-
-
[原创]第3题WP之手撕AES
-
发表于: 2022-5-13 18:40
-
解出5个算法即可
算法未强解,有挺多都是自旋,调用加密函数3次或1次就解密了。
代码如下
#define _CRT_SECURE_NO_WARNINGS#include <windows.h>#include <iostream>#include "IDAH.h"//2222222222222222
unsigned char g_Arr_test[] = { 0xF6,0x6B,0xDE,0xFF,0x2C,0xD0,0x19,0x7A,0xFA,0xAA,0x74,0xEF,0xC4,0x80,0x61,0xD1 };
unsigned char g_Arr[] = { 0x57,0x7C,0xF5,0x6D,0x56,0x96,0x77,0x45,0xB0,0xBD,0xA1,0xC7,0x89,0xA5,0xAB,0xDC,0xF2,0xF4,0x4B,0xFE,0xBE,0xF5,0xF5,0x5C,0x4D,0x30,0x42,0x0F,0x2B,0x3B,0xE6,0xCB };
unsigned char g_Arr1[] = { 0x57,0x7C,0xF5,0x6D,0x56,0x96,0x77,0x45,0xB0,0xBD,0xA1,0xC7,0x89,0xA5,0xAB,0xDC};
unsigned char g_Arr2[] = { 0xF2,0xF4,0x4B,0xFE,0xBE,0xF5,0xF5,0x5C,0x4D,0x30,0x42,0x0F,0x2B,0x3B,0xE6,0xCB };
unsigned char g_Key1[] = { 0xFF, 0xB1, 0x65, 0x2F, 0xD0, 0x86, 0xED, 0x31, 0x0F, 0x5C, 0x28, 0x9A, 0x9D, 0x05, 0x48, 0x40 };
unsigned char g_Key2[] = { 0xF6, 0xEF, 0x0E, 0x7C, 0x26, 0x69, 0xE3, 0x4D, 0x29, 0x35, 0xCB, 0xD7, 0xB4, 0x30, 0x83, 0x97 };
unsigned char g_Key3[] = { 0x7E, 0x62, 0x0A, 0x92, 0x58, 0x0B, 0xE9, 0xDF, 0x71, 0x3E, 0x22, 0x08, 0xC5, 0x0E, 0xA1, 0x9F };
unsigned char g_Key4[] = { 0xA5, 0xC4, 0xA1, 0xA4, 0xFD, 0xCF, 0x48, 0x7B, 0x8C, 0xF1, 0x6A, 0x73, 0x49, 0xFF, 0xCB, 0xEC };
unsigned char g_Key5[] = { 0x6B, 0xFF, 0xB7, 0xB3, 0x96, 0x30, 0xFF, 0xC8, 0x1A, 0xC1, 0x95, 0xBB, 0x53, 0x3E, 0x5E, 0x57 };
unsigned char g_Key6[] = { 0x30, 0x12, 0x05, 0xFB, 0xA6, 0x22, 0xFA, 0x33, 0xBC, 0xE3, 0x6F, 0x88, 0xEF, 0xDD, 0x31, 0xDF };
unsigned char g_Key7[] = { 0xAE, 0xCD, 0xC4, 0x1C, 0x08, 0xEF, 0x3E, 0x2F, 0xB4, 0x0C, 0x51, 0xA7, 0x5B, 0xD1, 0x60, 0x78 };
unsigned char g_Key8[] = { 0x12, 0xF4, 0xFA, 0x8C, 0x1A, 0x1B, 0xC4, 0xA3, 0xAE, 0x17, 0x95, 0x04, 0xF5, 0xC6, 0xF5, 0x7C };
unsigned char g_Key9[] = { 0x02, 0x12, 0x4E, 0xEA, 0x18, 0x09, 0x8A, 0x49, 0xB6, 0x1E, 0x1F, 0x4D, 0x43, 0xD8, 0xEA, 0x31 };
unsigned char g_Key10[] = { 0xC5, 0x08, 0x2F, 0x76, 0xDD, 0x01, 0xA5, 0x3F, 0x6B, 0x1F, 0xBA, 0x72, 0x28, 0xC7, 0x50, 0x43 };
unsigned char g_Key11[] = { 0xDF, 0x3C, 0xE9, 0x13, 0x02, 0x3D, 0x4C, 0x2C, 0x69, 0x22, 0xF6, 0x5E, 0x41, 0xE5, 0xA6, 0x1D };
unsigned char byte_27B000[] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16,
0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D };
//constexpr BYTE aaa = byte_27B000[0x71];
//constexpr BYTE aaa2 = byte_27B000[0xA3];
std::string ArrayToStr(unsigned char* arr, size_t length)
{ char* buffer = new char[length * 5];
memset(buffer, 0, length * 5);
char tmp_buffer[5] = { 0 };
for (size_t i = 0; i < length; i++)
{
if (i == length - 1)
{
sprintf_s(tmp_buffer, sizeof(tmp_buffer) - 1, "%02X", arr[i]);
}
else
{
sprintf_s(tmp_buffer, sizeof(tmp_buffer) - 1, "%02X ", arr[i]);
}
strcat_s(buffer, length * 5 - 1, tmp_buffer);
}
std::string strRet = buffer;
delete[] buffer;
return strRet;
}//算法0 自旋?
int __cdecl sub_271500(int a1, _BYTE* a2)
{ int j; // [esp+0h] [ebp-8h]
int i; // [esp+4h] [ebp-4h]
for (i = 0; i < 4; ++i)
{
for (j = 0; j < 4; ++j)
*(_BYTE*)(a1 + 4 * j + i) = *a2++;
}
return 0;
}//算法1
int __cdecl sub_271A60(BYTE* a1)
{ int j; // [esp+0h] [ebp-8h]
int i; // [esp+4h] [ebp-4h]
for (i = 0; i < 4; ++i)
{
for (j = 0; j < 4; ++j)
{
BYTE bTmp = a1[4 * i + j];
a1[4 * i + j] = byte_27B000[bTmp];
}
}
//for (i = 0; i < 16; ++i)
//{
// BYTE bTmp = a1[i];
// a1[i] = byte_27B000[bTmp];
//}
return 0;
}//算法1解密
int __cdecl sub_271A60_decode(BYTE* a1)
{ int j; // [esp+0h] [ebp-8h]
int i; // [esp+4h] [ebp-4h]
for (i = 0; i < 16; ++i)
{
BYTE bTmp = a1[i];
for (j = 0; j <= 0xFF; j++)
{
if (byte_27B000[j] == bTmp)
{
a1[i] = (BYTE)j;
break;
}
}
}
return 0;
}//算法2
//对称-加解密不同函数
//翻转int
static int sub_271AE0_decode_reverse_int(int value)
{ int new_value = 0;
*(BYTE*)((BYTE*)&new_value + 3) = *(BYTE*)((BYTE*)&value + 0);
*(BYTE*)((BYTE*)&new_value + 2) = *(BYTE*)((BYTE*)&value + 1);
*(BYTE*)((BYTE*)&new_value + 1) = *(BYTE*)((BYTE*)&value + 2);
*(BYTE*)((BYTE*)&new_value + 0) = *(BYTE*)((BYTE*)&value + 3);
return new_value;
}int __cdecl sub_271AE0_decode(BYTE* data)
{ int data2[4] = { 0 };
data2[0] = *(int*)&data[0];
data2[1] = sub_271AE0_decode_reverse_int((sub_271AE0_decode_reverse_int(*(int*)&data[4]) << 8) | ((sub_271AE0_decode_reverse_int(*(int*)&data[4]) >> 24) & 0x000000FF));
data2[2] = sub_271AE0_decode_reverse_int((sub_271AE0_decode_reverse_int(*(int*)&data[8]) << 16) | ((sub_271AE0_decode_reverse_int(*(int*)&data[8]) >> 16) & 0x0000FFFF));
data2[3] = sub_271AE0_decode_reverse_int((sub_271AE0_decode_reverse_int(*(int*)&data[12]) << 24) | ((sub_271AE0_decode_reverse_int(*(int*)&data[12]) >> 8) & 0x00FFFFFF));
memcpy(data, data2, 16);
return 0;
}//算法3
char __cdecl sub_271D50(unsigned __int8 a1, char a2){ int v3; // [esp+10h] [ebp-24h]
int i; // [esp+14h] [ebp-20h]
char v5; // [esp+1Bh] [ebp-19h]
v5 = 0;
//printf("%x %x\n", a1, a2);
for (i = 0; i < 8; ++i)
{
if ((a1 & 1) != 0) //如果a1最后一位是1 只存在3种清空 1 2 3 01 10 11
v5 ^= a2;
v3 = a2 & 0x80; // > 0x80 就 *2^0x1B < 0x80就*2
a2 *= 2;
if (v3)
a2 ^= 0x1Bu;
a1 >>= 1;
}
//printf("%x\n", v5);
return v5;
}int __cdecl sub_271E50(BYTE* a1)
{ char v1; // bl
char v2; // bl
char v3; // bl
int l; // [esp+Ch] [ebp-40h]
int k; // [esp+10h] [ebp-3Ch]
int j; // [esp+14h] [ebp-38h]
int i; // [esp+18h] [ebp-34h]
char v9[44]; // [esp+20h] [ebp-2Ch] BYREF
v9[0] = 2;
v9[1] = 3;
v9[2] = 1;
v9[3] = 1;
v9[4] = 1;
v9[5] = 2;
v9[6] = 3;
v9[7] = 1;
v9[8] = 1;
v9[9] = 1;
v9[0xA] = 2;
v9[0xB] = 3;
v9[0xC] = 3;
v9[0xD] = 1;
v9[0xE] = 1;
v9[0xF] = 2;
//for (i = 0; i < 4; ++i)
//{
// for (j = 0; j < 4; ++j)
// v9[4 * i + 0x18 + j] = a1[4 * i + j];
//}
for (i = 0; i < 16; ++i)
{
v9[i + 0x18] = a1[i];
}
for (k = 0; k < 4; ++k)
{
for (l = 0; l < 4; ++l)
{
v1 = sub_271D50(v9[4 * k], v9[l + 0x18]);
v2 = sub_271D50(v9[4 * k + 1], v9[l + 0x1C]) ^ v1;
v3 = sub_271D50(v9[4 * k + 2], v9[l + 0x20]) ^ v2;
a1[4 * k + l] = sub_271D50(v9[4 * k + 3], v9[l + 0x24]) ^ v3;
}
}
return 0;
}int __cdecl sub_271E50_decode(BYTE* a1)
{ //旋转? 旋3下解密
sub_271E50(a1);
sub_271E50(a1);
sub_271E50(a1);
return 0;
}//算法4
//ok 对称-加解密同函数
int __cdecl sub_271970(BYTE* a1, BYTE* a2)
{ int j; // [esp+0h] [ebp-20h]
int i; // [esp+4h] [ebp-1Ch]
int v5[5]; // [esp+Ch] [ebp-14h] BYREF
v5[0] = 0xCCCCCCCC;
v5[1] = 0xCCCCCCCC;
v5[2] = 0xCCCCCCCC;
v5[3] = 0xCCCCCCCC;
v5[4] = 0xCCCCCCCC;
for (i = 0; i < 4; ++i)
{
for (j = 0; j < 4; ++j)
{
*((BYTE*)&v5[i] + j) = *(DWORD*)&a2[4 * j] >> (8 * (3 - i));
a1[4 * i + j] ^= *((BYTE*)&v5[i] + j);
}
}
return 0;
}//算法5-输出
//ok 对称-加解密同函数
int __cdecl sub_271570(BYTE* a1, BYTE* a2)
{ int j; // [esp+0h] [ebp-8h]
int i; // [esp+4h] [ebp-4h]
for (i = 0; i < 4; ++i)
{
for (j = 0; j < 4; ++j)
*a2++ = *(BYTE*)(a1 + 4 * j + i);
}
return 0;
}std::string decode(BYTE* arr)
{ unsigned char tmp_arr[17] = { 0 };
sub_271570(arr, tmp_arr);
sub_271970(tmp_arr, g_Key11); //4
sub_271AE0_decode(tmp_arr); //2
sub_271A60_decode(tmp_arr); //1
printf("%s\n", ArrayToStr(tmp_arr, 16).c_str());
//循环9
sub_271970(tmp_arr, g_Key10); //4
printf("1:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271E50_decode(tmp_arr); //3
printf("2:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271AE0_decode(tmp_arr); //2
printf("3:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271A60_decode(tmp_arr); //1
printf("4:%s\n", ArrayToStr(tmp_arr, 16).c_str());
//循环8
sub_271970(tmp_arr, g_Key9); //4
printf("1:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271E50_decode(tmp_arr); //3
printf("2:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271AE0_decode(tmp_arr); //2
printf("3:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271A60_decode(tmp_arr); //1
printf("4:%s\n", ArrayToStr(tmp_arr, 16).c_str());
//循环7
sub_271970(tmp_arr, g_Key8); //4
printf("1:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271E50_decode(tmp_arr); //3
printf("2:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271AE0_decode(tmp_arr); //2
printf("3:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271A60_decode(tmp_arr); //1
printf("4:%s\n", ArrayToStr(tmp_arr, 16).c_str());
//循环6
sub_271970(tmp_arr, g_Key7); //4
printf("1:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271E50_decode(tmp_arr); //3
printf("2:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271AE0_decode(tmp_arr); //2
printf("3:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271A60_decode(tmp_arr); //1
printf("4:%s\n", ArrayToStr(tmp_arr, 16).c_str());
//循环5
sub_271970(tmp_arr, g_Key6); //4
printf("1:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271E50_decode(tmp_arr); //3
printf("2:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271AE0_decode(tmp_arr); //2
printf("3:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271A60_decode(tmp_arr); //1
printf("4:%s\n", ArrayToStr(tmp_arr, 16).c_str());
//循环4
sub_271970(tmp_arr, g_Key5); //4
printf("1:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271E50_decode(tmp_arr); //3
printf("2:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271AE0_decode(tmp_arr); //2
printf("3:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271A60_decode(tmp_arr); //1
printf("4:%s\n", ArrayToStr(tmp_arr, 16).c_str());
//循环3
sub_271970(tmp_arr, g_Key4); //4
printf("1:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271E50_decode(tmp_arr); //3
printf("2:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271AE0_decode(tmp_arr); //2
printf("3:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271A60_decode(tmp_arr); //1
printf("4:%s\n", ArrayToStr(tmp_arr, 16).c_str());
//循环2
sub_271970(tmp_arr, g_Key3); //4
printf("1:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271E50_decode(tmp_arr); //3
printf("2:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271AE0_decode(tmp_arr); //2
printf("3:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271A60_decode(tmp_arr); //1
printf("4:%s\n", ArrayToStr(tmp_arr, 16).c_str());
//循环1
sub_271970(tmp_arr, g_Key2); //4
printf("1:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271E50_decode(tmp_arr); //3
printf("2:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271AE0_decode(tmp_arr); //2
printf("3:%s\n", ArrayToStr(tmp_arr, 16).c_str());
sub_271A60_decode(tmp_arr); //1
printf("4:%s\n", ArrayToStr(tmp_arr, 16).c_str());
//最后算法4解出明文
sub_271970(tmp_arr, g_Key1); //4
printf("%s [%s]\n", ArrayToStr(tmp_arr, 16).c_str(),(const char*)tmp_arr);
//自旋一下
BYTE key_arr[17] = { 0 };
sub_271500((int)key_arr, tmp_arr);
printf("%s\n", (const char*)key_arr);
//TODO 4321循环9次 算法3未解密
std::string strRet = (const char*)key_arr;
return strRet;
}int main()
{ //作者放的干扰
byte_27B000[0x71] ^= byte_27B000[0xA3];
byte_27B000[0xA3] ^= byte_27B000[0x71];
byte_27B000[0x71] ^= byte_27B000[0xA3];
//干扰2
//byte_27B200[0x10] = 0xF4;
//byte_27B200[0x11] = 0xF2;
g_Arr2[0] = 0xF4;
g_Arr2[1] = 0xF2;
std::string strKey1 = decode(g_Arr1);
std::string strKey2 = decode(g_Arr2);
std::string strKey = strKey1 + strKey2;
printf("%s\n", strKey.c_str());
system("pause");
return 0;
}#define _CRT_SECURE_NO_WARNINGS#include <windows.h>#include <iostream>#include "IDAH.h"//2222222222222222
unsigned char g_Arr_test[] = { 0xF6,0x6B,0xDE,0xFF,0x2C,0xD0,0x19,0x7A,0xFA,0xAA,0x74,0xEF,0xC4,0x80,0x61,0xD1 };
unsigned char g_Arr[] = { 0x57,0x7C,0xF5,0x6D,0x56,0x96,0x77,0x45,0xB0,0xBD,0xA1,0xC7,0x89,0xA5,0xAB,0xDC,0xF2,0xF4,0x4B,0xFE,0xBE,0xF5,0xF5,0x5C,0x4D,0x30,0x42,0x0F,0x2B,0x3B,0xE6,0xCB };
unsigned char g_Arr1[] = { 0x57,0x7C,0xF5,0x6D,0x56,0x96,0x77,0x45,0xB0,0xBD,0xA1,0xC7,0x89,0xA5,0xAB,0xDC};
unsigned char g_Arr2[] = { 0xF2,0xF4,0x4B,0xFE,0xBE,0xF5,0xF5,0x5C,0x4D,0x30,0x42,0x0F,0x2B,0x3B,0xE6,0xCB };
unsigned char g_Key1[] = { 0xFF, 0xB1, 0x65, 0x2F, 0xD0, 0x86, 0xED, 0x31, 0x0F, 0x5C, 0x28, 0x9A, 0x9D, 0x05, 0x48, 0x40 };
unsigned char g_Key2[] = { 0xF6, 0xEF, 0x0E, 0x7C, 0x26, 0x69, 0xE3, 0x4D, 0x29, 0x35, 0xCB, 0xD7, 0xB4, 0x30, 0x83, 0x97 };
unsigned char g_Key3[] = { 0x7E, 0x62, 0x0A, 0x92, 0x58, 0x0B, 0xE9, 0xDF, 0x71, 0x3E, 0x22, 0x08, 0xC5, 0x0E, 0xA1, 0x9F };
unsigned char g_Key4[] = { 0xA5, 0xC4, 0xA1, 0xA4, 0xFD, 0xCF, 0x48, 0x7B, 0x8C, 0xF1, 0x6A, 0x73, 0x49, 0xFF, 0xCB, 0xEC };
unsigned char g_Key5[] = { 0x6B, 0xFF, 0xB7, 0xB3, 0x96, 0x30, 0xFF, 0xC8, 0x1A, 0xC1, 0x95, 0xBB, 0x53, 0x3E, 0x5E, 0x57 };
unsigned char g_Key6[] = { 0x30, 0x12, 0x05, 0xFB, 0xA6, 0x22, 0xFA, 0x33, 0xBC, 0xE3, 0x6F, 0x88, 0xEF, 0xDD, 0x31, 0xDF };
unsigned char g_Key7[] = { 0xAE, 0xCD, 0xC4, 0x1C, 0x08, 0xEF, 0x3E, 0x2F, 0xB4, 0x0C, 0x51, 0xA7, 0x5B, 0xD1, 0x60, 0x78 };
unsigned char g_Key8[] = { 0x12, 0xF4, 0xFA, 0x8C, 0x1A, 0x1B, 0xC4, 0xA3, 0xAE, 0x17, 0x95, 0x04, 0xF5, 0xC6, 0xF5, 0x7C };
unsigned char g_Key9[] = { 0x02, 0x12, 0x4E, 0xEA, 0x18, 0x09, 0x8A, 0x49, 0xB6, 0x1E, 0x1F, 0x4D, 0x43, 0xD8, 0xEA, 0x31 };
unsigned char g_Key10[] = { 0xC5, 0x08, 0x2F, 0x76, 0xDD, 0x01, 0xA5, 0x3F, 0x6B, 0x1F, 0xBA, 0x72, 0x28, 0xC7, 0x50, 0x43 };
unsigned char g_Key11[] = { 0xDF, 0x3C, 0xE9, 0x13, 0x02, 0x3D, 0x4C, 0x2C, 0x69, 0x22, 0xF6, 0x5E, 0x41, 0xE5, 0xA6, 0x1D };
unsigned char byte_27B000[] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16,
0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D };
//constexpr BYTE aaa = byte_27B000[0x71];
//constexpr BYTE aaa2 = byte_27B000[0xA3];
std::string ArrayToStr(unsigned char* arr, size_t length)
{ char* buffer = new char[length * 5];
memset(buffer, 0, length * 5);
char tmp_buffer[5] = { 0 };
for (size_t i = 0; i < length; i++)
{
if (i == length - 1)
{
sprintf_s(tmp_buffer, sizeof(tmp_buffer) - 1, "%02X", arr[i]);
}
else
{
sprintf_s(tmp_buffer, sizeof(tmp_buffer) - 1, "%02X ", arr[i]);
}
strcat_s(buffer, length * 5 - 1, tmp_buffer);
}
std::string strRet = buffer;
delete[] buffer;
return strRet;
}//算法0 自旋?
int __cdecl sub_271500(int a1, _BYTE* a2)
{ int j; // [esp+0h] [ebp-8h]
int i; // [esp+4h] [ebp-4h]
for (i = 0; i < 4; ++i)
{
for (j = 0; j < 4; ++j)
*(_BYTE*)(a1 + 4 * j + i) = *a2++;
}
return 0;
}//算法1
int __cdecl sub_271A60(BYTE* a1)
{ int j; // [esp+0h] [ebp-8h]
int i; // [esp+4h] [ebp-4h]
for (i = 0; i < 4; ++i)
{
for (j = 0; j < 4; ++j)
{
BYTE bTmp = a1[4 * i + j];
a1[4 * i + j] = byte_27B000[bTmp];
}
}
//for (i = 0; i < 16; ++i)
//{
// BYTE bTmp = a1[i];
// a1[i] = byte_27B000[bTmp];
//}
return 0;
}//算法1解密
int __cdecl sub_271A60_decode(BYTE* a1)
{ int j; // [esp+0h] [ebp-8h]
int i; // [esp+4h] [ebp-4h]
for (i = 0; i < 16; ++i)
{
BYTE bTmp = a1[i];
for (j = 0; j <= 0xFF; j++)
{
if (byte_27B000[j] == bTmp)
{
a1[i] = (BYTE)j;
break;
}
}
}
return 0;
}//算法2
//对称-加解密不同函数
//翻转int
static int sub_271AE0_decode_reverse_int(int value)
{ int new_value = 0;
*(BYTE*)((BYTE*)&new_value + 3) = *(BYTE*)((BYTE*)&value + 0);
*(BYTE*)((BYTE*)&new_value + 2) = *(BYTE*)((BYTE*)&value + 1);
*(BYTE*)((BYTE*)&new_value + 1) = *(BYTE*)((BYTE*)&value + 2);
*(BYTE*)((BYTE*)&new_value + 0) = *(BYTE*)((BYTE*)&value + 3);
return new_value;
}int __cdecl sub_271AE0_decode(BYTE* data)
{ int data2[4] = { 0 };
data2[0] = *(int*)&data[0];
data2[1] = sub_271AE0_decode_reverse_int((sub_271AE0_decode_reverse_int(*(int*)&data[4]) << 8) | ((sub_271AE0_decode_reverse_int(*(int*)&data[4]) >> 24) & 0x000000FF));
data2[2] = sub_271AE0_decode_reverse_int((sub_271AE0_decode_reverse_int(*(int*)&data[8]) << 16) | ((sub_271AE0_decode_reverse_int(*(int*)&data[8]) >> 16) & 0x0000FFFF));
data2[3] = sub_271AE0_decode_reverse_int((sub_271AE0_decode_reverse_int(*(int*)&data[12]) << 24) | ((sub_271AE0_decode_reverse_int(*(int*)&data[12]) >> 8) & 0x00FFFFFF));
memcpy(data, data2, 16);
return 0;
}//算法3
char __cdecl sub_271D50(unsigned __int8 a1, char a2){ int v3; // [esp+10h] [ebp-24h]
int i; // [esp+14h] [ebp-20h]
char v5; // [esp+1Bh] [ebp-19h]
v5 = 0;
//printf("%x %x\n", a1, a2);
for (i = 0; i < 8; ++i)
{
if ((a1 & 1) != 0) //如果a1最后一位是1 只存在3种清空 1 2 3 01 10 11
v5 ^= a2;
v3 = a2 & 0x80; // > 0x80 就 *2^0x1B < 0x80就*2
a2 *= 2;
if (v3)
a2 ^= 0x1Bu;
a1 >>= 1;
}
//printf("%x\n", v5);
return v5;
}int __cdecl sub_271E50(BYTE* a1)
{ char v1; // bl
char v2; // bl
char v3; // bl
int l; // [esp+Ch] [ebp-40h]
int k; // [esp+10h] [ebp-3Ch]
int j; // [esp+14h] [ebp-38h]
int i; // [esp+18h] [ebp-34h]
char v9[44]; // [esp+20h] [ebp-2Ch] BYREF
v9[0] = 2;
v9[1] = 3;
v9[2] = 1;
v9[3] = 1;
v9[4] = 1;
v9[5] = 2;
v9[6] = 3;
v9[7] = 1;
v9[8] = 1;
v9[9] = 1;
v9[0xA] = 2;
v9[0xB] = 3;
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
最后于 2022-6-1 10:53
被wx_孤城编辑
,原因:
|
|
|---|---|
