【文章标题】: 标准的DES算法分析详细过程
【文章作者】: 8713007
【软件名称】: DES算法示例软件
【软件大小】: 386
【下载地址】: 自己搜索下载
【加壳方式】: 无
【保护方式】: DES算法
【编写语言】: delphi6
【使用工具】: OD
【软件介绍】: DES算法示例软件
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
利用OD载入,F9运行,输入系列号:sdlingying;注册码:1234567890,点击注册,出现注册失败,利用OD查找所有参考字
符串,在其上的0045435C处下断。再次点击注册,程序被断下:
0045435C /. 55 push ebp ; 断在这里
0045435D |. 8BEC mov ebp, esp
0045435F |. 6A 00 push 0
00454361 |. 6A 00 push 0
00454363 |. 6A 00 push 0
00454365 |. 53 push ebx
00454366 |. 8BD8 mov ebx, eax
00454368 |. 33C0 xor eax, eax
0045436A |. 55 push ebp
0045436B |. 68 EA4>push 004543EA
00454370 |. 64:FF3>push dword ptr fs:[eax]
00454373 |. 64:892>mov fs:[eax], esp
00454376 |. 8D55 F>lea edx, [ebp-8]
00454379 |. 8B83 F>mov eax, [ebx+2F8]
0045437F |. E8 B4E>call 00432A38 ; 取得用户名
00454384 |. 8B45 F>mov eax, [ebp-8]
00454387 |. 8D4D F>lea ecx, [ebp-4]
0045438A |. BA 004>mov edx, 00454400 ; 字符串ksaiy入edx
0045438F |. E8 D0F>call 00454264 ; 算法Call F7跟进
00454394 |. 8B45 F>mov eax, [ebp-4] ; 此处明码
00454397 |. 50 push eax
00454398 |. 8D55 F>lea edx, [ebp-C]
0045439B |. 8B83 F>mov eax, [ebx+2FC]
004543A1 |. E8 92E>call 00432A38
004543A6 |. 8B55 F>mov edx, [ebp-C]
004543A9 |. 58 pop eax
004543AA |. E8 950>call 00404644
004543AF |. 75 0C jnz short 004543BD
004543B1 |. B8 104>mov eax, 00454410
004543B6 |. E8 5D8>call 0042C818
/////////////////////////////////////////////////F7跟进call 00454264
00454264 /$ 55 push ebp
00454265 |. 8BEC mov ebp, esp
00454267 |. 83C4 E>add esp, -1C
0045426A |. 53 push ebx
0045426B |. 56 push esi
0045426C |. 57 push edi
0045426D |. 33DB xor ebx, ebx
0045426F |. 895D F>mov [ebp-C], ebx
00454272 |. 895D F>mov [ebp-10], ebx
00454275 |. 895D E>mov [ebp-14], ebx
00454278 |. 8BF9 mov edi, ecx
0045427A |. 8955 F>mov [ebp-8], edx
0045427D |. 8945 F>mov [ebp-4], eax
00454280 |. 8B45 F>mov eax, [ebp-4]
00454283 |. E8 600>call 004046E8
00454288 |. 8B45 F>mov eax, [ebp-8]
0045428B |. E8 580>call 004046E8
00454290 |. 33C0 xor eax, eax
00454292 |. 55 push ebp
00454293 |. 68 364>push 00454336
00454298 |. 64:FF3>push dword ptr fs:[eax]
0045429B |. 64:892>mov fs:[eax], esp
0045429E |. 8D4D F>lea ecx, [ebp-10]
004542A1 |. 8B55 F>mov edx, [ebp-8]
004542A4 |. 8B45 F>mov eax, [ebp-4]
004542A7 |. E8 D4F>call 00454080 ; 算法call F7跟进
004542AC |. 8D45 F>lea eax, [ebp-C]
004542AF |. E8 94F>call 00404248
004542B4 |. 8B45 F>mov eax, [ebp-10]
004542B7 |. E8 440>call 00404500
004542BC |. 8BD8 mov ebx, eax
004542BE |. 4B dec ebx
004542BF |. 85DB test ebx, ebx
004542C1 |. 7C 4E jl short 00454311
004542C3 |. 43 inc ebx
004542C4 |. 33F6 xor esi, esi
004542C6 |> 8D45 E>/lea eax, [ebp-14]
004542C9 |. 50 |push eax ; /Arg1
004542CA |. 8B45 F>|mov eax, [ebp-10] ; |
004542CD |. 0FB604>|movzx eax, byte ptr [eax+esi] ; |
004542D1 |. 8945 E>|mov [ebp-1C], eax ; |
004542D4 |. C645 E>|mov byte ptr [ebp-18], 0 ; |
004542D8 |. 8D55 E>|lea edx, [ebp-1C] ; |
004542DB |. 33C9 |xor ecx, ecx ; |
004542DD |. B8 4C4>|mov eax, 0045434C ; |ASCII "%x"
004542E2 |. E8 654>|call 00408F4C ; \Des.00408F4C
004542E7 |. 8B45 E>|mov eax, [ebp-14]
004542EA |. E8 110>|call 00404500
004542EF |. 48 |dec eax
004542F0 |. 75 10 |jnz short 00454302
004542F2 |. 8D45 E>|lea eax, [ebp-14]
004542F5 |. 8B4D E>|mov ecx, [ebp-14]
004542F8 |. BA 584>|mov edx, 00454358
004542FD |. E8 4A0>|call 0040454C
00454302 |> 8D45 F>|lea eax, [ebp-C]
00454305 |. 8B55 E>|mov edx, [ebp-14]
00454308 |. E8 FB0>|call 00404508
0045430D |. 46 |inc esi
0045430E |. 4B |dec ebx
0045430F |.^ 75 B5 \jnz short 004542C6
00454311 |> 8BC7 mov eax, edi
00454313 |. 8B55 F>mov edx, [ebp-C]
00454316 |. E8 81F>call 0040429C
0045431B |. 33C0 xor eax, eax
0045431D |. 5A pop edx
0045431E |. 59 pop ecx
0045431F |. 59 pop ecx
00454320 |. 64:891>mov fs:[eax], edx
00454323 |. 68 3D4>push 0045433D
00454328 |> 8D45 E>lea eax, [ebp-14]
0045432B |. BA 050>mov edx, 5
00454330 |. E8 37F>call 0040426C
00454335 \. C3 retn
00454336 .^ E9 35F>jmp 00403C70
0045433B .^ EB EB jmp short 00454328
0045433D . 5F pop edi
0045433E . 5E pop esi
0045433F . 5B pop ebx
00454340 . 8BE5 mov esp, ebp
00454342 . 5D pop ebp
00454343 . C3 retn
//////////////////////////////////////////////F7跟进call 00454080
00454080 /$ 55 push ebp
00454081 |. 8BEC mov ebp, esp
00454083 |. 83C4 C>add esp, -34
00454086 |. 53 push ebx
00454087 |. 56 push esi
00454088 |. 33DB xor ebx, ebx
0045408A |. 895D C>mov [ebp-34], ebx
0045408D |. 895D D>mov [ebp-28], ebx
00454090 |. 894D F>mov [ebp-C], ecx
00454093 |. 8955 F>mov [ebp-8], edx
00454096 |. 8945 F>mov [ebp-4], eax
00454099 |. 8B45 F>mov eax, [ebp-4]
0045409C |. E8 470>call 004046E8
004540A1 |. 8B45 F>mov eax, [ebp-8]
004540A4 |. E8 3F0>call 004046E8
004540A9 |. 33C0 xor eax, eax
004540AB |. 55 push ebp
004540AC |. 68 1D4>push 0045421D
004540B1 |. 64:FF3>push dword ptr fs:[eax]
004540B4 |. 64:892>mov fs:[eax], esp
004540B7 |. 8B45 F>mov eax, [ebp-4]
004540BA |. E8 410>call 00404500 ; 取得系列号的长度小于0跳走
004540BF |. 85C0 test eax, eax
004540C1 |. 7E 28 jle short 004540EB
004540C3 |. 8B45 F>mov eax, [ebp-4]
004540C6 |. E8 350>call 00404500
004540CB |. 8B55 F>mov edx, [ebp-4]
004540CE |. 807C02>cmp byte ptr [edx+eax-1], 0 ; 系列号最后一个字符的Ascii与0比较
004540D3 75 16 jnz short 004540EB ; 若为0则出错
004540D5 B9 344>mov ecx, 00454234 ; ASCII "Error: the last char is NULL char."
004540DA |. B2 01 mov dl, 1
004540DC |. A1 F87>mov eax, [4074F8]
004540E1 |. E8 765>call 00409D5C
004540E6 |. E8 BDF>call 00403CA8
004540EB |> 8B45 F>mov eax, [ebp-8] ; 字符串ksaiy入eax
004540EE |. E8 0D0>call 00404500 ; 取得字符串长度
004540F3 |. 83F8 0>cmp eax, 8
004540F6 |. 7D 2B jge short 00454123 ; 大于8跳走
004540F8 |. EB 0D jmp short 00454107
004540FA |> 8D45 F>/lea eax, [ebp-8]
004540FD |. BA 604>|mov edx, 00454260
00454102 |. E8 010>|call 00404508
00454107 |> 8B45 F> mov eax, [ebp-8]
0045410A |. E8 F10>|call 00404500 ; 取得系列号长度
0045410F |. 83F8 0>|cmp eax, 8
00454112 |.^ 7C E6 \jl short 004540FA ; 这个循环比较密匙是否为8位,不足用0补充
00454114 |. EB 0D jmp short 00454123
00454116 |> 8D45 F>/lea eax, [ebp-4]
00454119 |. BA 604>|mov edx, 00454260
0045411E |. E8 E50>|call 00404508 ; 在系列号后补0
00454123 |> 8B45 F> mov eax, [ebp-4] ; 系列号入eax
00454126 |. E8 D50>|call 00404500 ; 取得系列号长度
0045412B |. 25 070>|and eax, 80000007 ; 相当于除以8余数入eax
00454130 |. 79 05 |jns short 00454137 ; 余数不为0跳走
00454132 |. 48 |dec eax
00454133 |. 83C8 F>|or eax, FFFFFFF8
00454136 |. 40 |inc eax
00454137 |> 85C0 |test eax, eax
00454139 |.^ 75 DB \jnz short 00454116 ; 若余数不为0则在系列号后补0直到为0
0045413B |. 33DB xor ebx, ebx
0045413D |. 8D45 D>lea eax, [ebp-24]
00454140 |> 8B55 F>/mov edx, [ebp-8]
00454143 |. 8A141A |mov dl, [edx+ebx]
00454146 |. 8810 |mov [eax], dl
00454148 |. 43 |inc ebx
00454149 |. 40 |inc eax
0045414A |. 83FB 0>|cmp ebx, 8
0045414D |.^ 75 F1 \jnz short 00454140 ; 这个循环是将8位密匙保存
0045414F |. 6A 0F push 0F ; /Arg1 = 0000000F
00454151 |. B9 4C7>mov ecx, 00457C4C ; |
00454156 |. 8D45 D>lea eax, [ebp-24] ; |
00454159 |. BA 070>mov edx, 7 ; |
0045415E |. E8 EDF>call 00453C50 ; \关键call, F7跟进
00454163 |. 8D45 D>lea eax, [ebp-28]
00454166 |. E8 DD0>call 00404248
0045416B |. 8B45 F>mov eax, [ebp-4]
0045416E |. E8 8D0>call 00404500
00454173 |. 85C0 test eax, eax
00454175 |. 79 03 jns short 0045417A
00454177 |. 83C0 0>add eax, 7
0045417A |> C1F8 0>sar eax, 3
////////////////////////////////////////F7跟进call 00453C50
00453C50 /$ 55 push ebp
00453C51 |. 8BEC mov ebp, esp
00453C53 |. 83C4 E>add esp, -1C
00453C56 |. 53 push ebx
00453C57 |. 56 push esi
00453C58 |. 57 push edi
00453C59 |. 8BDA mov ebx, edx
00453C5B |. 85DB test ebx, ebx
00453C5D |. 78 0A js short 00453C69
00453C5F |. C1EB 0>shr ebx, 2
00453C62 |> 8B3498 /mov esi, [eax+ebx*4]
00453C65 |. 4B |dec ebx
00453C66 |. 56 |push esi
00453C67 |.^ 79 F9 \jns short 00453C62
00453C69 |> 8BC4 mov eax, esp
00453C6B |. 894D F>mov [ebp-4], ecx
00453C6E |. 8D75 F>lea esi, [ebp-B]
00453C71 |. 6A 06 push 6 ; /Arg1 = 00000006
00453C73 |. 8BCE mov ecx, esi ; |
00453C75 |. E8 46F>call 00453AC0 ; \关键call, F7跟进
///////////////////////////////////////////////////F7跟进call 00453AC0
00453AC0 /$ 55 push ebp
00453AC1 |. 8BEC mov ebp, esp
00453AC3 |. 83C4 F>add esp, -8
00453AC6 |. 53 push ebx
00453AC7 |. 56 push esi
00453AC8 |. 8BDA mov ebx, edx
00453ACA |. 85DB test ebx, ebx
00453ACC |. 78 0A js short 00453AD8
00453ACE |. C1EB 0>shr ebx, 2
00453AD1 |> 8B3498 /mov esi, [eax+ebx*4]
00453AD4 |. 4B |dec ebx
00453AD5 |. 56 |push esi
00453AD6 |.^ 79 F9 \jns short 00453AD1
00453AD8 |> 8BC4 mov eax, esp
00453ADA |. 894D F>mov [ebp-8], ecx
00453ADD |. 8945 F>mov [ebp-4], eax
00453AE0 |. 8B45 F>mov eax, [ebp-8]
00453AE3 |. 33C9 xor ecx, ecx
00453AE5 |. BA 070>mov edx, 7
00453AEA |. E8 01F>call 00402DF0
00453AEF |. 33D2 xor edx, edx
00453AF1 |. B8 A45>mov eax, 00455FA4
00453AF6 |> 8A18 /mov bl, [eax] ; 设eax为指向这个数组的指针A
00453AF8 |. 8BCB |mov ecx, ebx ; //temp=A 以下的操作实质bit操作
00453AFA |. 80E1 0>|and cl, 7 ; A and 7
00453AFD |. 81E1 F>|and ecx, 0FF
00453B03 |. 51 |push ecx
00453B04 |. B9 070>|mov ecx, 7
00453B09 |. 5E |pop esi
00453B0A |. 2BCE |sub ecx, esi ; 7-temp and 7
00453B0C |. BE 010>|mov esi, 1
00453B11 |. D3E6 |shl esi, cl ; //需要将0x00000001向左移(7-edx and 7)位
00453B13 |. 33C9 |xor ecx, ecx
00453B15 |. 8ACB |mov cl, bl
00453B17 |. C1E9 0>|shr ecx, 3 ; 右移三位(相当于除以8)
00453B1A |. 8B5D F>|mov ebx, [ebp-4] ; 这里是"ksaiy000" //得到字符串ksaiy000第ecx位的byte的值
00453B1D |. 0FB60C>|movzx ecx, byte ptr [ebx+ecx] ; //得到第(A)bit的值
00453B21 |. 23F1 |and esi, ecx ; //用来判断第(A)位的bit值是否为0
00453B23 |. 74 1D |je short 00453B42 ; //如果是0就跳走
00453B25 |. 8BCA |mov ecx, edx ; //不为0就将edx位置1
00453B27 |. 83E1 0>|and ecx, 7
00453B2A |. 51 |push ecx
00453B2B |. B9 070>|mov ecx, 7
00453B30 |. 5B |pop ebx
00453B31 |. 2BCB |sub ecx, ebx
00453B33 |. B3 01 |mov bl, 1
00453B35 |. D2E3 |shl bl, cl
00453B37 |. 8BCA |mov ecx, edx
00453B39 |. C1E9 0>|shr ecx, 3
00453B3C |. 8B75 F>|mov esi, [ebp-8]
00453B3F |. 081C0E |or [esi+ecx], bl ; //第edx位置1,并将其保存
00453B42 |> 42 |inc edx ; edx为计数器
00453B43 |. 40 |inc eax
00453B44 |. 83FA 3>|cmp edx, 38
00453B47 |.^ 75 AD \jnz short 00453AF6 ; //计数器为56就停止
00453B49 |. 8B75 F>mov esi, [ebp-10]
00453B4C |. 8B5D F>mov ebx, [ebp-C]
00453B4F |. 8BE5 mov esp, ebp
00453B51 |. 5D pop ebp
00453B52 \. C2 040>retn 4 ; 返回到 00453C7A
///////////////////////////////////////////////////////////////////
说明,作者此处的运算是这样进行的,先用字符串“ksaiy000”
110101101110011011000010110100101111001000000000000000000000000
相当于2进制数组a[8][8],要判断第i位是否为0,那就
先取第i/8组,a[i/8][?],然后再来取这个'?'的值,?就是i mod 8了,也可以用i & 0x7实现,判断的时候,
先取得a[i/8]这8bit数据,然后将 0x1左移i&0x7bit,就可以通过和a[i/8]的这8bit数据的第i&0x7位相与来判断是否为0,
若不为为,则填充一个数组(设为Y)Y[i mod 8]位为1
///////////////////////////////////////////////////////
00453C7A |. 8A06 mov al, [esi] ; 返回在这里
00453C7C |. 33D2 xor edx, edx
00453C7E |. 8AD0 mov dl, al
00453C80 |. C1EA 0>shr edx, 4
00453C83 |. 8855 F>mov [ebp-F], dl ; Y的第一位右移4位保存
00453C86 |. C1E0 0>shl eax, 4
00453C89 |. 8A56 0>mov dl, [esi+1]
00453C8C |. 33C9 xor ecx, ecx
00453C8E |. 8ACA mov cl, dl
00453C90 |. C1E9 0>shr ecx, 4
00453C93 |. 0AC1 or al, cl
00453C95 |. 8845 F>mov [ebp-E], al ; Y的1位右移4位保存 or Y的第2位右移4位保存
00453C98 |. C1E2 0>shl edx, 4
00453C9B |. 8A46 0>mov al, [esi+2]
00453C9E |. 33C9 xor ecx, ecx
00453CA0 |. 8AC8 mov cl, al
00453CA2 |. C1E9 0>shr ecx, 4
00453CA5 |. 0AD1 or dl, cl
00453CA7 |. 8855 F>mov [ebp-D], dl ; Y的2位右移4位保存 or Y的第3位右移4位保存
00453CAA |. C1E0 0>shl eax, 4
00453CAD |. 8A56 0>mov dl, [esi+3]
00453CB0 |. 33C9 xor ecx, ecx
00453CB2 |. 8ACA mov cl, dl
00453CB4 |. C1E9 0>shr ecx, 4
00453CB7 |. 0AC1 or al, cl
00453CB9 |. 8845 F>mov [ebp-C], al ; Y的3位右移4位保存 or Y的第4位右移4位保存
00453CBC |. 80E2 0>and dl, 0F
00453CBF |. 8855 E>mov [ebp-13], dl ; Y的4位 and OF保存
00453CC2 |. 8A46 0>mov al, [esi+4]
00453CC5 |. 8845 E>mov [ebp-12], al ; Y的第5位保存
00453CC8 |. 8A46 0>mov al, [esi+5]
00453CCB |. 8845 E>mov [ebp-11], al ; Y的第5位保存
00453CCE |. 8A46 0>mov al, [esi+6]
00453CD1 |. 8845 F>mov [ebp-10], al ; Y的第5位保存
00453CD4 |. BF 100>mov edi, 10 ; 这一部分是将置换后得到的56bit密钥分成2部分,一部分28bit
00453CD9 |. BB 0C6>mov ebx, 0045600C ; 0045600c处的数据正好是DES的子密钥产生过程需要的每轮旋转数
///////////////////////////////////////////////////////////////////////////
0045600C 01 01 02 02 02 02 02 02 01 02 02 02 02 02 02 01
////////////////////////////////////////////////////////////////////////////////
00453CDE |. 8B75 F>mov esi, [ebp-4]
00453CE1 |> 8D45 F>/lea eax, [ebp-F] ; 以下开始把前28bit置换IP
00453CE4 |. 8A0B |mov cl, [ebx]
00453CE6 |. BA 030>|mov edx, 3
00453CEB |. E8 00F>|call 00453BF0 ; 这个call负责置换
00453CF0 |. 8D45 E>|lea eax, [ebp-13] ; 以下开始把后28bit置换IP
00453CF3 |. 8A0B |mov cl, [ebx]
00453CF5 |. BA 030>|mov edx, 3
00453CFA |. E8 F1F>|call 00453BF0 ; 这个call负责置换
00453CFF |. 8A55 F>|mov dl, [ebp-F]
00453D02 |. C1E2 0>|shl edx, 4 ; //将置换完的前28位bit共7个数组的第一位左移4
00453D05 |. 8A45 F>|mov al, [ebp-E]
00453D08 |. 33C9 |xor ecx, ecx
00453D0A |. 8AC8 |mov cl, al
00453D0C |. C1E9 0>|shr ecx, 4 ; //将置换完的前28位bit共7个数组的第2位左移4
00453D0F |. 0AD1 |or dl, cl
00453D11 |. 8855 E>|mov [ebp-1A], dl ; 二者 or 后保存
00453D14 |. C1E0 0>|shl eax, 4
00453D17 |. 33D2 |xor edx, edx
00453D19 |. 8A55 F>|mov dl, [ebp-D] ; 以下部分处理相同
00453D1C |. C1EA 0>|shr edx, 4 ; 右移4位
00453D1F |. 0AC2 |or al, dl
00453D21 |. 8845 E>|mov [ebp-19], al ; //存储一下
00453D24 |. 8A55 F>|mov dl, [ebp-D]
00453D27 |. C1E2 0>|shl edx, 4 ; 左移4位
00453D2A |. 8A45 F>|mov al, [ebp-C] ; //取下一个字节
00453D2D |. 33C9 |xor ecx, ecx
00453D2F |. 8AC8 |mov cl, al
00453D31 |. C1E9 0>|shr ecx, 4
00453D34 |. 0AD1 |or dl, cl ; dl xor cl
00453D36 |. 8855 E>|mov [ebp-18], dl ; //存储一下
00453D39 |. C1E0 0>|shl eax, 4 ; //将置换完的前28位bit共7个数组的第一位左移4
00453D3C |. 0A45 E>|or al, [ebp-13] ; //将置换完的后28位bit共7个数组的第一位 or后保存
00453D3F |. 8845 E>|mov [ebp-17], al ; //将置换完的后28位bit共7个数组的第一位保存
00453D42 |. 8A45 E>|mov al, [ebp-12]
00453D45 |. 8845 E>|mov [ebp-16], al ; //将置换完的后28位bit共7个数组的第2位保存
00453D48 |. 8A45 E>|mov al, [ebp-11]
00453D4B |. 8845 E>|mov [ebp-15], al ; //将置换完的后28位bit共7个数组的3位保存
00453D4E |. 8A45 F>|mov al, [ebp-10]
00453D51 |. 8845 E>|mov [ebp-14], al ; //将置换完的后28位bit共7个数组的第4位保存
00453D54 |. 6A 05 |push 5 ; /Arg1 = 00000005
00453D56 |. 8BCE |mov ecx, esi ; |
00453D58 |. 8D45 E>|lea eax, [ebp-1A] ; |
00453D5B |. BA 060>|mov edx, 6 ; |
00453D60 |. E8 F3F>|call 00453B58 ; \//这里是从56取48的过程(F7跟进)
00453D65 |. 83C6 0>|add esi, 6
00453D68 |. 43 |inc ebx ; //这个edx就是旋转的轮数,是几就转几下
00453D69 |. 4F |dec edi
00453D6A |.^ 0F85 7>\jnz 00453CE1
00453D70 |. 8B>mov edi, [ebp-28]
00453D73 |. 8B>mov esi, [ebp-24]
00453D76 |. 8B>mov ebx, [ebp-20]
00453D79 |. 8B>mov esp, ebp
00453D7B |. 5D pop ebp
00453D7C \. C2>retn 4 返回到 00454163 (Des.00454163)
////////////////////////////////////////////////////F7跟进|call 00453B58
00453B58 /$ 55 push ebp
00453B59 |. 8BEC mov ebp, esp
00453B5B |. 83C4 F>add esp, -8
00453B5E |. 53 push ebx
00453B5F |. 56 push esi
00453B60 |. 8BDA mov ebx, edx
00453B62 |. 85DB test ebx, ebx
00453B64 |. 78 0A js short 00453B70
00453B66 |. C1EB 0>shr ebx, 2
00453B69 |> 8B3498 /mov esi, [eax+ebx*4]
00453B6C |. 4B |dec ebx
00453B6D |. 56 |push esi
00453B6E |.^ 79 F9 \jns short 00453B69
00453B70 |> 8BC4 mov eax, esp
00453B72 |. 894D F>mov [ebp-8], ecx
00453B75 |. 8945 F>mov [ebp-4], eax
00453B78 |. 8B45 F>mov eax, [ebp-8]
00453B7B |. 33C9 xor ecx, ecx
00453B7D |. BA 060>mov edx, 6
00453B82 |. E8 69F>call 00402DF0 ; 这个call是填充一个48位为0,用来保存选数
00453B87 |. 33D2 xor edx, edx
00453B89 |. B8 DC5>mov eax, 00455FDC////这也是个重要的数组
////////////////////////////////////////////////////////
00455FDC 0D 10 0A 17 00 04 02 1B 0E 05 14 09 16 12 0B 03 19 07 0F 06 1A 13 0C 01 28 33 1E 24 2E 36 1D 27
32 2C 20 2F 2B 30 26 37 21 34 2D 29 31 23 1C 1F"*/用来从56选48的...
00453B8E |> 8A18 /mov bl, [eax] ; 根据表中取一位
00453B90 |. 8BCB |mov ecx, ebx
00453B92 |. 80E1 0>|and cl, 7 ; 与7进行 and 运算
00453B95 |. 81E1 F>|and ecx, 0FF 以下的运算与00453AF6 处的运算相同
00453B9B |. 51 |push ecx 不在重复
00453B9C |. B9 070>|mov ecx, 7
00453BA1 |. 5E |pop esi
00453BA2 |. 2BCE |sub ecx, esi
00453BA4 |. BE 010>|mov esi, 1
00453BA9 |. D3E6 |shl esi, cl
00453BAB |. 33C9 |xor ecx, ecx
00453BAD |. 8ACB |mov cl, bl
00453BAF |. C1E9 0>|shr ecx, 3
00453BB2 |. 8B5D F>|mov ebx, [ebp-4]
00453BB5 |. 0FB60C>|movzx ecx, byte ptr [ebx+ecx]
00453BB9 |. 23F1 |and esi, ecx
00453BBB |. 74 1D |je short 00453BDA
00453BBD |. 8BCA |mov ecx, edx
00453BBF |. 83E1 0>|and ecx, 7
00453BC2 |. 51 |push ecx
00453BC3 |. B9 070>|mov ecx, 7
00453BC8 |. 5B |pop ebx
00453BC9 |. 2BCB |sub ecx, ebx
00453BCB |. B3 01 |mov bl, 1
00453BCD |. D2E3 |shl bl, cl
00453BCF |. 8BCA |mov ecx, edx
00453BD1 |. C1E9 0>|shr ecx, 3
00453BD4 |. 8B75 F>|mov esi, [ebp-8]
00453BD7 |. 081C0E |or [esi+ecx], bl
00453BDA |> 42 |inc edx
00453BDB |. 40 |inc eax
00453BDC |. 83FA 3>|cmp edx, 30 程序通过48次循环后
00453BDF |.^ 75 AD \jnz short 00453B8E
00453BE1 |. 8B75 F>mov esi, [ebp-10]
00453BE4 |. 8B5D F>mov ebx, [ebp-C]
00453BE7 |. 8BE5 mov esp, ebp
00453BE9 |. 5D pop ebp
00453BEA \. C2 040>retn 4 返回到 00453D65 (Des.00453D65)
//////////////////////////////////以上循环完成后程序从00453D7C00454163 |. 8D>lea eax, [ebp-28] ; 经过16次循环后来到这里
00454166 |. E8>call 00404248 ; 这个call取出扩充后的系列号长度
0045416B |. 8B>mov eax, [ebp-4]
0045416E |. E8>call 00404500
00454173 |. 85>test eax, eax
00454175 |. 79>jns short 0045417A
00454177 |. 83>add eax, 7
0045417A |> C1>sar eax, 3 ; 系列号长度除以8取得余数
0045417D |. 48 dec eax ; 余数减1
0045417E |. 85>test eax, eax
00454180 |. 7C>jl short 004541E7
00454182 |. 40 inc eax
00454183 |. 89>mov [ebp-30], eax
00454186 |. C7>mov dword ptr [ebp-2C], 0
0045418D |> 33>/xor ebx, ebx
0045418F |. 8D>|lea eax, [ebp-14]
00454192 |> 8B>|/mov edx, [ebp-2C]
00454195 |. C1>||shl edx, 3 ; edx*8
00454198 |. 03>||add edx, ebx ; ebx and ebx
0045419A |. 8B>||mov ecx, [ebp-4] ; 系列号入ecx
0045419D |. 8A>||mov dl, [ecx+edx]
004541A0 |. 88>||mov [eax], dl
004541A2 |. 43 ||inc ebx
004541A3 |. 40 ||inc eax
004541A4 |. 83>||cmp ebx, 8
004541A7 |.^ 75>|\jnz short 00454192 ; 这个循环是取系列号的前8位
004541A9 |. 8D>|lea eax, [ebp-1C]
004541AC |. 50 |push eax ; /Arg2
004541AD |. 6A>|push 7 ; |Arg1 = 00000007
004541AF |. 8D>|lea edx, [ebp-14] ; |
004541B2 |. B9>|mov ecx, 7 ; |
004541B7 |. 33>|xor eax, eax ; |
004541B9 |. E8>|call 00453EA8 ; \选数过程和初始置换相同,不再分析
004541BE |. BB>|mov ebx, 8
004541C3 |. 8D>|lea esi, [ebp-1C]
004541C6 |> 8D>|/lea eax, [ebp-34]
004541C9 |. 8A>||mov dl, [esi]
004541CB |. E8>||call 00404428
004541D0 |. 8B>||mov edx, [ebp-34]
004541D3 |. 8D>||lea eax, [ebp-28]
004541D6 |. E8>||call 00404508
004541DB |. 46 ||inc esi
004541DC |. 4B ||dec ebx
004541DD |.^ 75>|\jnz short 004541C6
004541DF |. FF>|inc dword ptr [ebp-2C]
004541E2 |. FF>|dec dword ptr [ebp-30]
004541E5 |.^ 75>\jnz short 0045418D
004541E7 |> 8B>mov eax, [ebp-C]
004541EA |. 8B>mov edx, [ebp-28]
004541ED |. E8>call 0040429C
004541F2 |. 33>xor eax, eax
004541F4 |. 5A pop edx
004541F5 |. 59 pop ecx
004541F6 |. 59 pop ecx
004541F7 |. 64>mov fs:[eax], edx
004541FA |. 68>push 00454224
004541FF |> 8D>lea eax, [ebp-34]
00454202 |. E8>call 00404248
00454207 |. 8D>lea eax, [ebp-28]
0045420A |. E8>call 00404248
0045420F |. 8D>lea eax, [ebp-8]
00454212 |. BA>mov edx, 2
00454217 |. E8>call 0040426C
0045421C \. C3 retn 返回到 00454163 (Des.00454163)
////////////////////////////////////////////////////////////////////////////
00454163 |. 8D45 D8 lea eax, [ebp-28] ; 经过16次循环后来到这里
00454166 |. E8 DD00FBFF call 00404248 ; 这个call取出扩充后的系列号长度
0045416B |. 8B45 FC mov eax, [ebp-4]
0045416E |. E8 8D03FBFF call 00404500 ; 取系列号长度
00454173 |. 85C0 test eax, eax
00454175 |. 79 03 jns short 0045417A
00454177 |. 83C0 07 add eax, 7
0045417A |> C1F8 03 sar eax, 3 ; 系列号长度除以8取得余数
0045417D |. 48 dec eax ; 余数减1
0045417E |. 85C0 test eax, eax
00454180 |. 7C 65 jl short 004541E7
00454182 |. 40 inc eax
00454183 |. 8945 D0 mov [ebp-30], eax
00454186 |. C745 D4 00000>mov dword ptr [ebp-2C], 0
0045418D |> 33DB /xor ebx, ebx
0045418F |. 8D45 EC |lea eax, [ebp-14]
00454192 |> 8B55 D4 |/mov edx, [ebp-2C]
00454195 |. C1E2 03 ||shl edx, 3 ; edx*8
00454198 |. 03D3 ||add edx, ebx ; ebx and ebx
0045419A |. 8B4D FC ||mov ecx, [ebp-4] ; 系列号入ecx
0045419D |. 8A1411 ||mov dl, [ecx+edx]
004541A0 |. 8810 ||mov [eax], dl
004541A2 |. 43 ||inc ebx
004541A3 |. 40 ||inc eax
004541A4 |. 83FB 08 ||cmp ebx, 8
004541A7 |.^ 75 E9 |\jnz short 00454192 ; 这个循环是取系列号的前8位
004541A9 |. 8D45 E4 |lea eax, [ebp-1C]
004541AC |. 50 |push eax ; /Arg2
004541AD |. 6A 07 |push 7 ; |Arg1 = 00000007
004541AF |. 8D55 EC |lea edx, [ebp-14] ; |
004541B2 |. B9 07000000 |mov ecx, 7 ; |
004541B7 |. 33C0 |xor eax, eax ; |
004541B9 |. E8 EAFCFFFF |call 00453EA8 ; \选数过程和初始置换(/F7跟进|)
////////////////////////////////////F7跟进|call 00453EA8
00453EA8 /$ 55 push ebp
00453EA9 |. 8BEC mov ebp, esp
00453EAB |. 83C4>add esp, -18
00453EAE |. 53 push ebx
00453EAF |. 56 push esi
00453EB0 |. 57 push edi
00453EB1 |. 8BD9 mov ebx, ecx
00453EB3 |. 85DB test ebx, ebx
00453EB5 |. 78 0>js short 00453EC1
00453EB7 |. C1EB>shr ebx, 2
00453EBA |> 8B34>/mov esi, [edx+ebx*4]
00453EBD |. 4B |dec ebx
00453EBE |. 56 |push esi
00453EBF |.^ 79 F>\jns short 00453EBA
00453EC1 |> 8BD4 mov edx, esp
00453EC3 |. 8955>mov [ebp-4], edx
00453EC6 |. 8BD8 mov ebx, eax
00453EC8 |. C745>mov dword ptr [ebp-8], 8
00453ECF |. 8B45>mov eax, [ebp-4]
00453ED2 |. 8B4D>mov ecx, [ebp+C]
00453ED5 |> 8A10 /mov dl, [eax]
00453ED7 |. 8811 |mov [ecx], dl
00453ED9 |. 41 |inc ecx
00453EDA |. 40 |inc eax
00453EDB |. FF4D>|dec dword ptr [ebp-8]
00453EDE |.^ 75 F>\jnz short 00453ED5 ; 这个循环取出系列号的前8位
00453EE0 |. 8B45>mov eax, [ebp+C]
00453EE3 |. 8B55>mov edx, [ebp+8]
00453EE6 |. E8 8>call 0045386C ; 初始置换IP的过程,F7跟进
00453EEB |. 84DB test bl, bl
00453EED |. 0F85>jnz 00453FA8
00453EF3 |. C745>mov dword ptr [ebp-8], 10
00453EFA |. C745>mov dword ptr [ebp-14], 00>
///////////////////////////////////////////////F7跟进call 0045386C
0045386C /$ 53 push ebx
0045386D |. 56 push esi
0045386E |. 57 push edi
0045386F |. 83C4>add esp, -8
00453872 |. 8BF0 mov esi, eax
00453874 |. 8BC4 mov eax, esp
00453876 |. 33C9 xor ecx, ecx
00453878 |. BA 0>mov edx, 8
0045387D |. E8 6>call 00402DF0
00453882 |. 33D2 xor edx, edx
00453884 |. B8 4>mov eax, 00455C44 ; 00455c44处是置换表
///////////////////////////////////////////////////////
00455C44 39 31 29 21 19 11 09 01 3B 33 2B 23 1B 13 0B 03 91)!.;3+#
00455C54 3D 35 2D 25 1D 15 0D 05 3F 37 2F 27 1F 17 0F 07 =5-%.?7/'
00455C64 38 30 28 20 18 10 08 00 3A 32 2A 22 1A 12 0A 02 80( .:2*".
00455C74 3C 34 2C 24 1C 14 0C 04 3E 36 2E 26 1E 16 0E 06 <4,$.>6.&
十进制为(57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7,
56, 48, 40, 32, 24, 16, 8, 0,
58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6 );正好是初始值置换IP
///////////////////////////////////////////////////////////////////////
00453889 |> /8A18 /mov bl, [eax] 以下的运算与00453AF6 处的运算相同
0045388B |. |8BCB |mov ecx, ebx 不再重复
0045388D |. |80E1>|and cl, 7
00453890 |. |81E1>|and ecx, 0FF
00453896 |. |51 |push ecx
00453897 |. |B9 0>|mov ecx, 7
0045389C |. |5F |pop edi
0045389D |. |2BCF |sub ecx, edi
0045389F |. |BF 0>|mov edi, 1
004538A4 |. |D3E7 |shl edi, cl
004538A6 |. |33C9 |xor ecx, ecx
004538A8 |. |8ACB |mov cl, bl
004538AA |. |C1E9>|shr ecx, 3
004538AD |. |0FB6>|movzx ecx, byte ptr [esi+ec>
004538B1 |. |23F9 |and edi, ecx
004538B3 |. |74 1>|je short 004538CF
004538B5 |. |8BCA |mov ecx, edx
004538B7 |. |83E1>|and ecx, 7
004538BA |. |51 |push ecx
004538BB |. |B9 0>|mov ecx, 7
004538C0 |. |5B |pop ebx
004538C1 |. |2BCB |sub ecx, ebx
004538C3 |. |B3 0>|mov bl, 1
004538C5 |. |D2E3 |shl bl, cl
004538C7 |. |8BCA |mov ecx, edx
004538C9 |. |C1E9>|shr ecx, 3
004538CC |. |081C>|or [esp+ecx], bl ; 得到8位byte保存
004538CF |> |42 |inc edx
004538D0 |. |40 |inc eax
004538D1 |. |83FA>|cmp edx, 40 ; 循环64次
004538D4 |.^\75 B>\jnz short 00453889
004538D6 |. BA 0>mov edx, 8 ; 8入edx
004538DB |. 8BC4 mov eax, esp
004538DD |. 8BCE mov ecx, esi
004538DF |> 8A18 /mov bl, [eax]
004538E1 |. 8819 |mov [ecx], bl
004538E3 |. 41 |inc ecx
004538E4 |. 40 |inc eax
004538E5 |. 4A |dec edx
004538E6 |.^ 75 F>\jnz short 004538DF
004538E8 |. 59 pop ecx
004538E9 |. 5A pop edx
004538EA |. 5F pop edi
004538EB |. 5E pop esi
004538EC |. 5B pop ebx
004538ED \. C3 retn ; 返回到 00453EEB (Des.00453EEB)
/////////////////////////////////////////////////////////////
00453EEB |. 84DB test bl, bl ; bl的值不同,下面的流程也不同bl=1解密,bl=0加密,
00453EED |. 0F85>jnz 00453FA8
00453EF3 |. C745>mov dword ptr [ebp-8], 10
00453EFA |. C745>mov dword ptr [ebp-14], 0045>
00453F01 |> B8 0>/mov eax, 4
00453F06 |. 8B55>|mov edx, [ebp+C]
00453F09 |. 8D75>|lea esi, [ebp-C]
00453F0C |> 8A0A |/mov cl, [edx]
00453F0E |. 880E ||mov [esi], cl
00453F10 |. 46 ||inc esi
00453F11 |. 42 ||inc edx
00453F12 |. 48 ||dec eax
00453F13 |.^ 75 F>|\jnz short 00453F0C ; 这个循环是将置换完成后的前32位bit取出保存temp
00453F15 |. B8 0>|mov eax, 4
00453F1A |. 8B55>|mov edx, [ebp+C]
00453F1D |. 83C2>|add edx, 4
00453F20 |> 8A0A |/mov cl, [edx]
00453F22 |. 884A>||mov [edx-4], cl
00453F25 |. 42 ||inc edx
00453F26 |. 48 ||dec eax
00453F27 |.^ 75 F>|\jnz short 00453F20 ; 这个循环是将置换完成后的后32位bit替代前32位bit保存temp32
00453F29 |. 6A 0>|push 5 ; /Arg3 = 00000005
00453F2B |. 8D45>|lea eax, [ebp-10] ; |
00453F2E |. 50 |push eax ; |Arg2
00453F2F |. 6A 0>|push 3 ; |Arg1 = 00000003
00453F31 |. 8B45>|mov eax, [ebp-14] ; |
00453F34 |. 8BC8 |mov ecx, eax ; |
00453F36 |. 8B45>|mov eax, [ebp+C] ; |
00453F39 |. 8B55>|mov edx, [ebp+8] ; |
00453F3C |. E8 3>|call 00453D80 ; \Des加密运算 F7跟进
/////////////////////////////////////////////////////////////////F7跟进call 00453D80
00453D80 /$ 55 push ebp
00453D81 |. 8BEC mov ebp, esp
00453D83 |. 83C4 EC add esp, -14
00453D86 |. 53 push ebx
00453D87 |. 56 push esi
00453D88 |. 8B5D 10 mov ebx, [ebp+10]
00453D8B |. 85DB test ebx, ebx
00453D8D |. 78 0A js short 00453D99
00453D8F |. C1EB 02 shr ebx, 2
00453D92 |> 8B3499 /mov esi, [ecx+ebx*4]
00453D95 |. 4B |dec ebx
00453D96 |. 56 |push esi
00453D97 |.^ 79 F9 \jns short 00453D92
00453D99 |> \8BCC mov ecx, esp
00453D9B |. 8BDA mov ebx, edx
00453D9D |. 85DB test ebx, ebx
00453D9F |. 78 0>js short 00453DAB
00453DA1 |. C1EB>shr ebx, 2
00453DA4 |> 8B34>/mov esi, [eax+ebx*4]
00453DA7 |. 4B |dec ebx
00453DA8 |. 56 |push esi
00453DA9 |.^ 79 F>\jns short 00453DA4
00453DAB |> 8BC4 mov eax, esp
00453DAD |. 894D>mov [ebp-4], ecx
00453DB0 |. 6A 0>push 5 ; /Arg1 = 00000005
00453DB2 |. 8D4D>lea ecx, [ebp-A] ; |
00453DB5 |. E8 B>call 00453974 ; \这个call将temp32由32位变成48位
00453DBA |. BB 0>mov ebx, 6 运算与00453AF6 处的运算相同
00453DBF |. 8B45>mov eax, [ebp-4]
00453DC2 |. 8D55>lea edx, [ebp-A]
00453DC5 |> /8A08 /mov cl, [eax]
00453DC7 |. |300A |xor [edx], cl ; //膨胀后与子密钥相异或
00453DC9 |. |42 |inc edx
00453DCA |. |40 |inc eax
00453DCB |. |4B |dec ebx
00453DCC |.^\75 F7 \jnz short 00453DC5
00453DCE |. 8A45 F6 mov al, [ebp-A]
00453DD1 |. 33D2 xor edx, edx
00453DD3 |. 8AD0 mov dl, al
00453DD5 |. C1EA 02 shr edx, 2
00453DD8 |. 8855 EE mov [ebp-12], dl
00453DDB |. 24 03 and al, 3
00453DDD |. C1E0 04 shl eax, 4
00453DE0 |. 8A55 F7 mov dl, [ebp-9]
00453DE3 |. 33C9 xor ecx, ecx
00453DE5 |. 8ACA mov cl, dl
00453DE7 |. C1E9 04 shr ecx, 4
00453DEA |. 0AC1 or al, cl
00453DEC |. 8845 EF mov [ebp-11], al
00453DEF |. 80E2 0F and dl, 0F
00453DF2 |. C1E2 02 shl edx, 2
00453DF5 |. 8A45 F8 mov al, [ebp-8]
00453DF8 |. 33C9 xor ecx, ecx
00453DFA |. 8AC8 mov cl, al
00453DFC |. C1E9 06 shr ecx, 6
00453DFF |. 0AD1 or dl, cl
00453E01 |. 8855 F0 mov [ebp-10], dl
00453E04 |. 24 3F and al, 3F
00453E06 |. 8845 F1 mov [ebp-F], al
00453E09 |. 8A45 F9 mov al, [ebp-7]
00453E0C |. 33D2 xor edx, edx
00453E0E |. 8AD0 mov dl, al
00453E10 |. C1EA 02 shr edx, 2
00453E13 |. 8855 F2 mov [ebp-E], dl
00453E16 |. 24 03 and al, 3
00453E18 |. C1E0 04 shl eax, 4
00453E1B |. 33D2 xor edx, edx
00453E1D |. 8A55 FA mov dl, [ebp-6]
00453E20 |. C1EA 04 shr edx, 4
00453E23 |. 0AC2 or al, dl
00453E25 |. 8845 F3 mov [ebp-D], al
00453E28 |. 8A45 FA mov al, [ebp-6]
00453E2B |. 24 0F and al, 0F
00453E2D |. C1E0 02 shl eax, 2
00453E30 |. 33D2 xor edx, edx
00453E32 |. 8A55 FB mov dl, [ebp-5]
00453E35 |. C1EA 06 shr edx, 6
00453E38 |. 0AC2 or al, dl
00453E3A |. 8845 F4 mov [ebp-C], al
00453E3D |. 8A45 FB mov al, [ebp-5]
00453E40 |. 24 3F and al, 3F
00453E42 |. 8845 F5 mov [ebp-B], al
00453E45 |. 33DB xor ebx, ebx
00453E47 |. 8D75 EE lea esi, [ebp-12] //以上是将异或后得到的数修改,因为得到的数是连贯的48bit,所以要将他们分开成为6bit一字节
00453E4A |> 8BC3 /mov eax, ebx //这里面是将上面得到那8个字节调整用来查表,(每6个用来查一个表)
00453E4C |. 8A16 |mov dl, [esi]
00453E4E |. E8 31FCFFFF |call 00453A84
00453E53 |. 8806 |mov [esi], al
00453E55 |. 43 |inc ebx
00453E56 |. 46 |inc esi
00453E57 |. 83FB 08 |cmp ebx, 8 /查8次
00453E5A |.^ 75 EE \jnz short 00453E4A
00453E5C |. BB 04000000 mov ebx, 4
00453E61 |. 8D45 EE lea eax, [ebp-12]
00453E64 |. 8D55 F6 lea edx, [ebp-A]
00453E67 |> 8A08 /mov cl, [eax]
00453E69 |. C1E1 04 |shl ecx, 4
00453E6C |. 0A48 01 |or cl, [eax+1]
00453E6F |. 880A |mov [edx], cl
00453E71 |. 42 |inc edx
00453E72 |. 83C0 02 |add eax, 2
00453E75 |. 4B |dec ebx
00453E76 |.^ 75 EF \jnz short 00453E67
00453E78 |. 8D45 F6 lea eax, [ebp-A]
00453E7B |. BA 05000000 mov edx, 5
00453E80 |. E8 7FFBFFFF call 00453A04
00453E85 |. BB 04000000 mov ebx, 4
00453E8A |. 8D45 F6 lea eax, [ebp-A]
00453E8D |. 8B55 0C mov edx, [ebp+C]
00453E90 |> 8A08 /mov cl, [eax]
00453E92 |. 880A |mov [edx], cl
00453E94 |. 42 |inc edx
00453E95 |. 40 |inc eax
00453E96 |. 4B |dec ebx
00453E97 |.^ 75 F7 \jnz short 00453E90
00453E99 |. 8B75 E4 mov esi, [ebp-1C]
00453E9C |. 8B5D E8 mov ebx, [ebp-18]
00453E9F |. 8BE5 mov esp, ebp
00453EA1 |. 5D pop ebp
00453EA2 \. C2 0C00 retn 0C ; 返回到 00453F41 (Des.00453F41)
/////////////////////////////////////////////////
00453F41 |. B8 04000000 |mov eax, 4
00453F46 |. 8D55 F4 |lea edx, [ebp-C]
00453F49 |. 8D75 F0 |lea esi, [ebp-10]
00453F4C |. 8B4D 0C |mov ecx, [ebp+C]
00453F4F |. 83C1 04 |add ecx, 4
00453F52 |> 8A1A |/mov bl, [edx] ; //经过f函数作用后,左半部分
00453F54 |. 321E ||xor bl, [esi] ; //和右半部分异或得到下一轮的右半部分
00453F56 |. 8819 ||mov [ecx], bl
00453F58 |. 41 ||inc ecx
00453F59 |. 46 ||inc esi
00453F5A |. 42 ||inc edx
00453F5B |. 48 ||dec eax
00453F5C |.^ 75 F4 |\jnz short 00453F52 ; //逐字节异或
00453F5E |. 8345 EC 06 |add dword ptr [ebp-14], 6
00453F62 |. FF4D F8 |dec dword ptr [ebp-8] ; //这是调整子密钥,每轮用的子密钥不同
00453F65 |.^ 75 9A \jnz short 00453F01 ; 循环16
下面还有一个函数是用来将得到的最后结果做初始置换的逆置换过程相同不再重复。
运算完成后将结果格式化为字符串来到
00454394 |. 8B45 FC mov eax, [ebp-4] 此处明码{如此复杂的算法居然明码,可惜}
00454397 |. 50 push eax
00454398 |. 8D55 F4 lea edx, [ebp-C]
0045439B |. 8B83 FC020000 mov eax, [ebx+2FC]
004543A1 |. E8 92E6FDFF call 00432A38
004543A6 |. 8B55 F4 mov edx, [ebp-C]
004543A9 |. 58 pop eax
004543AA |. E8 9502FBFF call 00404644
004543AF |. 75 0C jnz short 004543BD 爆破点
004543B1 |. B8 10444500 mov eax, 00454410
004543B6 |. E8 5D84FDFF call 0042C818
004543BB |. EB 0A jmp short 004543C7
004543BD |> B8 24444500 mov eax, 00454424
////////////////////////////////////
DES算法到此结束,不当之处请指正
软件在附件中
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2006年12月17日 0:00:07
[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!