-
-
XXTEA算法逆向
-
发表于: 2022-11-28 22:27 7427
-
逆向某个文件加密算法,一直不知道是什么算法,此处附上解密过程
1、密钥初始化,存放密钥的指针申请长度位16位,这里就能想到算法采用是128位加密
1 2 3 4 5 6 7 8 9 | char * __cdecl sub_FDB2E0(void * Src, size_t Size) { char * v3; / / [esp + 4Ch ] [ebp - 4h ] v3 = (char * )malloc( 0x10u ); / / 申请存放密钥的堆栈长度 memmove(v3, Src, Size); / / 拷贝密钥的字节数据 memset(&v3[Size], 0 , 16 - Size); / / 将后面部分清 0 return v3; } |
2、解密过程,算法中包含特殊数值,直接百度了下0x9E3779B9,https://blog.csdn.net/weixin_43360152/article/details/100603860
根据这篇文章提到了TEA算法,然后尝试TEA算法解密,最终测试出XXTEA解密成功
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | unsigned int __cdecl sub_FDB330( int * a1, unsigned int a2, int a3) { unsigned int result; / / eax int v4; / / edx int v5; / / edx int v6; / / [esp + 50h ] [ebp - 1Ch ] unsigned int v7; / / [esp + 54h ] [ebp - 18h ] int i; / / [esp + 5Ch ] [ebp - 10h ] unsigned int v9; / / [esp + 60h ] [ebp - Ch] v9 = * a1; result = 0x9E3779B9 * ( 0x34 / a2 + 6 ); v7 = result; if ( a2 ! = 1 ) { while ( v7 ) { v6 = (v7 >> 2 ) & 3 ; for ( i = a2 - 1 ; i; - - i ) { v4 = a1[i] - (((a1[i - 1 ] ^ * (_DWORD * )(a3 + 4 * (v6 ^ i & 3 ))) + (v9 ^ v7)) ^ ((( 16 * a1[i - 1 ]) ^ (v9 >> 3 )) + (( 4 * v9) ^ ((unsigned int )a1[i - 1 ] >> 5 )))); a1[i] = v4; v9 = v4; } v5 = * a1 - (((a1[a2 - 1 ] ^ * (_DWORD * )(a3 + 4 * v6)) + (v9 ^ v7)) ^ ((( 16 * a1[a2 - 1 ]) ^ (v9 >> 3 )) + (( 4 * v9) ^ ((unsigned int )a1[a2 - 1 ] >> 5 )))); * a1 = v5; v9 = v5; result = v7 + 0x61C88647 ; v7 + = 0x61C88647 ; } } return result; } |
赞赏
他的文章
- Android C++如何获取ANDROID_ID 6317
- XXTEA算法逆向 7428
- PTRACE注入失败问题 8889
- 请教X64汇编实现异常捕获处理 8494
- [求助] rewolf-wow64ext调用GetThreadContext64的问题 10001
看原图
赞赏
雪币:
留言: