協同ダイヤル2.7アカウントパスワード暗号化分析
10763 ワード
This is By FLYZER0 2011-5
;
0041B05C |. 68 4C7B4400 PUSH GHCADail.00447B4C ; |rb
0041B061 |. 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+24] ; |
0041B065 |. 68 407B4400 PUSH GHCADail.00447B40 ; |Record.txt
0041B06A |. 52 PUSH EDX ; |Arg1
0041B06B |. E8 A0390000 CALL GHCADail.0041EA10 ; \GHCADail.0041EA10
0041B070 |. 8B4424 2C MOV EAX,DWORD PTR SS:[ESP+2C]
0041B074 |. 83C4 24 ADD ESP,24
0041B077 |. 85C0 TEST EAX,EAX
0041B079 |. 0F84 D1000000 JE GHCADail.0041B150
0041B07F |. 53 PUSH EBX
0041B080 |. 57 PUSH EDI
0041B081 |. 50 PUSH EAX
0041B082 |. 68 00020000 PUSH 200
0041B087 |. 8D8424 040400>LEA EAX,DWORD PTR SS:[ESP+404]
0041B08E |. 6A 02 PUSH 2
0041B090 |. 50 PUSH EAX ; Record.txt
0041B091 |. E8 82380000 CALL GHCADail.0041E918
0041B096 |. 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+20]
0041B09A |. 51 PUSH ECX
0041B09B |. E8 3F350000 CALL GHCADail.0041E5DF
0041B0A0 |. 83C4 14 ADD ESP,14
0041B0A3 |. 8D7C24 14 LEA EDI,DWORD PTR SS:[ESP+14]
0041B0A7 |. 8D8424 FC0300>LEA EAX,DWORD PTR SS:[ESP+3FC]
0041B0AE |. E8 8DFEFFFF CALL GHCADail.0041AF40 ; core
;
0041AF40 /$ 0FB710 MOVZX EDX,WORD PTR DS:[EAX] ; eax record.txt
0041AF43 |. 8D48 02 LEA ECX,DWORD PTR DS:[EAX+2]
0041AF46 |. 66:8B0455 801>MOV AX,WORD PTR DS:[EDX*2+451780]
0041AF4E |. 66:3301 XOR AX,WORD PTR DS:[ECX]
0041AF51 |. 66:8907 MOV WORD PTR DS:[EDI],AX
0041AF54 |. 74 2B JE SHORT GHCADail.0041AF81
0041AF56 |. 53 PUSH EBX
0041AF57 |. 56 PUSH ESI
0041AF58 |. 8BF7 MOV ESI,EDI ; Key Data=(451780~45197F)
0041AF5A |. 2BF1 SUB ESI,ECX
0041AF5C |. 8D6424 00 LEA ESP,DWORD PTR SS:[ESP]
0041AF60 |> 8D42 01 /LEA EAX,DWORD PTR DS:[EDX+1] ; edx+1 -》 eax
0041AF63 |. 99 |CDQ ; edx=0
0041AF64 |. BB FF010000 |MOV EBX,1FF ; ebx=1FF
0041AF69 |. F7FB |IDIV EBX ; eax <= 1FF ,edx=eax ,eax=0,edx=eax(mod)1FF
0041AF6B |. 83C1 02 |ADD ECX,2 ; ecx+=2
0041AF6E |. 66:8B0455 801>|MOV AX,WORD PTR DS:[EDX*2+451780] ; next group worddata
0041AF76 |. 66:3301 |XOR AX,WORD PTR DS:[ECX] ; key xor
0041AF79 |. 66:89040E |MOV WORD PTR DS:[ESI+ECX],AX ; ax 0 z ,
0041AF7D |.^ 75 E1 \JNZ SHORT GHCADail.0041AF60
0041AF7F |. 5E POP ESI
0041AF80 |. 5B POP EBX
0041AF81 |> 8BC7 MOV EAX,EDI
0041AF83 \. C3 RETN;451780 ~ 45197F , 1FF Key
;C32ASM C Format Data
0x62, 0x00, 0x15, 0x00, 0x56, 0x00, 0x7B, 0x00, 0x14, 0x00, 0x00, 0x00, 0x0F, 0x00, 0x77, 0x00, 0x73, 0x00, 0x04, 0x00, 0x42, 0x00, 0x5C, 0x00, 0x5A, 0x00, 0x3D, 0x00, 0x75, 0x00, 0x2D, 0x00, 0x1D, 0x00, 0x2E, 0x00, 0x09, 0x00, 0x28, 0x00, 0x2A, 0x00, 0x3B, 0x00, 0x3F, 0x00, 0x30, 0x00, 0x4B, 0x00, 0x0A, 0x00, 0x19, 0x00, 0x56, 0x00, 0x2E, 0x00, 0x1F, 0x00, 0x59, 0x00, 0x10, 0x00, 0x35, 0x00, 0x30, 0x00, 0x0B, 0x00, 0x49, 0x00, 0x30, 0x00, 0x1A, 0x00, 0x40, 0x00, 0x23, 0x00, 0x1E, 0x00, 0x02, 0x00, 0x7F, 0x00, 0x78, 0x00, 0x40, 0x00, 0x74, 0x00, 0x25, 0x00, 0x5D, 0x00, 0x23, 0x00, 0x2E, 0x00, 0x05, 0x00, 0x4D, 0x00, 0x69, 0x00, 0x44, 0x00, 0x7D, 0x00, 0x34, 0x00, 0x4E, 0x00, 0x16, 0x00, 0x0A, 0x00, 0x7C, 0x00, 0x36, 0x00, 0x64, 0x00, 0x0C, 0x00, 0x6B, 0x00, 0x14, 0x00, 0x18, 0x00, 0x34, 0x00, 0x44, 0x00, 0x32, 0x00, 0x74, 0x00, 0x67, 0x00, 0x51, 0x00, 0x77, 0x00, 0x66, 0x00, 0x49, 0x00, 0x37, 0x00, 0x5A, 0x00, 0x6F, 0x00, 0x14, 0x00, 0x7D, 0x00, 0x1D, 0x00, 0x19, 0x00, 0x4B, 0x00, 0x07, 0x00, 0x5D, 0x00, 0x48, 0x00, 0x3B, 0x00, 0x2B, 0x00, 0x5F, 0x00, 0x46, 0x00, 0x28, 0x00, 0x15, 0x00, 0x2A, 0x00, 0x34, 0x00, 0x00, 0x00, 0x3E, 0x00, 0x4C, 0x00, 0x34, 0x00, 0x02, 0x00, 0x7F, 0x00, 0x28, 0x00, 0x69, 0x00, 0x50, 0x00, 0x1F, 0x00, 0x4F, 0x00, 0x19, 0x00, 0x56, 0x00, 0x29, 0x00, 0x08, 0x00, 0x6A, 0x00, 0x27, 0x00, 0x26, 0x00, 0x03, 0x00, 0x72, 0x00, 0x2D, 0x00, 0x60, 0x00, 0x3A, 0x00, 0x68, 0x00, 0x0C, 0x00, 0x19, 0x00, 0x2E, 0x00, 0x34, 0x00, 0x2E, 0x00, 0x58, 0x00, 0x68, 0x00, 0x2E, 0x00, 0x16, 0x00, 0x35, 0x00, 0x62, 0x00, 0x18, 0x00, 0x34, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x04, 0x00, 0x2A, 0x00, 0x50, 0x00, 0x1D, 0x00, 0x01, 0x00, 0x7A, 0x00, 0x26, 0x00, 0x6B, 0x00, 0x21, 0x00, 0x4C, 0x00, 0x6F, 0x00, 0x13, 0x00, 0x79, 0x00, 0x4F, 0x00, 0x4D, 0x00, 0x61, 0x00, 0x5B, 0x00, 0x67, 0x00, 0x10, 0x00, 0x0F, 0x00, 0x15, 0x00, 0x68, 0x00, 0x78, 0x00, 0x44, 0x00, 0x7F, 0x00, 0x2D, 0x00, 0x26, 0x00, 0x17, 0x00, 0x61, 0x00, 0x31, 0x00, 0x19, 0x00, 0x65, 0x00, 0x5C, 0x00, 0x69, 0x00, 0x02, 0x00, 0x5D, 0x00, 0x63, 0x00, 0x28, 0x00, 0x48, 0x00, 0x04, 0x00, 0x74, 0x00, 0x37, 0x00, 0x17, 0x00, 0x6D, 0x00, 0x07, 0x00, 0x65, 0x00, 0x4F, 0x00, 0x62, 0x00, 0x4C, 0x00, 0x5F, 0x00, 0x72, 0x00, 0x61, 0x00, 0x47, 0x00, 0x6A, 0x00, 0x25, 0x00, 0x46, 0x00, 0x17, 0x00, 0x4C, 0x00, 0x5E, 0x00, 0x78, 0x00, 0x7D, 0x00, 0x77, 0x00, 0x5D, 0x00, 0x59, 0x00, 0x60, 0x00, 0x5F, 0x00, 0x36, 0x00, 0x44, 0x00, 0x08, 0x00, 0x7F, 0x00, 0x48, 0x00, 0x7C, 0x00, 0x36, 0x00, 0x60, 0x00, 0x6A, 0x00, 0x3D, 0x00, 0x45, 0x00, 0x39, 0x00, 0x20, 0x00, 0x11, 0x00, 0x18, 0x00, 0x12, 0x00, 0x72, 0x00, 0x5F, 0x00, 0x7C, 0x00, 0x18, 0x00, 0x26, 0x00, 0x13, 0x00, 0x64, 0x00, 0x04, 0x00, 0x0B, 0x00, 0x61, 0x00, 0x7B, 0x00, 0x68, 0x00, 0x3B, 0x00, 0x5B, 0x00, 0x47, 0x00, 0x71, 0x00, 0x1F, 0x00, 0x4F, 0x00, 0x70, 0x00, 0x68, 0x00, 0x4C, 0x00, 0x27, 0x00, 0x48, 0x00, 0x36, 0x00, 0x64, 0x00, 0x0D, 0x00, 0x6F, 0x00, 0x04, 0x00, 0x1E, 0x00, 0x07, 0x00, 0x16, 0x00, 0x10, 0x00, 0x66, 0x00, 0x12, 0x00, 0x28, 0x00, 0x0C, 0x00, 0x25, 0x00, 0x0C, 0x00, 0x10, 0x00, 0x30, 0x00, 0x6E, 0x00,// ghca_crack.cpp : 。
//
#include "stdafx.h"
#include "windows.h"
//
unsigned int i=0;
WORD userpwd[256]={0}; // unicode
char userpwdasc[256]={0}; // ascii
unsigned char fbuffer[256]={0}; //
WORD *gaddress; //gkey
// key
unsigned char gkey[]={
0x62,0x00,0x15,0x00,0x56,0x00,0x7B,0x00,0x14,0x00,0x00,0x00,0x0F,0x00,0x77,0x00,
0x73,0x00,0x04,0x00,0x42,0x00,0x5C,0x00,0x5A,0x00,0x3D,0x00,0x75,0x00,0x2D,0x00,
0x1D,0x00,0x2E,0x00,0x09,0x00,0x28,0x00,0x2A,0x00,0x3B,0x00,0x3F,0x00,0x30,0x00,
0x4B,0x00,0x0A,0x00,0x19,0x00,0x56,0x00,0x2E,0x00,0x1F,0x00,0x59,0x00,0x10,0x00,
0x35,0x00,0x30,0x00,0x0B,0x00,0x49,0x00,0x30,0x00,0x1A,0x00,0x40,0x00,0x23,0x00,
0x1E,0x00,0x02,0x00,0x7F,0x00,0x78,0x00,0x40,0x00,0x74,0x00,0x25,0x00,0x5D,0x00,
0x23,0x00,0x2E,0x00,0x05,0x00,0x4D,0x00,0x69,0x00,0x44,0x00,0x7D,0x00,0x34,0x00,
0x4E,0x00,0x16,0x00,0x0A,0x00,0x7C,0x00,0x36,0x00,0x64,0x00,0x0C,0x00,0x6B,0x00,
0x14,0x00,0x18,0x00,0x34,0x00,0x44,0x00,0x32,0x00,0x74,0x00,0x67,0x00,0x51,0x00,
0x77,0x00,0x66,0x00,0x49,0x00,0x37,0x00,0x5A,0x00,0x6F,0x00,0x14,0x00,0x7D,0x00,
0x1D,0x00,0x19,0x00,0x4B,0x00,0x07,0x00,0x5D,0x00,0x48,0x00,0x3B,0x00,0x2B,0x00,
0x5F,0x00,0x46,0x00,0x28,0x00,0x15,0x00,0x2A,0x00,0x34,0x00,0x00,0x00,0x3E,0x00,
0x4C,0x00,0x34,0x00,0x02,0x00,0x7F,0x00,0x28,0x00,0x69,0x00,0x50,0x00,0x1F,0x00,
0x4F,0x00,0x19,0x00,0x56,0x00,0x29,0x00,0x08,0x00,0x6A,0x00,0x27,0x00,0x26,0x00,
0x03,0x00,0x72,0x00,0x2D,0x00,0x60,0x00,0x3A,0x00,0x68,0x00,0x0C,0x00,0x19,0x00,
0x2E,0x00,0x34,0x00,0x2E,0x00,0x58,0x00,0x68,0x00,0x2E,0x00,0x16,0x00,0x35,0x00,
0x62,0x00,0x18,0x00,0x34,0x00,0x0B,0x00,0x01,0x00,0x04,0x00,0x2A,0x00,0x50,0x00,
0x1D,0x00,0x01,0x00,0x7A,0x00,0x26,0x00,0x6B,0x00,0x21,0x00,0x4C,0x00,0x6F,0x00,
0x13,0x00,0x79,0x00,0x4F,0x00,0x4D,0x00,0x61,0x00,0x5B,0x00,0x67,0x00,0x10,0x00,
0x0F,0x00,0x15,0x00,0x68,0x00,0x78,0x00,0x44,0x00,0x7F,0x00,0x2D,0x00,0x26,0x00,
0x17,0x00,0x61,0x00,0x31,0x00,0x19,0x00,0x65,0x00,0x5C,0x00,0x69,0x00,0x02,0x00,
0x5D,0x00,0x63,0x00,0x28,0x00,0x48,0x00,0x04,0x00,0x74,0x00,0x37,0x00,0x17,0x00,
0x6D,0x00,0x07,0x00,0x65,0x00,0x4F,0x00,0x62,0x00,0x4C,0x00,0x5F,0x00,0x72,0x00,
0x61,0x00,0x47,0x00,0x6A,0x00,0x25,0x00,0x46,0x00,0x17,0x00,0x4C,0x00,0x5E,0x00,
0x78,0x00,0x7D,0x00,0x77,0x00,0x5D,0x00,0x59,0x00,0x60,0x00,0x5F,0x00,0x36,0x00,
0x44,0x00,0x08,0x00,0x7F,0x00,0x48,0x00,0x7C,0x00,0x36,0x00,0x60,0x00,0x6A,0x00,
0x3D,0x00,0x45,0x00,0x39,0x00,0x20,0x00,0x11,0x00,0x18,0x00,0x12,0x00,0x72,0x00,
0x5F,0x00,0x7C,0x00,0x18,0x00,0x26,0x00,0x13,0x00,0x64,0x00,0x04,0x00,0x0B,0x00,
0x61,0x00,0x7B,0x00,0x68,0x00,0x3B,0x00,0x5B,0x00,0x47,0x00,0x71,0x00,0x1F,0x00,
0x4F,0x00,0x70,0x00,0x68,0x00,0x4C,0x00,0x27,0x00,0x48,0x00,0x36,0x00,0x64,0x00,
0x0D,0x00,0x6F,0x00,0x04,0x00,0x1E,0x00,0x07,0x00,0x16,0x00,0x10,0x00,0x66,0x00,
0x12,0x00,0x28,0x00,0x0C,0x00,0x25,0x00,0x0C,0x00,0x10,0x00,0x30,0x00,0x6E,0x00,
};
int _tmain(int argc, _TCHAR* argv[])
{
printf(" - in vs.net 2003 By FLYZER0
");
//
FILE* fp;
if(fp = fopen("Record.txt","rb")){
//
fread(fbuffer,sizeof(WORD),2,fp);
i+=2;
//xor
//fbuffer[0]=fbuffer[0]^fbuffer[1];
//fbuffer[1]=fbuffer[0]^fbuffer[1];
//fbuffer[0]=fbuffer[0]^fbuffer[1];
//
while(!feof(fp)){
fread(fbuffer+i,sizeof(WORD),1,fp);
fbuffer[0]++;
fbuffer[0]%=0x1FF;
gaddress=(WORD*)gkey;
gaddress+=fbuffer[0];
userpwd[i-1]=*gaddress^fbuffer[i];
//xor 0
if(userpwd[i-1]==0){
break;
}
i++;
}
//fbuffer unicode , char, , WideCharToMultiByte
WideCharToMultiByte(CP_ACP,0,(LPCWSTR)userpwd+1,sizeof(userpwd)/2,userpwdasc,sizeof(userpwdasc),NULL,NULL);
printf("%s
",userpwdasc);
}else{
printf(" , .
");
}
printf(" 。。。");
getchar();
return 0;
}