC4 @fy[00h],@fy[08h],@fx[28h],@fy[10h] SHA1FUNC4 @fy[04h],@fy[0Ch],@fx[2Ch],@fy[00h] SHA1FUNC4 @fy[08h],@fy[10h],@fx[30h],@fy[04h] SHA1FUNC4 @fy[0Ch],@fy[00h],@fx[34h],@fy[08h] SHA1FUNC4 @fy[10h],@fy[04h],@fx[38h],@fy[0Ch] SHA1FUNC4 @fy[00h],@fy[08h],@fx[3Ch],@fy[10h] mov eax,pDest add [eax],ecx mov ecx,@fy[0Ch] add [eax+04h],ecx add [eax+08h],edx mov edx,@fy[04h] add [eax+0Ch],edx mov edx,@fy[00h] add [eax+10h],edx cmp @End,0 jz LoopBlk mov edi,pDest mov ecx,5 @@: mov eax,[edi] bswap eax stosd loop @B Result: ret SHA1_EnCode endp ;-------------- SHA1_GetCode PROC PUBLIC pSrc:DWORD,nSize:DWORD,pDest:DWORD invoke SHA1_EnCode,pSrc,nSize,nSize,pDest,0 ret SHA1_GetCode ENDP KeyGen proc uses ebx esi edi,hWnd:DWORD local hFile xor al,al mov byte ptr[username+1],al invoke GetDlgItemText,hWnd,IDC_EDT1,addr username+1,255 cmp eax,4 jl wrong mov txtSize,eax invoke SHA1_GetCode,addr username+1,txtSize,addr DecDat mov eax,txtSize inc eax mov txtSize,eax invoke CreateFile,addr szKeyFileName,GENERIC_WRITE,FILE_SHARE_READ,\ NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL mov hFile,eax invoke WriteFile,hFile,addr DecDat,20,addr sb,NULL invoke WriteFile,hFile,addr username,dword ptr [txtSize],addr sb,NULL invoke CloseHandle,hFile invoke MessageBox,hWnd,addr szKeyFileDone,addr WindowsName,MB_OK jmp Result wrong: invoke MessageBox,hWnd,addr szShortName,addr dlgtxt,MB_OK Result: ret KeyGen endp dlgproc proc hWnd:DWORD,wMsg:DWORD,wParam:DWORD,lParam:DWORD mov eax,wMsg .if eax == WM_CLOSE invoke EndDialog,hWnd,NULL .elseif eax == WM_COMMAND mov eax,wParam .if eax == IDC_BTN1 invoke KeyGen,hWnd .endif .else mov eax,FALSE ret .endif mov eax,TRUE ret dlgproc endp ;========================================= start: invoke GetModuleHandle,NULL mov hInstance,eax invoke DialogBoxParam,hInstance,IDD_DLG1,NULL,addr dlgproc,NULL invoke ExitProcess,eax ;======================================= end start 上传的附件： keygen.zip （1.88kb，5次下载）
斩天雪币： 225 活跃值： (961) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 115 粉丝 0 关注私信	斩天 2006-5-14 09:11 8 楼 0 汇编高手的对决
happytown 雪币： 721 活跃值： (350) 能力值： ( LV9，RANK：1250 ) 在线值：发帖 132 回帖 1022 粉丝 1 关注私信	happytown 31 2006-5-15 08:03 9 楼 0 的确是变形的SHA1。
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复