0x1:解密函数入口 void _cdecl sub_DD5090(int a1, int a2, int a3, _int128 *a4, int a5, int a6, int a7) { __int128 v7; // xmm0 struct_a1 v8; // [esp-10h] [ebp-A8h] int v9; // [esp-8h] [ebp-A0h] int a1a[6]; // [esp+14h] [ebp-84h] char v11[16]; // [esp+6Ch] [ebp-2Ch] int v12; // [esp+7Ch] [ebp-1Ch] int v13; // [esp+80h] [ebp-18h] int v14; // [esp+84h] [ebp-14h]
v7 = a4; v12 = a2;
(_OWORD )v11 = v7; v13 = 0x546C4173; a1a[0] = 0x67452301; a1a[1] = 0xEFCDAB89; a1a[2] = 0x98BADCFE; a1a[3] = 0x10325476; a1a[4] = 0; a1a[5] = 0; md5_calc(a1a, v11, 0x18u); sub_DD5940(v11, (int)a1a); sub_DD56D0(a1, a2, &v14); sub_DD70F0( (_DWORD )(a1 + 0x2C), 1, a3 == 0, (int)v11, 0, (int)&v14); v9 = 8 a6; v8 = (struct_a1 **)(a1 + 0x2C); if ( a3 ) aes_encrypt(v8, (_DWORD )a5, v9, a7); else aes_decrypt(v8, (_DWORD )a5, v9, (char )a7); }
0x2:解密函数 void __cdecl aes_decrypt(struct_a1 a1, _DWORD in, int a3, char out) { struct_a1 v4; // ecx int v5; // edi _DWORD v6; // ebp int v7; // esi int v8; // edi int v9; // edi int v10; // ebx char v11; // bl char v12; // cl char v13; // ch int v14; // ebx char v15; // edi int v16; // esi signed int v17; // eax int v18; // edi char *v19; // esi char v20[16]; // [esp+0h] [ebp-38h] int v21; // [esp+10h] [ebp-28h] char v22[16]; // [esp+18h] [ebp-20h] char a2[16]; // [esp+28h] [ebp-10h]
v4 = a1; if ( !a1->dword0 ) { v5 = a1->dword4; if ( v5 == 2 || a1->dword8 ) { v6 = in; if ( in ) { if ( a3 > 0 ) { v7 = a3 / 0x80; if ( v5 ) { v8 = v5 - 1; if ( v8 ) { if ( v8 == 1 ) { v9 = a3 / 0x80; (_DWORD )v22 = (_DWORD )a1->key; (_DWORD )&v22[4] = (_DWORD )&a1->key[4]; (_DWORD )&v22[8] = (_DWORD )&a1->key[8]; (_DWORD )&v22[12] = (_DWORD )&a1->key[12]; if ( v7 > 0 ) { v20[15] = v22[15]; v20[14] = v22[14]; v20[13] = v22[13]; v20[12] = v22[12]; v20[11] = v22[11]; v20[10] = v22[10]; v20[9] = v22[9]; v20[8] = v22[8]; v20[7] = v22[7]; v20[6] = v22[6]; v20[5] = v22[5]; v20[4] = v22[4]; v20[3] = v22[3]; v20[2] = v22[2]; v20[1] = v22[1]; v20[0] = v22[0]; do { LOBYTE(v10) = 0; v21 = 0; do { (_OWORD )a2 = (_OWORD )v22; sub_DD6CE0(v4, a2, a2); v20[0] = ((unsigned int8)v20[1] >> 7) | 2 * v20[0]; v22[0] = v20[0]; v20[1] = ((unsigned int8)v20[2] >> 7) | 2 v20[1]; v22[1] = v20[1]; v20[2] = ((unsigned __int8)v20[3] >> 7) | 2 v20[2]; v22[2] = v20[2]; v20[3] = ((unsigned int8)v20[4] >> 7) | 2 * v20[3]; v22[3] = v20[3]; v20[4] = ((unsigned int8)v20[5] >> 7) | 2 v20[4]; v22[4] = v20[4]; v20[5] = ((unsigned __int8)v20[6] >> 7) | 2 v20[5]; v22[5] = v20[5]; v20[6] = ((unsigned int8)v20[7] >> 7) | 2 * v20[6]; v22[6] = v20[6]; v20[7] = ((unsigned int8)v20[8] >> 7) | 2 v20[7]; v22[7] = v20[7]; v20[8] = ((unsigned __int8)v20[9] >> 7) | 2 v20[8]; v22[8] = v20[8]; v20[9] = ((unsigned int8)v20[10] >> 7) | 2 * v20[9]; v22[9] = v20[9]; v20[10] = ((unsigned int8)v20[11] >> 7) | 2 v20[10]; v22[10] = v20[10]; v11 = v10 & 7; v20[11] = ((unsigned __int8)v20[12] >> 7) | 2 v20[11]; v22[11] = v20[11]; v20[12] = ((unsigned int8)v20[13] >> 7) | 2 * v20[12]; v22[12] = v20[12]; v20[13] = ((unsigned int8)v20[14] >> 7) | 2 v20[13]; v22[13] = v20[13]; v20[14] = ((unsigned __int8)v20[15] >> 7) | 2 v20[14]; v22[14] = v20[14]; v12 = v11; v13 = (((_BYTE )in + v21 / 8) >> (7 - v11)) & 1 | 2 v20[15]; v10 = v21 + 1; v20[15] = v13; out[v21 / 8] ^= (unsigned __int8)(a2[0] & 0x80) >> v12; v22[15] = v13; v4 = a1; v21 = v10; } while ( v10 < 128 ); --v9; } while ( v9 > 0 ); } } } else { v14 = a3 / 0x80;
(_DWORD )v22 = (_DWORD )a1->key;
(_DWORD )&v22[4] = (_DWORD )&a1->key[4];
(_DWORD )&v22[8] = (_DWORD )&a1->key[8];
(_DWORD )&v22[12] = (_DWORD )&a1->key[12]; if ( v7 > 0 ) { v15 = out; v16 = (char )in - v22; do { sub_DD6910(v4, v6, (int)a2); v17 = 0; (__m128i )a2 = _mm_xor_si128((__m128i )v22, (__m128i )a2); do { (_DWORD )&v22[v17] = (_DWORD )&v22[v17 + v16]; (_DWORD )&v15[v17] = (_DWORD )&a2[v17]; v17 += 4; } while ( v17 < 16 ); v4 = a1; --v14; v6 += 4; v16 += 16; v15 += 16; } while ( v14 > 0 ); } } } else { v18 = a3 / 0x80; if ( v7 > 0 ) { v19 = out; do { sub_DD6910(v4, &v19[(char )in - out], (int)v19); v4 = a1; --v18; v19 += 16; } while ( v18 > 0 ); } } } } } } }*0x3:可以x64动态调试,联系我拿具体资料
0x4:下载链接:https://cowtransfer.com/s/2108c83051d14f 取件码:402311
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
最后于 2020-11-12 15:02
被Hugo_编辑
,原因:
上传的附件: