KeyGenMe 两种难度

AmIzero

正确密钥

PITYTOZLOTKOZIGYHYSLUICTB
FPGAPQCTXCFHHNCAWYUCTMYPY
UPX嗯。。现在应该可以做出key maker了
easy 和 hard 算法 完全相同，只是hard加了混淆 easy除了加了upx减小体积外无任何混淆

冰露㊣神

Sound 发表于 2019-5-14 23:46
回答: 因为UP的 hard的 Rm 太  牛A 牛C 不能形容，只能取AC中间的 牛B了。

版主也水贴？

Sound

回答: 因为UP的 hard的 Rm 太  牛A 牛C 不能形容，只能取AC中间的 牛B了。

evill

我也提供一个形容词：牛X

crack5

也不是不可能  简单看了下 楼主上了VEH 然后调用线程抛异常

梦游枪手

两个km的算法貌似一样，不过真的只能用牛X来形容了。hard加了大量的混淆代码，看了两眼放弃了。easy的简单很多，但也不容易啊。
附keygen代码，代码有点烂

[Asm] 纯文本查看 复制代码

#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
void keygen(unsigned char* key);
void tablegen(unsigned char* key,unsigned int * out,int len);
void decrytion(unsigned char* src,unsigned int * table,int len);
int main(int argc, char const *argv[])
{
	unsigned char result[0x1a];
  memset(result,0,0x1a);
	srand((unsigned)time(NULL));
  keygen(result);
  printf("%s\n",result);
	return 0;
}
void keygen(unsigned char* key){
	unsigned char code[0x1a];
	unsigned int foureight;
	unsigned char out [5];
	unsigned int* table;
	unsigned char result [0x0012] =
		{
		0xf7, 0x42, 0x91, 0xf8, 0x0e, 0xac, 0xd6, 0x7a, 0x3c, 0xdd, 0x46, 0x10, 0xc3, 0xdf, 0xd1, 0x12,
		0xbb, 0x00
		};
  for (int i = 0; i < 4; ++i)
  {
    code[i]=rand() % 26 + 0x41;
  }
  code[4]=0;
	foureight = *(unsigned int *)code * (*(unsigned int *)code + 16 * *(unsigned int *)code + 3) + 0x3F3;
	for (int i = 0; i < 4; ++i)
	{
		code[i+4]=*((unsigned char *)&foureight +i)%0x1a+0x41;
	}
	code[8]=0;
  table=(unsigned int *)malloc(1024);
  memset(table,0,1024);
  tablegen(code,table,8);
  decrytion(result,table,sizeof(result)-1);
  free(table);
  for(int i=0;i<sizeof(result)-1;i++){
    code[8+i]=result[i]%0x1a+0x41;
  }
  code[0x19]=0;
  for (int i = 0; i < 0x1a; ++i)
  {
    key[i]=code[i];
  }
}
void tablegen(unsigned char* key,unsigned int* out,int len){
	int n;
	int p;
	int on;
	int c;
	out[0] = 255;
	n=0;
  	do
  	{
    	out[n+1] = (0x2AB * out[n] + 0x151) % 256;
    	++n;
  	}
  	while ( n < 255 );
  
  	on = 0;
  	p = 0;
  	n = 0;
    c = 0;
  	do
  	{
    	on = out[n];
    	p = (unsigned char)(p+on + *(c + key));
    	out[n] = out[p];
    	out[p] = on;
    	++n;
    	if ( ++c >= len ){
    		c=0;
    	}
      	
  	}
  	while ( n < 256);
    
}
void decrytion(unsigned char* src,unsigned int * table,int len){
	int p;
	int n;
	int tc;
	int tp;
	int tmp;
	int c;
	n=0;
	c=0;
	p=0;
	if(len>0){
		do
    	{
      	p++;
      	tp = table[p];
      	tc = (unsigned char)(n + tp + 1);
      	tmp = table[tc];
      	table[p] = tmp;
      	table[tc] = tp;
      	*(unsigned char*)(c++ + src) ^= (unsigned char)(table[tp ^ (unsigned char)(tmp + tp)]);
      	n=tc;
    	}
    	while ( c < len );
	}
}

AmIzero

梦游枪手 发表于 2019-5-20 12:49
两个km的算法貌似一样，不过真的只能用牛X来形容了。hard加了大量的混淆代码，看了两眼放弃了。easy的简单 ...

rc4的变形+强制类型转换

[C] 纯文本查看 复制代码

int trueCheckSum = 17 * b * b + 3 * b + 1011;
byte *pTC = (byte *)&trueCheckSum;
byte *pUNK = (byte *)(buffer + 4);
for (int i = 0; i < 4; i++) {
		byte s_a = (*pTC % 26 + 'A');
#ifdef testmode
		printf("%c", s_a);
#else
		if (s_a != *pUNK) {
			goto error;
		}
#endif
		pTC++;
		pUNK++;
	}

梦游枪手

AmIzero 发表于 2019-5-21 10:59
rc4的变形+强制类型转换
[mw_shl_code=c,true]int trueCheckSum = 17 * b * b + 3 * b + 1011;
byte *p ...

原来是RC4，当时感觉伪代码有点眼熟的

AmIzero

梦游枪手 发表于 2019-5-21 11:46
原来是RC4，当时感觉伪代码有点眼熟的

[C] 纯文本查看 复制代码

void rc4_setup(struct rc4_state *s, unsigned char *key, int length)
{
	int i, j, k, *m, a;

	s->x = 0;
	s->y = 0;
	m = s->m;
	
	m[0] = 0xFF;
	for (i = 1; i < 256; i++)
	{
		m[i] = (m[i-1] * 683 + 337) % 256;
	}

	j = k = 0;

	for (i = 0; i < 256; i++)
	{
		a = m[i];
		j = (unsigned char)(j + a + key[k]);
		m[i] = m[j]; m[j] = a;
		if (++k >= length) k = 0;
	}
}

void rc4_crypt(struct rc4_state *s, unsigned char *data, int length)
{
	int i, x, y, *m, a, b;

	x = s->x;
	y = s->y;
	m = s->m;

	for (i = 0; i < length; i++)
	{
		x = (unsigned char)(x + 1); 
		a = m[x];
		y = (unsigned char)(y + a + 1);
		m[x] = b = m[y];
		m[y] = a;
		data[i] ^= m[(unsigned char)(a + b ^ a)];
	}

	s->x = x;
	s->y = y;
}