加密算法6《3》

本文深入分析了BlowFish'sCrackMe1的验证算法,包括其核心流程、函数F(xl)的实现细节及Blowfish_Dec函数的工作原理,为读者提供了一份详细的算法解析。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

mov    ebx,BFLOW
        mov    eax,ebx
        mov    edi,offset szText+8
        mov    ecx,8
    @@22:
        mov    eax,ebx
        shl    ebx,4
        shr    eax,28
        cmp    eax,9
        jle    @@21
        add    eax,7
    @@21:      add    eax,30h
        and    eax,0ffh
        stosb
        loop    @@22

        xor    eax,eax
        mov    [edi],eax
        invoke  SetDlgItemText,hWnd,Edit2,offset szText
        mov    eax,FALSE
                        ret
                .elseif eax==IDCLOSE
                        invoke  EndDialog,hWnd,NULL
                .endif
        .else
                mov    eax,FALSE
                ret
        .endif
        mov    eax,TRUE
        ret

_ProcDlgMain endp

        ;主程序
start:  
        invoke  InitCommonControls
        invoke  GetModuleHandle,NULL
        mov    hInstance,eax
        invoke  DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,0
        invoke  ExitProcess,NULL
end    start

end    

;资源文件:rsrc.rc
;#include          <Resource.h>
;#define          IDGEN      10
;#define       DLG_MAIN  100
;#define            EDIT1      11
;#define            EDIT2      12
;
;DLG_MAIN    DIALOGEX    100,150,250,60
;STYLE        DS_MODALFRAME|WS_POPUP|WS_VISIBLE|WS_CAPTION|WS_SYSMENU|WS_THICKFRAME
;CAPTION        "BlowFish's CrackMe KenGen By 夜月[CCG]  "
;FONT        9,"宋体"
;
;BEGIN
;CONTROL        " ID:",-1,"Static",SS_LEFT,10,13,40,17
;CONTROL        "SN:"  ,-2,"Static",SS_CENTER,10,40,20,17
;CONTROL        ""    ,11,"Edit",ES_LEFT,30,13,150,10
;CONTROL        ""    ,12,"Edit",ES_LEFT,30,40,150,10
;CONTROL        "GENERATE",IDGEN,"BUTTON",BS_PUSHBUTTON,200,11,40,15
;CONTROL        "EXIT",IDCLOSE,"BUTTON",BS_PUSHBUTTON,200,36,41,14
;END 标 题:BlowFish's CrackMe1 算法分析,以前夜月写过 (18千字)
发信人:DiKeN
时 间:2002-4-11 13:53:00
详细信息:

=========================================================
=
=          BlowFish's CrackMe1 验证算法分析
=                          DiKeN/OCG
=========================================================

* Possible Reference to Dialog: DialogID_0065, CONTROL_ID:03EB, ""
                                |
:004015A4 68EB030000              push 000003EB
:004015A9 56                      push esi

* Reference To: USER32.GetDlgItemTextA, Ord:0000h
                                |
:004015AA FF151C614000            Call dword ptr [0040611C]
:004015B0 85C0                    test eax, eax
:004015B2 0F8432010000            je 004016EA
:004015B8 8D4C244C                lea ecx, dword ptr [esp+4C]
:004015BC 8D542448                lea edx, dword ptr [esp+48]
:004015C0 51                      push ecx
:004015C1 52                      push edx
:004015C2 8D44240C                lea eax, dword ptr [esp+0C]

* Possible StringData Ref from Data Obj ->"%08lX%08lX"
                                |
:004015C6 686C804000              push 0040806C
:004015CB 50                      push eax
:004015CC E81F020000              call 004017F0
:004015D1 8D4C245C                lea ecx, dword ptr [esp+5C]
:004015D5 8D542458                lea edx, dword ptr [esp+58]
:004015D9 51                      push ecx=========>[ecx]=0x90ABCDEF=xr
:004015DA 52                      push edx=========>[edx]=0x12345678=xl
:004015DB 6880894000              push 00408980====>P-Box(密钥盒)

:004015E0 E8EBFAFFFF              call 004010D0====>计算Blowfish_Dec(long *xl,long *xr)
======================================BF_Dec过程分析============================
    :004010D0 8B442408                mov eax, dword ptr [esp+08]
    :004010D4 8B4C240C                mov ecx, dword ptr [esp+0C]
    :004010D8 53                      push ebx
    :004010D9 55                      push ebp
    :004010DA 8B00                    mov eax, dword ptr [eax]====>xl
    :004010DC 56                      push esi
    :004010DD 8B31                    mov esi, dword ptr [ecx]====>xr
    :004010DF 57                      push edi
    :004010E0 8B7C2414                mov edi, dword ptr [esp+14]
    :004010E4 C744241410000000        mov [esp+14], 00000010
    :004010EC 8D5F44                  lea ebx, dword ptr [edi+44]==>P-Box(FORM 18 to 1<==因此使用的Dec)
      
    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:0040110D(C)
    |
    :004010EF 3303                    xor eax, dword ptr [ebx]
    :004010F1 50                      push eax
    :004010F2 57                      push edi
    :004010F3 8BE8                    mov ebp, eax
    :004010F5 E806FFFFFF              call 00401000
================================================================================
================================函数F(xl)
================================================================================
          :00401000 8B4C2408                mov ecx, dword ptr [esp+08]
          :00401004 53                      push ebx
          :00401005 8AC1                    mov al, cl
          :00401007 56                      push esi
          :00401008 25FF000000              and eax, 000000FF
          :0040100D 57                      push edi
          :0040100E C1E908                  shr ecx, 08
          :00401011 8BD0                    mov edx, eax
          :00401013 8AC1                    mov al, cl
          :00401015 8B7C2410                mov edi, dword ptr [esp+10]
          :00401019 25FF000000              and eax, 000000FF
          :0040101E C1E908                  shr ecx, 08
          :00401021 8BF0                    mov esi, eax
          :00401023 8BC1                    mov eax, ecx
          :00401025 C1E808                  shr eax, 08
          :00401028 25FF000000              and eax, 000000FF
          :0040102D 81E1FF000000            and ecx, 000000FF
          :00401033 81E6FFFF0000            and esi, 0000FFFF
          :00401039 81E2FFFF0000            and edx, 0000FFFF
          :0040103F 8B448748                mov eax, dword ptr [edi+4*eax+48]
          :00401043 8B9C8F48040000          mov ebx, dword ptr [edi+4*ecx+00000448]
          :0040104A 8B8CB748080000          mov ecx, dword ptr [edi+4*esi+00000848]
          :00401051 03C3                    add eax, ebx
          :00401053 33C1                    xor eax, ecx
          :00401055 8B8C97480C0000          mov ecx, dword ptr [edi+4*edx+00000C48]
          :0040105C 5F                      pop edi
          :0040105D 5E                      pop esi
          :0040105E 03C1                    add eax, ecx
          :00401060 5B                      pop ebx
          :00401061 C3                      ret          
================================================================================
================================end 函数F(xl)
================================================================================
    :004010FA 8B4C241C                mov ecx, dword ptr [esp+1C]
    :004010FE 83C408                  add esp, 00000008
    :00401101 33C6                    xor eax, esi
    :00401103 83EB04                  sub ebx, 00000004
    :00401106 49                      dec ecx
    :00401107 8BF5                    mov esi, ebp
    :00401109 894C2414                mov dword ptr [esp+14], ecx
    :0040110D 75E0                    jne 004010EF
    :0040110F 8B4F04                  mov ecx, dword ptr [edi+04]
    :00401112 8B17                    mov edx, dword ptr [edi]
    :00401114 33C8                    xor ecx, eax
    :00401116 8B442418                mov eax, dword ptr [esp+18]
    :0040111A 33D6                    xor edx, esi
    :0040111C 5F                      pop edi
    :0040111D 8910                    mov dword ptr [eax], edx
    :0040111F 8B542418                mov edx, dword ptr [esp+18]
    :00401123 5E                      pop esi
    :00401124 5D                      pop ebp
    :00401125 890A                    mov dword ptr [edx], ecx
    :00401127 5B                      pop ebx
    :00401128 C3                      ret

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值