请大家来研究一下这份代码.是关于算法的.-软件逆向-看雪-安全社区|安全招聘|kanxue.com

最新回复 (6)
细荣雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 16 粉丝 0 关注私信	细荣 2 楼 #include <stdio.h> #include <stdlib.h> #include <sys/stat.h> #include <windows.h> #include <wincrypt.h> #include <winsock.h> #define KEY "ectGameMon" #define SIGN1 0x32812622 #define SIGN2 0x32812621 #define PUBKEY "\x06\x02\x00\x00\x00\x24\x00\x00\x52\x53\x41\x31\x00\x02\x00\x00" \ "\x01\x00\x01\x00\xFB\xE3\xFC\x09\xAF\xAE\x65\x8C\x96\x4C\xC5\x37" \ "\xD2\xA4\x77\xE7\x4C\x41\xC2\xCF\xF2\xFE\x2D\x9C\x80\x94\x0C\x88" \ "\x6D\xB3\x84\x9F\x8C\x22\xA0\xC9\xCD\xC0\xAB\x30\x65\x82\x42\x3C" \ "\xEE\x3C\xA8\xB7\x11\xD6\x22\xFA\xFB\x23\xF7\x72\xCD\xE7\xD0\x6F" \ "\x6A\x8E\x96\xE3" void std_err(int type); int main(int argc, char argv[]) { FILE fd; struct stat xstat; HCRYPTPROV hProv; HCRYPTHASH hHash; HCRYPTKEY hKey; DWORD len; u_int buffsz; u_char buff, input, output, filename, signature; struct gameguard_header { u_int sign1; u_int filename_size; u_int signature_size; u_int sign2; } gh = NULL; setbuf(stdout, NULL); fputs("\n\n", stdout); if(argc < 3) { printf("\n" "Usage: %s <input_file> <output_file>\n" "\n", argv[0]); exit(1); } input = argv[1]; output = argv[2]; printf("- open input file: %s\n", input); fd = fopen(input, "rb"); if(!fd) std_err(0); fstat(fileno(fd), &xstat); buffsz = xstat.st_size; printf(" filesize: %u\n", buffsz); buff = malloc(buffsz); if(!buff) std_err(0); len = fread(buff, 1, buffsz, fd); fclose(fd); len -= sizeof(struct gameguard_header); gh = (struct gameguard_header )(buff + len); len -= (gh->filename_size + gh->signature_size); if((gh->sign1 != SIGN1) \|\| (gh->sign2 != SIGN2)) { printf("\n" "Alert: the signs in the file don't match the default signs, I try to continue:\n" " 0x%08x (should be 0x%08x) and 0x%08x (should be 0x%08x)\n" "\n", gh->sign1, SIGN1, gh->sign2, SIGN2); } filename = buff + len; printf("- built-in filename: %s\n", filename); signature = buff + len + gh->filename_size; if(!CryptAcquireContext( &hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) std_err(1); / VERIFY SIGNATURE / fputs("- verify signature:", stdout); if(!CryptCreateHash( hProv, CALG_MD5, 0, 0, &hHash)) std_err(1); if(!CryptImportKey( hProv, PUBKEY, sizeof(PUBKEY) - 1, 0, 0, &hKey)) std_err(1); if(!CryptHashData( hHash, buff, len + gh->filename_size, 0)) std_err(1); if(!CryptVerifySignature( hHash, signature, gh->signature_size, hKey, NULL, 0)) { fputs(" WRONG!\n", stdout); } else { fputs(" OK\n", stdout); } CryptDestroyKey(hKey); CryptDestroyHash(hHash); / DECRYPT DATA */ if(!CryptCreateHash( hProv, CALG_MD5, 0, 0, &hHash)) std_err(1); if(!CryptHashData( hHash, KEY, sizeof(KEY) - 1, 0)) std_err(1); if(!CryptDeriveKey( hProv, CALG_RC4, hHash, 0, &hKey)) std_err(1); if(!CryptDecrypt( hKey, 0, TRUE, 0, buff, &len)) std_err(1); printf("- write output file: %s\n", output); fd = fopen(output, "wb"); if(!fd) std_err(0); fwrite(buff, len, 1, fd); fclose(fd); CryptDestroyKey(hKey); CryptDestroyHash(hHash); CryptReleaseContext(hProv, 0); free(buff); fputs("- Finished\n", stdout); return(0); } void std_err(int type) { if(type) { printf("\n" "Error: error during the usage of the cryptography (0x%lx)\n" " If you received a sign error before means this is not a valid GameGuard\n" " INI file\n" "\n", GetLastError()); } else { perror("\nError"); } exit(1); } 2007-10-2 18:07 0
十三少雪币： 226 活跃值： (15) 能力值： ( LV6，RANK：90 ) 在线值：发帖 10 回帖 402 粉丝 1 关注私信	十三少 2 3 楼很强大，谁逆的吧。 2007-10-2 18:09 0
foresee 雪币： 222 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 6 回帖 153 粉丝 0 关注私信	foresee 2 4 楼搞奇迹游戏的细荣也跑这儿来了，呵呵 2007-10-2 19:30 0
细荣雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 16 粉丝 0 关注私信	细荣 5 楼楼上的兄弟.有没什么思路.? 2007-10-2 20:47 0
goodcode 雪币： 67 活跃值： (66) 能力值： ( LV7，RANK：100 ) 在线值：发帖 19 回帖 289 粉丝 2 关注私信	goodcode 2 6 楼 np 有几个文件都是用了数字签名好像gamemon本身也是如此 2007-10-2 23:40 0
forgot 雪币： 6075 活跃值： (2236) 能力值： (RANK：1060 ) 在线值：发帖 155 回帖 3771 粉丝 16 关注私信	forgot 26 7 楼难道是传说中的ini 2007-10-4 22:45 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

细荣

雪币： 200

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

1

回帖

16

粉丝

0

关注

私信

细荣: 2 楼

#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <windows.h>
#include <wincrypt.h>
#include <winsock.h>

#define KEY    "ectGameMon"
#define SIGN1 0x32812622
#define SIGN2 0x32812621
#define PUBKEY  "\x06\x02\x00\x00\x00\x24\x00\x00\x52\x53\x41\x31\x00\x02\x00\x00" \
            "\x01\x00\x01\x00\xFB\xE3\xFC\x09\xAF\xAE\x65\x8C\x96\x4C\xC5\x37" \
            "\xD2\xA4\x77\xE7\x4C\x41\xC2\xCF\xF2\xFE\x2D\x9C\x80\x94\x0C\x88" \
            "\x6D\xB3\x84\x9F\x8C\x22\xA0\xC9\xCD\xC0\xAB\x30\x65\x82\x42\x3C" \
            "\xEE\x3C\xA8\xB7\x11\xD6\x22\xFA\xFB\x23\xF7\x72\xCD\xE7\xD0\x6F" \
            "\x6A\x8E\x96\xE3"

void std_err(int type);

int main(int argc, char *argv[]) {
FILE       *fd;
struct stat xstat;
HCRYPTPROV  hProv;
HCRYPTHASH  hHash;
HCRYPTKEY hKey;
DWORD    len;
u_int    buffsz;
u_char    *buff,
            *input,
            *output,
            *filename,
            *signature;

struct gameguard_header {
      u_int  sign1;
      u_int  filename_size;
      u_int  signature_size;
      u_int  sign2;
} *gh = NULL;

setbuf(stdout, NULL);

fputs("\n\n", stdout);

if(argc < 3) {
      printf("\n"
         "Usage: %s <input_file> <output_file>\n"
         "\n", argv[0]);
      exit(1);
}

input  = argv[1];
output = argv[2];

printf("- open input file:    %s\n", input);
fd = fopen(input, "rb");
if(!fd) std_err(0);

fstat(fileno(fd), &xstat);
buffsz = xstat.st_size;
printf("  filesize:          %u\n", buffsz);

buff = malloc(buffsz);
if(!buff) std_err(0);
len = fread(buff, 1, buffsz, fd);
fclose(fd);

len -= sizeof(struct gameguard_header);
gh = (struct gameguard_header *)(buff + len);
len -= (gh->filename_size + gh->signature_size);

if((gh->sign1 != SIGN1) ||
   (gh->sign2 != SIGN2)) {
      printf("\n"
         "Alert: the signs in the file don't match the default signs, I try to continue:\n"
         "    0x%08x (should be 0x%08x) and 0x%08x (should be 0x%08x)\n"
         "\n",
         gh->sign1, SIGN1,
         gh->sign2, SIGN2);
}

filename  = buff + len;
printf("- built-in filename: %s\n", filename);
signature = buff + len + gh->filename_size;

if(!CryptAcquireContext(
      &hProv,
      NULL,
      MS_DEF_PROV,
      PROV_RSA_FULL,
      CRYPT_VERIFYCONTEXT)) std_err(1);

         /* VERIFY SIGNATURE */

fputs("- verify signature:", stdout);

if(!CryptCreateHash(
      hProv,
      CALG_MD5,
      0,
      0,
      &hHash)) std_err(1);

if(!CryptImportKey(
      hProv,
      PUBKEY,
      sizeof(PUBKEY) - 1,
      0,
      0,
      &hKey)) std_err(1);

if(!CryptHashData(
      hHash,
      buff,
      len + gh->filename_size,
      0)) std_err(1);

if(!CryptVerifySignature(
      hHash,
      signature,
      gh->signature_size,
      hKey,
      NULL,
      0)) {
      fputs(" WRONG!\n", stdout);
} else {
      fputs(" OK\n", stdout);
}

CryptDestroyKey(hKey);
CryptDestroyHash(hHash);

         /* DECRYPT DATA */

if(!CryptCreateHash(
      hProv,
      CALG_MD5,
      0,
      0,
      &hHash)) std_err(1);

if(!CryptHashData(
      hHash,
      KEY,
      sizeof(KEY) - 1,
      0)) std_err(1);

if(!CryptDeriveKey(
      hProv,
      CALG_RC4,
      hHash,
      0,
      &hKey)) std_err(1);

if(!CryptDecrypt(
      hKey,
      0,
      TRUE,
      0,
      buff,
      &len)) std_err(1);

printf("- write output file: %s\n", output);
fd = fopen(output, "wb");
if(!fd) std_err(0);
fwrite(buff, len, 1, fd);
fclose(fd);

CryptDestroyKey(hKey);
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, 0);
free(buff);
fputs("- Finished\n", stdout);
return(0);
}

void std_err(int type) {
if(type) {
      printf("\n"
         "Error: error during the usage of the cryptography (0x%lx)\n"
         "    If you received a sign error before means this is not a valid GameGuard\n"
         "    INI file\n"
         "\n", GetLastError());
} else {
      perror("\nError");
}
exit(1);
}

2007-10-2 18:07

0