彩蛋猜测过程记录
本帖最后由 yypE 于 2015-8-9 15:39 编辑这彩蛋是吾爱官方入门教学培训第五课的示例CM里头的,还得感谢@我是用户大牛;
小菜在看见有人使用PS大法成功攻破彩蛋之后才开始决定仔细看看这个蛋蛋;
由于整理水平太低,具体过程俺就不写啦~
算法入口:
待解密字符串:
解密过程:
然后再往下面走就是MessageBox了。
笔者一开始偷懒,写了个段子来列举解密KEY,这里稍微改一下贴上来:
void CJjDlg::OnButton1()
{
//一开始我并不知道解密后的字符串是“我是用户”,当时是列出了所有解密后的字符串来看,就一个正常(也就是这个带有大牛姓名的),于是就改了一下
CString result,temp;
char code = {0x8E,0xD1,0x70,0x6C,0x74,0x79,0x6D,0x7D,0x05,0x19,0xD1,0x8E};//待解密
char re = {0,0,0,0,0,0,0,0,0,0,0,0};
int n,num;
for (int i = 0;i<0xFF;i++)//THANKS
{
for (n=0;n<12;n++)
{
re=code ^ i;
}
result.Format("密钥: 0x%x 解密后: ",i);
result+=re;
if (result.Find("我是用户") != -1)
MessageBox(result);
}
}
然后提示key的值是0XBE:
接着去OD里头解密的地方给BL赋上一个值0xbe之后程序就弹正确窗儿了,因此可以确定用来解密的KEY是0XBE
下面来看看BE的来源吧,追溯到这里,发现一个累加:
累加的数值具体算法在这儿:
00403429 .E8 F2030000 call 52PoJie?00403820 ;处理ASCII
0040342E .884435 E8 mov byte ptr ss:,al
00403432 .46 inc esi
00403433 .83FE 04 cmp esi,0x4 ;4位彩蛋
00403436 .^ 7C DD jl X52PoJie?00403415
00403438 .8B45 E8 mov eax,dword ptr ss: ;处理后的ASCII码移动至EAX(-0X47后的)
0040343B .8AD4 mov dl,ah
0040343D .C0EA 04 shr dl,0x4 ;第三位 右移 4位
00403440 .80E2 03 and dl,0x3 ;第三位 与 0x3
00403443 .8AC8 mov cl,al
00403445 .C0E1 02 shl cl,0x2 ;第四位 左移 2位
00403448 .02D1 add dl,cl ;两个结果相加
0040344A .8855 E4 mov byte ptr ss:,dl ;得到第一位密码存储
0040344D .8A55 EA mov dl,byte ptr ss: ;第二位移至dl
00403450 .8ACA mov cl,dl ;cl=dl
00403452 .C0E9 02 shr cl,0x2 ;cl 右移 2位
00403455 .8AC4 mov al,ah ;第三位移至第四位
00403457 .C0E2 06 shl dl,0x6 ;dl 左移 0x6位
0040345A .0255 EB add dl,byte ptr ss: ;dl+第一位
0040345D .80E1 0F and cl,0xF ;cl 与 0xf
00403460 .C0E0 04 shl al,0x4 ;al 左移 0x4
00403463 .32C8 xor cl,al ;cl 异或 al
00403465 .884D E5 mov byte ptr ss:,cl ;cl第二位密码存储
00403468 .8855 E6 mov byte ptr ss:,dl ;dl第三位密码存储
0040346B .33DB xor ebx,ebx
0040346D .8D49 00 lea ecx,dword ptr ds:
00403470 >8B4F 10 mov ecx,dword ptr ds:
00403473 .8A541D E4 mov dl,byte ptr ss:
00403477 .83C8 FF or eax,0xFFFFFFFF
然后三位密码累加之后只要能够等于0XBE就成功解密了。
最后根据这里的算法写一个段子就行了(MFC):
CString Change(char m)
{
char nn;
nn=m;nn=m;nn=m;nn=m;
return nn;
}
void CDASFDlg::OnButton1()
{
// TODO: Add your control notification handler code here
char str={0x97,0x97,0x97,0x97};
char m_string;
int m1,m2,m3,m4;
CString re;
for(m1=97;m1<123;m1++)
{
for(m2=97;m2<123;m2++)
{
for(m3=97;m3<123;m3++)
{
for(m4=97;m4<123;m4++)
{
str=m1;str=m2;str=m3;str=m4;
char str1;
for (int i=0;i<4;i++)
str1=str-0x47;
int key1,key2,key3,sum;
key1=((str1>>4) & 0x3) + (str1<<2);
key2= ((str1>>2) & 0xf) ^ (str1<<0x4);
key3= (str1<<0x6) + str1;
key1&=0xff;
key2&=0xff;
key3&=0xff;
sum =(key1+key2+key3)&0xff;
CString temp;
temp=str;
if(sum==0xbe)
{
CString result;
result.Format("key1:%X key2:%X key3:%X sum=%X",key1,key2,key3,sum);
result+="str:";
result+=Change(str);
re+="\r\n"+result;
}
}
}
}
}
SetDlgItemText(IDC_EDIT1,re);
}
这个段子在小写字母范围内穷举彩蛋,然后小写字母范围内合格的有N个,这里列上几个吧:
key1:CE key2:56 key3:9A sum=BEstr:zlaa
key1:BE key2:66 key3:9A sum=BEstr:vmaa
key1:AE key2:76 key3:9A sum=BEstr:rnaa
key1:9E key2:86 key3:9A sum=BEstr:noaa
key1:8E key2:96 key3:9A sum=BEstr:jpaa
key1:7E key2:A6 key3:9A sum=BEstr:fqaa
key1:6E key2:B6 key3:9A sum=BEstr:braa
key1:CE key2:16 key3:DA sum=BEstr:zhba
key1:BE key2:26 key3:DA sum=BEstr:viba
key1:AE key2:36 key3:DA sum=BEstr:rjba
key1:9E key2:46 key3:DA sum=BEstr:nkba
key1:8E key2:56 key3:DA sum=BEstr:jlba
key1:7E key2:66 key3:DA sum=BEstr:fmba
key1:6E key2:76 key3:DA sum=BEstr:bnba
key1:CD key2:D7 key3:1A sum=BEstr:zdca
key1:BD key2:E7 key3:1A sum=BEstr:veca
key1:AD key2:F7 key3:1A sum=BEstr:rfca
key1:BD key2:A7 key3:5A sum=BEstr:vada
key1:AD key2:B7 key3:5A sum=BEstr:rbda
key1:9D key2:C7 key3:5A sum=BEstr:ncda
key1:8D key2:D7 key3:5A sum=BEstr:jdda
key1:7D key2:E7 key3:5A sum=BEstr:feda
key1:6D key2:F7 key3:5A sum=BEstr:bfda
key1:7D key2:A7 key3:9A sum=BEstr:faea
key1:6D key2:B7 key3:9A sum=BEstr:bbea
key1:9B key2:9 key3:1A sum=BEstr:mwka
key1:8B key2:19 key3:1A sum=BEstr:ixka
key1:7B key2:29 key3:1A sum=BEstr:eyka
key1:6B key2:39 key3:1A sum=BEstr:azka
key1:CB key2:19 key3:DA sum=BEstr:yxna
key1:BB key2:29 key3:DA sum=BEstr:uyna
key1:AB key2:39 key3:DA sum=BEstr:qzna
key1:9A key2:A key3:1A sum=BEstr:mgoa
key1:8A key2:1A key3:1A sum=BEstr:ihoa
key1:7A key2:2A key3:1A sum=BEstr:eioa
key1:6A key2:3A key3:1A sum=BEstr:ajoa
key1:CA key2:DA key3:1A sum=BEstr:ytoa
key1:BA key2:EA key3:1A sum=BEstr:uuoa
key1:AA key2:FA key3:1A sum=BEstr:qvoa
key1:CA key2:9A key3:5A sum=BEstr:yppa
key1:BA key2:AA key3:5A sum=BEstr:uqpa
key1:AA key2:BA key3:5A sum=BEstr:qrpa
key1:9A key2:CA key3:5A sum=BEstr:mspa
key1:8A key2:DA key3:5A sum=BEstr:itpa
key1:7A key2:EA key3:5A sum=BEstr:eupa
key1:6A key2:FA key3:5A sum=BEstr:avpa
key1:CA key2:5A key3:9A sum=BEstr:ylqa
key1:BA key2:6A key3:9A sum=BEstr:umqa
key1:AA key2:7A key3:9A sum=BEstr:qnqa
key1:9A key2:8A key3:9A sum=BEstr:moqa
key1:8A key2:9A key3:9A sum=BEstr:ipqa
key1:7A key2:AA key3:9A sum=BEstr:eqqa
key1:6A key2:BA key3:9A sum=BEstr:arqa
key1:CA key2:1A key3:DA sum=BEstr:yhra
key1:BA key2:2A key3:DA sum=BEstr:uira
key1:AA key2:3A key3:DA sum=BEstr:qjra
key1:9A key2:4A key3:DA sum=BEstr:mkra
key1:8A key2:5A key3:DA sum=BEstr:ilra
key1:7A key2:6A key3:DA sum=BEstr:emra
key1:6A key2:7A key3:DA sum=BEstr:anra
key1:C9 key2:DB key3:1A sum=BEstr:ydsa
key1:B9 key2:EB key3:1A sum=BEstr:uesa
key1:A9 key2:FB key3:1A sum=BEstr:qfsa
key1:B9 key2:AB key3:5A sum=BEstr:uata
key1:A9 key2:BB key3:5A sum=BEstr:qbta
key1:99 key2:CB key3:5A sum=BEstr:mcta
key1:89 key2:DB key3:5A sum=BEstr:idta
key1:79 key2:EB key3:5A sum=BEstr:eeta
key1:69 key2:FB key3:5A sum=BEstr:afta
key1:79 key2:AB key3:9A sum=BEstr:eaua
key1:69 key2:BB key3:9A sum=BEstr:abua
key1:7D key2:A6 key3:9B sum=BEstr:faab
key1:6D key2:B6 key3:9B sum=BEstr:bbab
key1:9B key2:8 key3:1B sum=BEstr:mwgb
key1:8B key2:18 key3:1B sum=BEstr:ixgb
key1:7B key2:28 key3:1B sum=BEstr:eygb
key1:6B key2:38 key3:1B sum=BEstr:azgb
key1:CB key2:18 key3:DB sum=BEstr:yxjb
key1:BB key2:28 key3:DB sum=BEstr:uyjb
key1:AB key2:38 key3:DB sum=BEstr:qzjb
key1:9A key2:9 key3:1B sum=BEstr:mgkb
key1:8A key2:19 key3:1B sum=BEstr:ihkb
key1:7A key2:29 key3:1B sum=BEstr:eikb
key1:6A key2:39 key3:1B sum=BEstr:ajkb
key1:CA key2:D9 key3:1B sum=BEstr:ytkb
key1:BA key2:E9 key3:1B sum=BEstr:uukb
key1:AA key2:F9 key3:1B sum=BEstr:qvkb
key1:CA key2:99 key3:5B sum=BEstr:yplb
key1:BA key2:A9 key3:5B sum=BEstr:uqlb
key1:AA key2:B9 key3:5B sum=BEstr:qrlb
key1:9A key2:C9 key3:5B sum=BEstr:mslb
key1:8A key2:D9 key3:5B sum=BEstr:itlb
key1:7A key2:E9 key3:5B sum=BEstr:eulb
key1:6A key2:F9 key3:5B sum=BEstr:avlb
key1:CA key2:59 key3:9B sum=BEstr:ylmb
key1:BA key2:69 key3:9B sum=BEstr:ummb
key1:AA key2:79 key3:9B sum=BEstr:qnmb
key1:9A key2:89 key3:9B sum=BEstr:momb
key1:8A key2:99 key3:9B sum=BEstr:ipmb
key1:7A key2:A9 key3:9B sum=BEstr:eqmb
key1:6A key2:B9 key3:9B sum=BEstr:armb
key1:CA key2:19 key3:DB sum=BEstr:yhnb
key1:BA key2:29 key3:DB sum=BEstr:uinb
key1:AA key2:39 key3:DB sum=BEstr:qjnb
key1:9A key2:49 key3:DB sum=BEstr:mknb
key1:8A key2:59 key3:DB sum=BEstr:ilnb
key1:7A key2:69 key3:DB sum=BEstr:emnb
key1:6A key2:79 key3:DB sum=BEstr:annb
key1:C9 key2:DA key3:1B sum=BEstr:ydob
key1:B9 key2:EA key3:1B sum=BEstr:ueob
key1:A9 key2:FA key3:1B sum=BEstr:qfob
key1:B9 key2:AA key3:5B sum=BEstr:uapb
key1:A9 key2:BA key3:5B sum=BEstr:qbpb
key1:99 key2:CA key3:5B sum=BEstr:mcpb
key1:89 key2:DA key3:5B sum=BEstr:idpb
key1:79 key2:EA key3:5B sum=BEstr:eepb
key1:69 key2:FA key3:5B sum=BEstr:afpb
key1:79 key2:AA key3:9B sum=BEstr:eaqb
key1:69 key2:BA key3:9B sum=BEstr:abqb
key1:97 key2:C key3:1B sum=BEstr:lwwb
key1:87 key2:1C key3:1B sum=BEstr:hxwb
key1:77 key2:2C key3:1B sum=BEstr:dywb
key1:C7 key2:1C key3:DB sum=BEstr:xxzb
key1:B7 key2:2C key3:DB sum=BEstr:tyzb
key1:A7 key2:3C key3:DB sum=BEstr:pzzb
key1:9B key2:7 key3:1C sum=BEstr:mwcc
key1:8B key2:17 key3:1C sum=BEstr:ixcc
key1:7B key2:27 key3:1C sum=BEstr:eycc
key1:6B key2:37 key3:1C sum=BEstr:azcc
key1:CB key2:17 key3:DC sum=BEstr:yxfc
key1:BB key2:27 key3:DC sum=BEstr:uyfc
key1:AB key2:37 key3:DC sum=BEstr:qzfc
key1:9A key2:8 key3:1C sum=BEstr:mggc
key1:8A key2:18 key3:1C sum=BEstr:ihgc
key1:7A key2:28 key3:1C sum=BEstr:eigc
key1:6A key2:38 key3:1C sum=BEstr:ajgc
key1:CA key2:D8 key3:1C sum=BEstr:ytgc
key1:BA key2:E8 key3:1C sum=BEstr:uugc
key1:AA key2:F8 key3:1C sum=BEstr:qvgc
key1:CA key2:98 key3:5C sum=BEstr:yphc
key1:BA key2:A8 key3:5C sum=BEstr:uqhc
key1:AA key2:B8 key3:5C sum=BEstr:qrhc
key1:9A key2:C8 key3:5C sum=BEstr:mshc
key1:8A key2:D8 key3:5C sum=BEstr:ithc
key1:7A key2:E8 key3:5C sum=BEstr:euhc
key1:6A key2:F8 key3:5C sum=BEstr:avhc
key1:CA key2:58 key3:9C sum=BEstr:ylic
key1:BA key2:68 key3:9C sum=BEstr:umic
key1:AA key2:78 key3:9C sum=BEstr:qnic
key1:9A key2:88 key3:9C sum=BEstr:moic
key1:8A key2:98 key3:9C sum=BEstr:ipic
key1:7A key2:A8 key3:9C sum=BEstr:eqic
key1:6A key2:B8 key3:9C sum=BEstr:aric
key1:CA key2:18 key3:DC sum=BEstr:yhjc
key1:BA key2:28 key3:DC sum=BEstr:uijc
key1:AA key2:38 key3:DC sum=BEstr:qjjc
key1:9A key2:48 key3:DC sum=BEstr:mkjc
key1:8A key2:58 key3:DC sum=BEstr:iljc
key1:7A key2:68 key3:DC sum=BEstr:emjc
key1:6A key2:78 key3:DC sum=BEstr:anjc
key1:C9 key2:D9 key3:1C sum=BEstr:ydkc
key1:B9 key2:E9 key3:1C sum=BEstr:uekc
key1:A9 key2:F9 key3:1C sum=BEstr:qfkc
key1:B9 key2:A9 key3:5C sum=BEstr:ualc
key1:A9 key2:B9 key3:5C sum=BEstr:qblc
key1:99 key2:C9 key3:5C sum=BEstr:mclc
key1:89 key2:D9 key3:5C sum=BEstr:idlc
key1:79 key2:E9 key3:5C sum=BEstr:eelc
key1:69 key2:F9 key3:5C sum=BEstr:aflc
key1:79 key2:A9 key3:9C sum=BEstr:eamc
key1:69 key2:B9 key3:9C sum=BEstr:abmc
key1:97 key2:B key3:1C sum=BEstr:lwsc
key1:87 key2:1B key3:1C sum=BEstr:hxsc
key1:77 key2:2B key3:1C sum=BEstr:dysc
key1:C7 key2:1B key3:DC sum=BEstr:xxvc
key1:B7 key2:2B key3:DC sum=BEstr:tyvc
key1:A7 key2:3B key3:DC sum=BEstr:pzvc
key1:96 key2:C key3:1C sum=BEstr:lgwc
key1:86 key2:1C key3:1C sum=BEstr:hhwc
key1:76 key2:2C key3:1C sum=BEstr:diwc
key1:C6 key2:DC key3:1C sum=BEstr:xtwc
key1:B6 key2:EC key3:1C sum=BEstr:tuwc
key1:A6 key2:FC key3:1C sum=BEstr:pvwc
key1:C6 key2:9C key3:5C sum=BEstr:xpxc
key1:B6 key2:AC key3:5C sum=BEstr:tqxc
key1:A6 key2:BC key3:5C sum=BEstr:prxc
key1:96 key2:CC key3:5C sum=BEstr:lsxc
key1:86 key2:DC key3:5C sum=BEstr:htxc
key1:76 key2:EC key3:5C sum=BEstr:duxc
key1:C6 key2:5C key3:9C sum=BEstr:xlyc
key1:B6 key2:6C key3:9C sum=BEstr:tmyc
key1:A6 key2:7C key3:9C sum=BEstr:pnyc
key1:96 key2:8C key3:9C sum=BEstr:loyc
key1:86 key2:9C key3:9C sum=BEstr:hpyc
key1:76 key2:AC key3:9C sum=BEstr:dqyc
key1:C6 key2:1C key3:DC sum=BEstr:xhzc
key1:B6 key2:2C key3:DC sum=BEstr:tizc
key1:A6 key2:3C key3:DC sum=BEstr:pjzc
key1:96 key2:4C key3:DC sum=BEstr:lkzc
key1:86 key2:5C key3:DC sum=BEstr:hlzc
key1:76 key2:6C key3:DC sum=BEstr:dmzc
key1:CB key2:16 key3:DD sum=BEstr:yxbd
key1:BB key2:26 key3:DD sum=BEstr:uybd
key1:AB key2:36 key3:DD sum=BEstr:qzbd
key1:9A key2:7 key3:1D sum=BEstr:mgcd
key1:8A key2:17 key3:1D sum=BEstr:ihcd
key1:7A key2:27 key3:1D sum=BEstr:eicd
key1:6A key2:37 key3:1D sum=BEstr:ajcd
key1:CA key2:D7 key3:1D sum=BEstr:ytcd
key1:BA key2:E7 key3:1D sum=BEstr:uucd
key1:AA key2:F7 key3:1D sum=BEstr:qvcd
key1:CA key2:97 key3:5D sum=BEstr:ypdd
key1:BA key2:A7 key3:5D sum=BEstr:uqdd
key1:AA key2:B7 key3:5D sum=BEstr:qrdd
key1:9A key2:C7 key3:5D sum=BEstr:msdd
key1:8A key2:D7 key3:5D sum=BEstr:itdd
key1:7A key2:E7 key3:5D sum=BEstr:eudd
key1:6A key2:F7 key3:5D sum=BEstr:avdd
key1:CA key2:57 key3:9D sum=BEstr:yled
key1:BA key2:67 key3:9D sum=BEstr:umed
key1:AA key2:77 key3:9D sum=BEstr:qned
key1:9A key2:87 key3:9D sum=BEstr:moed
key1:8A key2:97 key3:9D sum=BEstr:iped
key1:7A key2:A7 key3:9D sum=BEstr:eqed
key1:6A key2:B7 key3:9D sum=BEstr:ared
key1:CA key2:17 key3:DD sum=BEstr:yhfd
key1:BA key2:27 key3:DD sum=BEstr:uifd
key1:AA key2:37 key3:DD sum=BEstr:qjfd
key1:9A key2:47 key3:DD sum=BEstr:mkfd
key1:8A key2:57 key3:DD sum=BEstr:ilfd
key1:7A key2:67 key3:DD sum=BEstr:emfd
key1:6A key2:77 key3:DD sum=BEstr:anfd
key1:C9 key2:D8 key3:1D sum=BEstr:ydgd
key1:B9 key2:E8 key3:1D sum=BEstr:uegd
key1:A9 key2:F8 key3:1D sum=BEstr:qfgd
key1:B9 key2:A8 key3:5D sum=BEstr:uahd
key1:A9 key2:B8 key3:5D sum=BEstr:qbhd
key1:99 key2:C8 key3:5D sum=BEstr:mchd
key1:89 key2:D8 key3:5D sum=BEstr:idhd
key1:79 key2:E8 key3:5D sum=BEstr:eehd
key1:69 key2:F8 key3:5D sum=BEstr:afhd
key1:79 key2:A8 key3:9D sum=BEstr:eaid
key1:69 key2:B8 key3:9D sum=BEstr:abid
key1:97 key2:A key3:1D sum=BEstr:lwod
key1:87 key2:1A key3:1D sum=BEstr:hxod
key1:77 key2:2A key3:1D sum=BEstr:dyod
key1:C7 key2:1A key3:DD sum=BEstr:xxrd
key1:B7 key2:2A key3:DD sum=BEstr:tyrd
key1:A7 key2:3A key3:DD sum=BEstr:pzrd
key1:96 key2:B key3:1D sum=BEstr:lgsd
key1:86 key2:1B key3:1D sum=BEstr:hhsd
key1:76 key2:2B key3:1D sum=BEstr:disd
key1:C6 key2:DB key3:1D sum=BEstr:xtsd
key1:B6 key2:EB key3:1D sum=BEstr:tusd
key1:A6 key2:FB key3:1D sum=BEstr:pvsd
key1:C6 key2:9B key3:5D sum=BEstr:xptd
key1:B6 key2:AB key3:5D sum=BEstr:tqtd
key1:A6 key2:BB key3:5D sum=BEstr:prtd
key1:96 key2:CB key3:5D sum=BEstr:lstd
key1:86 key2:DB key3:5D sum=BEstr:httd
key1:76 key2:EB key3:5D sum=BEstr:dutd
key1:C6 key2:5B key3:9D sum=BEstr:xlud
到这里这彩蛋还感觉没玩好呢,不知道大牛设定的彩蛋字符串是啥,应该是某个有意义的字符串吧我猜{:17_1078:}
@我是用户
事实证明我是个逗比,详见大牛分析{:1_902:}
http://www.52pojie.cn/forum.php?mod=viewthread&tid=398074&page=2#pid9713791
{:1_925:}看到最后一句,笑了。。。 这个有什么用 看到好多 我来膜拜一下大阿牛! 膜拜大神
学习中~~~~~~ 不错呀,小子 ……好!厉害 谢谢楼主的无私分享 么么大 厉害!! 厉害啊....{:17_1074:}.