@xzh3ha
逻辑
真正核心函数为sub_80488E0而不是main,跟一下程序或者找一下输入位置都能知道
__PAIR(a3,a2)的作用是把a3作为高32位,a2作为低32位传入
对于这种单字符加密,爆破就完事儿了。
要求输出为如下
B80C91FE70573EFE
BEED92AE7F7A8193
7390C17B90347C6C
AA7A15DFAA7A15DF
526BA076153F1A32
545C15AD7D8AA463
526BA076FBCB7AA0
7D8AA4639C513266
526BA0766D7DF3E1
AA7A15DF9C513266
1EDC38649323BC07
7D8AA463FBCB7AA0
153F1A32526BA076
F5650025AA7A15DF
1EDC3864B13AD888
代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
| include<stdio.h>
include<string.h>
include<map>
include<utility>
int sub_400BA0(unsigned int a1, unsigned __int64 a2)
{
unsigned __int64 v5;
unsigned int i;
unsigned __int32 v8;
unsigned int j;
int v10;
int s[32];
unsigned int v12;
v8 = a1;
for ( j = 0; j <= 0x20F; ++j )
{
v5 = a2 >> (j & 0x1F);
if ( j & 0x20 ){
__int64 temp =v5&0xffffffff00000000;
temp=temp>>32;
v5=v5&0xffffffff00000000;
v5=v5|temp;
}
v8 = (v8 >> 1) ^ (((unsigned int)v5 ^ v8 ^ (v8 >> 16) ^ (1551120942 >> (((v8 >> 1) & 1)
+ 2
* (2
* (((v8 >> 20) & 1)
+ 2
* (2 * ((v8 & 0x80000000) != 0)
+ ((v8 >> 26) & 1)))
+ ((v8 >> 9) & 1))))) << 31);
}
return v8;
}
int main(){
int num[]={0xB80C91FE,0x70573EFE,0xBEED92AE,0x7F7A8193
,0x7390C17B,0x90347C6C
,0xAA7A15DF,0xAA7A15DF
,0x526BA076,0x153F1A32
,0x545C15AD,0x7D8AA463
,0x526BA076,0xFBCB7AA0
,0x7D8AA463,0x9C513266
,0x526BA076,0x6D7DF3E1
,0xAA7A15DF,0x9C513266
,0x1EDC3864,0x9323BC07
,0x7D8AA463,0xFBCB7AA0
,0x153F1A32,0x526BA076
,0xF5650025,0xAA7A15DF
,0x1EDC3864,0xB13AD888};
for (int i=0;i<30;i++)
{
for (int k=0;k<=0xff;k++)
{
__int64 temp=0x1D082C23A72BE4C1;
if(sub_400BA0(k,temp)==num[i])
{
printf("%c",k);
break;
}
}
}
return 0;
}
|
