好友
阅读权限25
听众
最后登录1970-1-1
|
yypE
发表于 2015-8-9 15:31
本帖最后由 yypE 于 2015-8-9 15:39 编辑
这彩蛋是吾爱官方入门教学培训第五课的示例CM里头的,还得感谢@我是用户大牛;
小菜在看见有人使用PS大法成功攻破彩蛋之后才开始决定仔细看看这个蛋蛋;
由于整理水平太低,具体过程俺就不写啦~
算法入口:
待解密字符串:
解密过程:
然后再往下面走就是MessageBox了。
笔者一开始偷懒,写了个段子来列举解密KEY,这里稍微改一下贴上来:
[C++] 纯文本查看 复制代码 void CJjDlg::OnButton1()
{
//一开始我并不知道解密后的字符串是“我是用户”,当时是列出了所有解密后的字符串来看,就一个正常(也就是这个带有大牛姓名的),于是就改了一下
CString result,temp;
char code[12] = {0x8E,0xD1,0x70,0x6C,0x74,0x79,0x6D,0x7D,0x05,0x19,0xD1,0x8E};//待解密
char re[12] = {0,0,0,0,0,0,0,0,0,0,0,0};
int n,num;
for (int i = 0;i<0xFF;i++)//THANKS
{
for (n=0;n<12;n++)
{
re[n]=code[n] ^ i;
}
result.Format("密钥: 0x%x 解密后: ",i);
result+=re;
if (result.Find("我是用户") != -1)
MessageBox(result);
}
}
然后提示key的值是0XBE:
接着去OD里头解密的地方给BL赋上一个值0xbe之后程序就弹正确窗儿了,因此可以确定用来解密的KEY是0XBE
下面来看看BE的来源吧,追溯到这里,发现一个累加:
累加的数值具体算法在这儿:
[Asm] 纯文本查看 复制代码 00403429 . E8 F2030000 call 52PoJie?00403820 ; 处理ASCII
0040342E . 884435 E8 mov byte ptr ss:[ebp+esi-0x18],al
00403432 . 46 inc esi
00403433 . 83FE 04 cmp esi,0x4 ; 4位彩蛋
00403436 .^ 7C DD jl X52PoJie?00403415
00403438 . 8B45 E8 mov eax,dword ptr ss:[ebp-0x18] ; 处理后的ASCII码移动至EAX(-0X47后的)
0040343B . 8AD4 mov dl,ah
0040343D . C0EA 04 shr dl,0x4 ; 第三位 右移 4位
00403440 . 80E2 03 and dl,0x3 ; 第三位 与 0x3
00403443 . 8AC8 mov cl,al
00403445 . C0E1 02 shl cl,0x2 ; 第四位 左移 2位
00403448 . 02D1 add dl,cl ; 两个结果相加
0040344A . 8855 E4 mov byte ptr ss:[ebp-0x1C],dl ; 得到第一位密码存储
0040344D . 8A55 EA mov dl,byte ptr ss:[ebp-0x16] ; 第二位移至dl
00403450 . 8ACA mov cl,dl ; cl=dl
00403452 . C0E9 02 shr cl,0x2 ; cl 右移 2位
00403455 . 8AC4 mov al,ah ; 第三位移至第四位
00403457 . C0E2 06 shl dl,0x6 ; dl 左移 0x6位
0040345A . 0255 EB add dl,byte ptr ss:[ebp-0x15] ; dl+第一位
0040345D . 80E1 0F and cl,0xF ; cl 与 0xf
00403460 . C0E0 04 shl al,0x4 ; al 左移 0x4
00403463 . 32C8 xor cl,al ; cl 异或 al
00403465 . 884D E5 mov byte ptr ss:[ebp-0x1B],cl ; cl第二位密码存储
00403468 . 8855 E6 mov byte ptr ss:[ebp-0x1A],dl ; dl第三位密码存储
0040346B . 33DB xor ebx,ebx
0040346D . 8D49 00 lea ecx,dword ptr ds:[ecx]
00403470 > 8B4F 10 mov ecx,dword ptr ds:[edi+0x10]
00403473 . 8A541D E4 mov dl,byte ptr ss:[ebp+ebx-0x1C]
00403477 . 83C8 FF or eax,0xFFFFFFFF
然后三位密码累加之后只要能够等于0XBE就成功解密了。
最后根据这里的算法写一个段子就行了(MFC):
[C++] 纯文本查看 复制代码 CString Change(char m[4])
{
char nn[4];
nn[0]=m[3];nn[1]=m[2];nn[2]=m[1];nn[3]=m[0];
return nn;
}
void CDASFDlg::OnButton1()
{
// TODO: Add your control notification handler code here
char str[4]={0x97,0x97,0x97,0x97};
char m_string[4];
int m1,m2,m3,m4;
CString re;
for(m1=97;m1<123;m1++)
{
for(m2=97;m2<123;m2++)
{
for(m3=97;m3<123;m3++)
{
for(m4=97;m4<123;m4++)
{
str[0]=m1;str[1]=m2;str[2]=m3;str[3]=m4;
char str1[4];
for (int i=0;i<4;i++)
str1[i]=str[i]-0x47;
int key1,key2,key3,sum;
key1= ((str1[2]>>4) & 0x3) + (str1[3]<<2);
key2= ((str1[1]>>2) & 0xf) ^ (str1[2]<<0x4);
key3= (str1[1]<<0x6) + str1[0];
key1&=0xff;
key2&=0xff;
key3&=0xff;
sum =(key1+key2+key3)&0xff;
CString temp;
temp=str;
if(sum==0xbe)
{
CString result;
result.Format("key1:%X key2:%X key3:%X sum=%X",key1,key2,key3,sum);
result+=" str:";
result+=Change(str);
re+="\r\n"+result;
}
}
}
}
}
SetDlgItemText(IDC_EDIT1,re);
}
这个段子在小写字母范围内穷举彩蛋,然后小写字母范围内合格的有N个,这里列上几个吧:
[Asm] 纯文本查看 复制代码 key1:CE key2:56 key3:9A sum=BE str:zlaa
key1:BE key2:66 key3:9A sum=BE str:vmaa
key1:AE key2:76 key3:9A sum=BE str:rnaa
key1:9E key2:86 key3:9A sum=BE str:noaa
key1:8E key2:96 key3:9A sum=BE str:jpaa
key1:7E key2:A6 key3:9A sum=BE str:fqaa
key1:6E key2:B6 key3:9A sum=BE str:braa
key1:CE key2:16 key3:DA sum=BE str:zhba
key1:BE key2:26 key3:DA sum=BE str:viba
key1:AE key2:36 key3:DA sum=BE str:rjba
key1:9E key2:46 key3:DA sum=BE str:nkba
key1:8E key2:56 key3:DA sum=BE str:jlba
key1:7E key2:66 key3:DA sum=BE str:fmba
key1:6E key2:76 key3:DA sum=BE str:bnba
key1:CD key2:D7 key3:1A sum=BE str:zdca
key1:BD key2:E7 key3:1A sum=BE str:veca
key1:AD key2:F7 key3:1A sum=BE str:rfca
key1:BD key2:A7 key3:5A sum=BE str:vada
key1:AD key2:B7 key3:5A sum=BE str:rbda
key1:9D key2:C7 key3:5A sum=BE str:ncda
key1:8D key2:D7 key3:5A sum=BE str:jdda
key1:7D key2:E7 key3:5A sum=BE str:feda
key1:6D key2:F7 key3:5A sum=BE str:bfda
key1:7D key2:A7 key3:9A sum=BE str:faea
key1:6D key2:B7 key3:9A sum=BE str:bbea
key1:9B key2:9 key3:1A sum=BE str:mwka
key1:8B key2:19 key3:1A sum=BE str:ixka
key1:7B key2:29 key3:1A sum=BE str:eyka
key1:6B key2:39 key3:1A sum=BE str:azka
key1:CB key2:19 key3:DA sum=BE str:yxna
key1:BB key2:29 key3:DA sum=BE str:uyna
key1:AB key2:39 key3:DA sum=BE str:qzna
key1:9A key2:A key3:1A sum=BE str:mgoa
key1:8A key2:1A key3:1A sum=BE str:ihoa
key1:7A key2:2A key3:1A sum=BE str:eioa
key1:6A key2:3A key3:1A sum=BE str:ajoa
key1:CA key2:DA key3:1A sum=BE str:ytoa
key1:BA key2:EA key3:1A sum=BE str:uuoa
key1:AA key2:FA key3:1A sum=BE str:qvoa
key1:CA key2:9A key3:5A sum=BE str:yppa
key1:BA key2:AA key3:5A sum=BE str:uqpa
key1:AA key2:BA key3:5A sum=BE str:qrpa
key1:9A key2:CA key3:5A sum=BE str:mspa
key1:8A key2:DA key3:5A sum=BE str:itpa
key1:7A key2:EA key3:5A sum=BE str:eupa
key1:6A key2:FA key3:5A sum=BE str:avpa
key1:CA key2:5A key3:9A sum=BE str:ylqa
key1:BA key2:6A key3:9A sum=BE str:umqa
key1:AA key2:7A key3:9A sum=BE str:qnqa
key1:9A key2:8A key3:9A sum=BE str:moqa
key1:8A key2:9A key3:9A sum=BE str:ipqa
key1:7A key2:AA key3:9A sum=BE str:eqqa
key1:6A key2:BA key3:9A sum=BE str:arqa
key1:CA key2:1A key3:DA sum=BE str:yhra
key1:BA key2:2A key3:DA sum=BE str:uira
key1:AA key2:3A key3:DA sum=BE str:qjra
key1:9A key2:4A key3:DA sum=BE str:mkra
key1:8A key2:5A key3:DA sum=BE str:ilra
key1:7A key2:6A key3:DA sum=BE str:emra
key1:6A key2:7A key3:DA sum=BE str:anra
key1:C9 key2:DB key3:1A sum=BE str:ydsa
key1:B9 key2:EB key3:1A sum=BE str:uesa
key1:A9 key2:FB key3:1A sum=BE str:qfsa
key1:B9 key2:AB key3:5A sum=BE str:uata
key1:A9 key2:BB key3:5A sum=BE str:qbta
key1:99 key2:CB key3:5A sum=BE str:mcta
key1:89 key2:DB key3:5A sum=BE str:idta
key1:79 key2:EB key3:5A sum=BE str:eeta
key1:69 key2:FB key3:5A sum=BE str:afta
key1:79 key2:AB key3:9A sum=BE str:eaua
key1:69 key2:BB key3:9A sum=BE str:abua
key1:7D key2:A6 key3:9B sum=BE str:faab
key1:6D key2:B6 key3:9B sum=BE str:bbab
key1:9B key2:8 key3:1B sum=BE str:mwgb
key1:8B key2:18 key3:1B sum=BE str:ixgb
key1:7B key2:28 key3:1B sum=BE str:eygb
key1:6B key2:38 key3:1B sum=BE str:azgb
key1:CB key2:18 key3:DB sum=BE str:yxjb
key1:BB key2:28 key3:DB sum=BE str:uyjb
key1:AB key2:38 key3:DB sum=BE str:qzjb
key1:9A key2:9 key3:1B sum=BE str:mgkb
key1:8A key2:19 key3:1B sum=BE str:ihkb
key1:7A key2:29 key3:1B sum=BE str:eikb
key1:6A key2:39 key3:1B sum=BE str:ajkb
key1:CA key2:D9 key3:1B sum=BE str:ytkb
key1:BA key2:E9 key3:1B sum=BE str:uukb
key1:AA key2:F9 key3:1B sum=BE str:qvkb
key1:CA key2:99 key3:5B sum=BE str:yplb
key1:BA key2:A9 key3:5B sum=BE str:uqlb
key1:AA key2:B9 key3:5B sum=BE str:qrlb
key1:9A key2:C9 key3:5B sum=BE str:mslb
key1:8A key2:D9 key3:5B sum=BE str:itlb
key1:7A key2:E9 key3:5B sum=BE str:eulb
key1:6A key2:F9 key3:5B sum=BE str:avlb
key1:CA key2:59 key3:9B sum=BE str:ylmb
key1:BA key2:69 key3:9B sum=BE str:ummb
key1:AA key2:79 key3:9B sum=BE str:qnmb
key1:9A key2:89 key3:9B sum=BE str:momb
key1:8A key2:99 key3:9B sum=BE str:ipmb
key1:7A key2:A9 key3:9B sum=BE str:eqmb
key1:6A key2:B9 key3:9B sum=BE str:armb
key1:CA key2:19 key3:DB sum=BE str:yhnb
key1:BA key2:29 key3:DB sum=BE str:uinb
key1:AA key2:39 key3:DB sum=BE str:qjnb
key1:9A key2:49 key3:DB sum=BE str:mknb
key1:8A key2:59 key3:DB sum=BE str:ilnb
key1:7A key2:69 key3:DB sum=BE str:emnb
key1:6A key2:79 key3:DB sum=BE str:annb
key1:C9 key2:DA key3:1B sum=BE str:ydob
key1:B9 key2:EA key3:1B sum=BE str:ueob
key1:A9 key2:FA key3:1B sum=BE str:qfob
key1:B9 key2:AA key3:5B sum=BE str:uapb
key1:A9 key2:BA key3:5B sum=BE str:qbpb
key1:99 key2:CA key3:5B sum=BE str:mcpb
key1:89 key2:DA key3:5B sum=BE str:idpb
key1:79 key2:EA key3:5B sum=BE str:eepb
key1:69 key2:FA key3:5B sum=BE str:afpb
key1:79 key2:AA key3:9B sum=BE str:eaqb
key1:69 key2:BA key3:9B sum=BE str:abqb
key1:97 key2:C key3:1B sum=BE str:lwwb
key1:87 key2:1C key3:1B sum=BE str:hxwb
key1:77 key2:2C key3:1B sum=BE str:dywb
key1:C7 key2:1C key3:DB sum=BE str:xxzb
key1:B7 key2:2C key3:DB sum=BE str:tyzb
key1:A7 key2:3C key3:DB sum=BE str:pzzb
key1:9B key2:7 key3:1C sum=BE str:mwcc
key1:8B key2:17 key3:1C sum=BE str:ixcc
key1:7B key2:27 key3:1C sum=BE str:eycc
key1:6B key2:37 key3:1C sum=BE str:azcc
key1:CB key2:17 key3:DC sum=BE str:yxfc
key1:BB key2:27 key3:DC sum=BE str:uyfc
key1:AB key2:37 key3:DC sum=BE str:qzfc
key1:9A key2:8 key3:1C sum=BE str:mggc
key1:8A key2:18 key3:1C sum=BE str:ihgc
key1:7A key2:28 key3:1C sum=BE str:eigc
key1:6A key2:38 key3:1C sum=BE str:ajgc
key1:CA key2:D8 key3:1C sum=BE str:ytgc
key1:BA key2:E8 key3:1C sum=BE str:uugc
key1:AA key2:F8 key3:1C sum=BE str:qvgc
key1:CA key2:98 key3:5C sum=BE str:yphc
key1:BA key2:A8 key3:5C sum=BE str:uqhc
key1:AA key2:B8 key3:5C sum=BE str:qrhc
key1:9A key2:C8 key3:5C sum=BE str:mshc
key1:8A key2:D8 key3:5C sum=BE str:ithc
key1:7A key2:E8 key3:5C sum=BE str:euhc
key1:6A key2:F8 key3:5C sum=BE str:avhc
key1:CA key2:58 key3:9C sum=BE str:ylic
key1:BA key2:68 key3:9C sum=BE str:umic
key1:AA key2:78 key3:9C sum=BE str:qnic
key1:9A key2:88 key3:9C sum=BE str:moic
key1:8A key2:98 key3:9C sum=BE str:ipic
key1:7A key2:A8 key3:9C sum=BE str:eqic
key1:6A key2:B8 key3:9C sum=BE str:aric
key1:CA key2:18 key3:DC sum=BE str:yhjc
key1:BA key2:28 key3:DC sum=BE str:uijc
key1:AA key2:38 key3:DC sum=BE str:qjjc
key1:9A key2:48 key3:DC sum=BE str:mkjc
key1:8A key2:58 key3:DC sum=BE str:iljc
key1:7A key2:68 key3:DC sum=BE str:emjc
key1:6A key2:78 key3:DC sum=BE str:anjc
key1:C9 key2:D9 key3:1C sum=BE str:ydkc
key1:B9 key2:E9 key3:1C sum=BE str:uekc
key1:A9 key2:F9 key3:1C sum=BE str:qfkc
key1:B9 key2:A9 key3:5C sum=BE str:ualc
key1:A9 key2:B9 key3:5C sum=BE str:qblc
key1:99 key2:C9 key3:5C sum=BE str:mclc
key1:89 key2:D9 key3:5C sum=BE str:idlc
key1:79 key2:E9 key3:5C sum=BE str:eelc
key1:69 key2:F9 key3:5C sum=BE str:aflc
key1:79 key2:A9 key3:9C sum=BE str:eamc
key1:69 key2:B9 key3:9C sum=BE str:abmc
key1:97 key2:B key3:1C sum=BE str:lwsc
key1:87 key2:1B key3:1C sum=BE str:hxsc
key1:77 key2:2B key3:1C sum=BE str:dysc
key1:C7 key2:1B key3:DC sum=BE str:xxvc
key1:B7 key2:2B key3:DC sum=BE str:tyvc
key1:A7 key2:3B key3:DC sum=BE str:pzvc
key1:96 key2:C key3:1C sum=BE str:lgwc
key1:86 key2:1C key3:1C sum=BE str:hhwc
key1:76 key2:2C key3:1C sum=BE str:diwc
key1:C6 key2:DC key3:1C sum=BE str:xtwc
key1:B6 key2:EC key3:1C sum=BE str:tuwc
key1:A6 key2:FC key3:1C sum=BE str:pvwc
key1:C6 key2:9C key3:5C sum=BE str:xpxc
key1:B6 key2:AC key3:5C sum=BE str:tqxc
key1:A6 key2:BC key3:5C sum=BE str:prxc
key1:96 key2:CC key3:5C sum=BE str:lsxc
key1:86 key2:DC key3:5C sum=BE str:htxc
key1:76 key2:EC key3:5C sum=BE str:duxc
key1:C6 key2:5C key3:9C sum=BE str:xlyc
key1:B6 key2:6C key3:9C sum=BE str:tmyc
key1:A6 key2:7C key3:9C sum=BE str:pnyc
key1:96 key2:8C key3:9C sum=BE str:loyc
key1:86 key2:9C key3:9C sum=BE str:hpyc
key1:76 key2:AC key3:9C sum=BE str:dqyc
key1:C6 key2:1C key3:DC sum=BE str:xhzc
key1:B6 key2:2C key3:DC sum=BE str:tizc
key1:A6 key2:3C key3:DC sum=BE str:pjzc
key1:96 key2:4C key3:DC sum=BE str:lkzc
key1:86 key2:5C key3:DC sum=BE str:hlzc
key1:76 key2:6C key3:DC sum=BE str:dmzc
key1:CB key2:16 key3:DD sum=BE str:yxbd
key1:BB key2:26 key3:DD sum=BE str:uybd
key1:AB key2:36 key3:DD sum=BE str:qzbd
key1:9A key2:7 key3:1D sum=BE str:mgcd
key1:8A key2:17 key3:1D sum=BE str:ihcd
key1:7A key2:27 key3:1D sum=BE str:eicd
key1:6A key2:37 key3:1D sum=BE str:ajcd
key1:CA key2:D7 key3:1D sum=BE str:ytcd
key1:BA key2:E7 key3:1D sum=BE str:uucd
key1:AA key2:F7 key3:1D sum=BE str:qvcd
key1:CA key2:97 key3:5D sum=BE str:ypdd
key1:BA key2:A7 key3:5D sum=BE str:uqdd
key1:AA key2:B7 key3:5D sum=BE str:qrdd
key1:9A key2:C7 key3:5D sum=BE str:msdd
key1:8A key2:D7 key3:5D sum=BE str:itdd
key1:7A key2:E7 key3:5D sum=BE str:eudd
key1:6A key2:F7 key3:5D sum=BE str:avdd
key1:CA key2:57 key3:9D sum=BE str:yled
key1:BA key2:67 key3:9D sum=BE str:umed
key1:AA key2:77 key3:9D sum=BE str:qned
key1:9A key2:87 key3:9D sum=BE str:moed
key1:8A key2:97 key3:9D sum=BE str:iped
key1:7A key2:A7 key3:9D sum=BE str:eqed
key1:6A key2:B7 key3:9D sum=BE str:ared
key1:CA key2:17 key3:DD sum=BE str:yhfd
key1:BA key2:27 key3:DD sum=BE str:uifd
key1:AA key2:37 key3:DD sum=BE str:qjfd
key1:9A key2:47 key3:DD sum=BE str:mkfd
key1:8A key2:57 key3:DD sum=BE str:ilfd
key1:7A key2:67 key3:DD sum=BE str:emfd
key1:6A key2:77 key3:DD sum=BE str:anfd
key1:C9 key2:D8 key3:1D sum=BE str:ydgd
key1:B9 key2:E8 key3:1D sum=BE str:uegd
key1:A9 key2:F8 key3:1D sum=BE str:qfgd
key1:B9 key2:A8 key3:5D sum=BE str:uahd
key1:A9 key2:B8 key3:5D sum=BE str:qbhd
key1:99 key2:C8 key3:5D sum=BE str:mchd
key1:89 key2:D8 key3:5D sum=BE str:idhd
key1:79 key2:E8 key3:5D sum=BE str:eehd
key1:69 key2:F8 key3:5D sum=BE str:afhd
key1:79 key2:A8 key3:9D sum=BE str:eaid
key1:69 key2:B8 key3:9D sum=BE str:abid
key1:97 key2:A key3:1D sum=BE str:lwod
key1:87 key2:1A key3:1D sum=BE str:hxod
key1:77 key2:2A key3:1D sum=BE str:dyod
key1:C7 key2:1A key3:DD sum=BE str:xxrd
key1:B7 key2:2A key3:DD sum=BE str:tyrd
key1:A7 key2:3A key3:DD sum=BE str:pzrd
key1:96 key2:B key3:1D sum=BE str:lgsd
key1:86 key2:1B key3:1D sum=BE str:hhsd
key1:76 key2:2B key3:1D sum=BE str:disd
key1:C6 key2:DB key3:1D sum=BE str:xtsd
key1:B6 key2:EB key3:1D sum=BE str:tusd
key1:A6 key2:FB key3:1D sum=BE str:pvsd
key1:C6 key2:9B key3:5D sum=BE str:xptd
key1:B6 key2:AB key3:5D sum=BE str:tqtd
key1:A6 key2:BB key3:5D sum=BE str:prtd
key1:96 key2:CB key3:5D sum=BE str:lstd
key1:86 key2:DB key3:5D sum=BE str:httd
key1:76 key2:EB key3:5D sum=BE str:dutd
key1:C6 key2:5B key3:9D sum=BE str:xlud
到这里这彩蛋还感觉没玩好呢,不知道大牛设定的彩蛋字符串是啥,应该是某个有意义的字符串吧我猜
@我是用户
事实证明我是个逗比,详见大牛分析{:1_902:}
http://www.52pojie.cn/forum.php?mod=viewthread&tid=398074&page=2#pid9713791
|
免费评分
-
查看全部评分
|
[复制链接]
看到最后一句,笑了。。。
.