首页
社区
课程
招聘
XXTEA算法逆向
发表于: 2022-11-28 22:27 7427

XXTEA算法逆向

2022-11-28 22:27
7427

逆向某个文件加密算法,一直不知道是什么算法,此处附上解密过程

 

1、密钥初始化,存放密钥的指针申请长度位16位,这里就能想到算法采用是128位加密

1
2
3
4
5
6
7
8
9
char *__cdecl sub_FDB2E0(void *Src, size_t Size)
{
  char *v3; // [esp+4Ch] [ebp-4h]
 
  v3 = (char *)malloc(0x10u);//申请存放密钥的堆栈长度
  memmove(v3, Src, Size);//拷贝密钥的字节数据
  memset(&v3[Size], 0, 16 - Size);//将后面部分清0
  return v3;
}

2、解密过程,算法中包含特殊数值,直接百度了下0x9E3779B9,https://blog.csdn.net/weixin_43360152/article/details/100603860
根据这篇文章提到了TEA算法,然后尝试TEA算法解密,最终测试出XXTEA解密成功

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
unsigned int __cdecl sub_FDB330(int *a1, unsigned int a2, int a3)
{
  unsigned int result; // eax
  int v4; // edx
  int v5; // edx
  int v6; // [esp+50h] [ebp-1Ch]
  unsigned int v7; // [esp+54h] [ebp-18h]
  int i; // [esp+5Ch] [ebp-10h]
  unsigned int v9; // [esp+60h] [ebp-Ch]
 
  v9 = *a1;
  result = 0x9E3779B9 * (0x34 / a2 + 6);
  v7 = result;
  if ( a2 != 1 )
  {
    while ( v7 )
    {
      v6 = (v7 >> 2) & 3;
      for ( i = a2 - 1; i; --i )
      {
        v4 = a1[i]
           - (((a1[i - 1] ^ *(_DWORD *)(a3 + 4 * (v6 ^ i & 3))) + (v9 ^ v7)) ^ (((16 * a1[i - 1]) ^ (v9 >> 3))
                                                                              + ((4 * v9) ^ ((unsigned int)a1[i - 1] >> 5))));
        a1[i] = v4;
        v9 = v4;
      }
      v5 = *a1
         - (((a1[a2 - 1] ^ *(_DWORD *)(a3 + 4 * v6)) + (v9 ^ v7)) ^ (((16 * a1[a2 - 1]) ^ (v9 >> 3))
                                                                   + ((4 * v9) ^ ((unsigned int)a1[a2 - 1] >> 5))));
      *a1 = v5;
      v9 = v5;
      result = v7 + 0x61C88647;
      v7 += 0x61C88647;
    }
  }
  return result;
}

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//