KeyGenMe 两种难度
本帖最后由 AmIzero 于 2019-5-21 11:15 编辑正确密钥
PITYTOZLOTKOZIGYHYSLUICTB
FPGAPQCTXCFHHNCAWYUCTMYPY
UPX嗯。。现在应该可以做出key maker了
easy 和 hard 算法 完全相同,只是hard加了混淆 easy除了加了upx减小体积外无任何混淆
Sound 发表于 2019-5-14 23:46
回答: 因为UP的 hard的 Rm 太牛A 牛C 不能形容,只能取AC中间的 牛B了。
版主也水贴? 回答: 因为UP的 hard的 Rm 太牛A 牛C 不能形容,只能取AC中间的 牛B了。
我也提供一个形容词:牛X 也不是不可能简单看了下 楼主上了VEH 然后调用线程抛异常 两个km的算法貌似一样,不过真的只能用牛X来形容了。hard加了大量的混淆代码,看了两眼放弃了。easy的简单很多,但也不容易啊。{:1_909:}
附keygen代码,代码有点烂{:1_909:}
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
void keygen(unsigned char* key);
void tablegen(unsigned char* key,unsigned int * out,int len);
void decrytion(unsigned char* src,unsigned int * table,int len);
int main(int argc, char const *argv[])
{
unsigned char result;
memset(result,0,0x1a);
srand((unsigned)time(NULL));
keygen(result);
printf("%s\n",result);
return 0;
}
void keygen(unsigned char* key){
unsigned char code;
unsigned int foureight;
unsigned char out ;
unsigned int* table;
unsigned char result =
{
0xf7, 0x42, 0x91, 0xf8, 0x0e, 0xac, 0xd6, 0x7a, 0x3c, 0xdd, 0x46, 0x10, 0xc3, 0xdf, 0xd1, 0x12,
0xbb, 0x00
};
for (int i = 0; i < 4; ++i)
{
code=rand() % 26 + 0x41;
}
code=0;
foureight = *(unsigned int *)code * (*(unsigned int *)code + 16 * *(unsigned int *)code + 3) + 0x3F3;
for (int i = 0; i < 4; ++i)
{
code=*((unsigned char *)&foureight +i)%0x1a+0x41;
}
code=0;
table=(unsigned int *)malloc(1024);
memset(table,0,1024);
tablegen(code,table,8);
decrytion(result,table,sizeof(result)-1);
free(table);
for(int i=0;i<sizeof(result)-1;i++){
code=result%0x1a+0x41;
}
code=0;
for (int i = 0; i < 0x1a; ++i)
{
key=code;
}
}
void tablegen(unsigned char* key,unsigned int* out,int len){
int n;
int p;
int on;
int c;
out = 255;
n=0;
do
{
out = (0x2AB * out + 0x151) % 256;
++n;
}
while ( n < 255 );
on = 0;
p = 0;
n = 0;
c = 0;
do
{
on = out;
p = (unsigned char)(p+on + *(c + key));
out = out;
out = on;
++n;
if ( ++c >= len ){
c=0;
}
}
while ( n < 256);
}
void decrytion(unsigned char* src,unsigned int * table,int len){
int p;
int n;
int tc;
int tp;
int tmp;
int c;
n=0;
c=0;
p=0;
if(len>0){
do
{
p++;
tp = table;
tc = (unsigned char)(n + tp + 1);
tmp = table;
table = tmp;
table = tp;
*(unsigned char*)(c++ + src) ^= (unsigned char)(table);
n=tc;
}
while ( c < len );
}
} 梦游枪手 发表于 2019-5-20 12:49
两个km的算法貌似一样,不过真的只能用牛X来形容了。hard加了大量的混淆代码,看了两眼放弃了。easy的简单 ...
rc4的变形+强制类型转换
int trueCheckSum = 17 * b * b + 3 * b + 1011;
byte *pTC = (byte *)&trueCheckSum;
byte *pUNK = (byte *)(buffer + 4);
for (int i = 0; i < 4; i++) {
byte s_a = (*pTC % 26 + 'A');
#ifdef testmode
printf("%c", s_a);
#else
if (s_a != *pUNK) {
goto error;
}
#endif
pTC++;
pUNK++;
} AmIzero 发表于 2019-5-21 10:59
rc4的变形+强制类型转换
int trueCheckSum = 17 * b * b + 3 * b + 1011;
byte *p ...
原来是RC4,当时感觉伪代码有点眼熟的{:1_909:} 梦游枪手 发表于 2019-5-21 11:46
原来是RC4,当时感觉伪代码有点眼熟的
void rc4_setup(struct rc4_state *s, unsigned char *key, int length)
{
int i, j, k, *m, a;
s->x = 0;
s->y = 0;
m = s->m;
m = 0xFF;
for (i = 1; i < 256; i++)
{
m = (m * 683 + 337) % 256;
}
j = k = 0;
for (i = 0; i < 256; i++)
{
a = m;
j = (unsigned char)(j + a + key);
m = m; m = a;
if (++k >= length) k = 0;
}
}
void rc4_crypt(struct rc4_state *s, unsigned char *data, int length)
{
int i, x, y, *m, a, b;
x = s->x;
y = s->y;
m = s->m;
for (i = 0; i < length; i++)
{
x = (unsigned char)(x + 1);
a = m;
y = (unsigned char)(y + a + 1);
m = b = m;
m = a;
data ^= m[(unsigned char)(a + b ^ a)];
}
s->x = x;
s->y = y;
}
页:
[1]