| ²é¿´: 485 | »Ø¸´: 1 | |||
| µ±Ç°Ö÷ÌâÒѾ´æµµ¡£ | |||
sdlj8051½ð³æ (ÖøÃûдÊÖ)
|
[½»Á÷]
[תÌù]CRC32ÅöײµÄʵÏÖ
|
||
|
????????????????????? ??CRC32??????N??????§¹??,???§¹????0xFFFFFFFF,????N????????????????§¹??? ?????????????????????4????????§¹???????????????????????? ??: ???????????§¹????ABCD,?????§¹?????????abcd,§¹???????WXYZ,????4???????????mnop (??????????????????) ???????????ABCD+WXYZ???abcd ????4??????F(x),G(x),H(x),I(x)???????x????????,???????DWORD????¦Ë????¦Ë??4????? CRC32§¹??abcd???????????: R0:A,B,C,D R1:F(m),A^G(m),B^H(m),C^I(m) R2:F(n),F(m)^G(n),A^G(m)^H(n),B^H(m)^I(n) R3:F(o),F(n)^G(o),F(m)^G(n)^H(o),A^G(m)^H(n)^I(o) R4:F(p),F(o)^G(p),F(n)^G(o)^H(p),F(m)^G(n)^H(o)^I(p) ??R4????????4???????§¹???WXYZ,?????????????: ------------------------- <1> W=F(p); X=F(o)^G(p); Y=F(n)^G(o)^H(p); Z=F(m)^G(n)^H(o)^I(p); <2> m=d^D; n=c^C^I(m); o=b^B^H(m)^I(n); p=a^A^G(m)^H(n)^I(o); ------------------------- ????????????????ABCD,abcd,WXYZ??????,??mnop???§Þ???? ????abcd????????,??F(x)???????RF(x),??: ----------------------- ~<1> p=RF(W); o=RF(X^G(p)); n=RF(Y^G(o)^H(p)); m=RF(Z^G(n)^H(o)^I(p)); ~<2> d=m^D; c=n^C^I(m); b=o^B^H(m)^I(n); a=p^A^G(m)^H(n)^I(o); ----------------------- ???????????????????????§Ö?????:d,c,b,a (????????????§³????) ???????????????????,??????????????????RF(x)??????,??????????????????y=F(x)????????: void TestRF() { BYTE i,j; DWORD flag; for(i=0;i<=0xFF;i++) { flag=0; for(j=0;j<=0xFF;j++) { if(HIBYTE(HIWORD(CRC32_tab[j])) == i) { flag=1; printf("%X gets!\r\n",i); break; } if(j==0xFF)break; } if(!flag)printf("%X can't get RF\r\n",i); if(i==0xFF)break; } } ???????????§Ö?0~255????RF(x)???????,?????RF(x)??????????,?????????????! ??????~<1> ~<2>????: BYTE RF(BYTE x) { BYTE j; for(j=0;j<=0xFF;j++) { if(HIBYTE(HIWORD(CRC32_tab[j])) == x)break; } return j; } BYTE F(BYTE x) { return HIBYTE(HIWORD(CRC32_tab[x])); } BYTE G(BYTE x) { return LOBYTE(HIWORD(CRC32_tab[x])); } BYTE H(BYTE x) { return HIBYTE(LOWORD(CRC32_tab[x])); } BYTE I(BYTE x) { return LOBYTE(LOWORD(CRC32_tab[x])); } #define MakeLong(a,b) MAKELONG(b,a) #define MakeWord(a,b) MAKEWORD(b,a) DWORD rCRC32(DWORD WXYZ,DWORD ABCD) { BYTE p,o,n,m,a,b,c,d,W,X,Y,Z,A,B,C,D; W=HIBYTE(HIWORD(WXYZ)); X=LOBYTE(HIWORD(WXYZ)); Y=HIBYTE(LOWORD(WXYZ)); Z=LOBYTE(LOWORD(WXYZ)); A=HIBYTE(HIWORD(ABCD)); B=LOBYTE(HIWORD(ABCD)); C=HIBYTE(LOWORD(ABCD)); D=LOBYTE(LOWORD(ABCD)); p=RF(W); o=RF(X^G(p)); n=RF(Y^G(o)^H(p)); m=RF(Z^G(n)^H(o)^I(p)); d=m^D; c=n^C^I(m); b=o^B^H(m)^I(n); a=p^A^G(m)^H(n)^I(o); return MakeLong(MakeWord(a,b),MakeWord(c,d)); } DWORD RCRC32(DWORD WXYZ,DWORD abcd) { BYTE p,o,n,m,a,b,c,d,W,X,Y,Z,A,B,C,D; W=HIBYTE(HIWORD(WXYZ)); X=LOBYTE(HIWORD(WXYZ)); Y=HIBYTE(LOWORD(WXYZ)); Z=LOBYTE(LOWORD(WXYZ)); a=HIBYTE(HIWORD(abcd)); b=LOBYTE(HIWORD(abcd)); c=HIBYTE(LOWORD(abcd)); d=LOBYTE(LOWORD(abcd)); p=RF(W); o=RF(X^G(p)); n=RF(Y^G(o)^H(p)); m=RF(Z^G(n)^H(o)^I(p)); D=m^d; C=n^c^I(m); B=o^b^H(m)^I(n); A=p^a^G(m)^H(n)^I(o); return MakeLong(MakeWord(A,B),MakeWord(C,D)); } DWORD CRC32(DWORD ABCD,DWORD abcd) { BYTE p,o,n,m,a,b,c,d,W,X,Y,Z,A,B,C,D; A=HIBYTE(HIWORD(ABCD)); B=LOBYTE(HIWORD(ABCD)); C=HIBYTE(LOWORD(ABCD)); D=LOBYTE(LOWORD(ABCD)); a=HIBYTE(HIWORD(abcd)); b=LOBYTE(HIWORD(abcd)); c=HIBYTE(LOWORD(abcd)); d=LOBYTE(LOWORD(abcd)); m=d^D; n=c^C^I(m); o=b^B^H(m)^I(n); p=a^A^G(m)^H(n)^I(o); W=F(p); X=F(o)^G(p); Y=F(n)^G(o)^H(p); Z=F(m)^G(n)^H(o)^I(p); return MakeLong(MakeWord(W,X),MakeWord(Y,Z)); } ??????????????¡Â????,??????????????????,??CRC32§¹??,???????ABCD ???????????<1><2>????abcd,??abcd?????????????????????????! ????,"DonQuixote[CCG][iPB]"??????????CRC32??0x8A0C90C9,??????¦Ä??????????????????: int main(int argc, char* argv[]) { DWORD x=rCRC32(~0x8A0C90C9,~CRC((BYTE*)"ipb",3)); char str[5]; memcpy(str,&x,4); str[4]=0; printf("x=%X\r\nstring=%s\r\n",x,str); return 0; } ????????§»???: DonQuixote[CCG][iPB] 123?Dp0 ccg_G?? ipbkw?? ?????????????CRC32§¹???=0x8A0C90C9 (????§Ú???????????????,?????http://www.pediy.com/tools/Crypt ... N%20Hash%20Calculat or%20.zip) ??????????????????????DWORD,????????????????§Þ????¦Ë???DWORD,???????????? ??????WXYZ,abcd?????ABCD???????: ------------------------- (mnop??????~<1>~<2>???) ~<2'> D=m^d; C=n^c^I(m); B=o^b^H(m)^I(n); A=p^a^G(m)^H(n)^I(o); ------------------------- ????????????????"§¹??"???,?????§Þ????¦Ë???????????? ****************************************************************************************8 ?????????§»???: ??????????????????????anti-debug??,?????§¹?úY???????????§¹??????? ???????~<2'>??~<2>????????§¹?????????,?????????????:CRC(***A***)=A ????windows??????????CRC32§¹???,?????????§Õ??????????????????????§¹????????????? ??????????????RootKit?????????,?????????????????? ???TCP/IP??????????CRC32§¹??,??????????§Õ?????????????????????????§¹?????? [ Last edited by sdlj8051 on 2006-10-6 at 12:34 ] |
»Ø¸´´ËÂ¥» ²ÂÄãϲ»¶
291Çóµ÷¼Á
ÒѾÓÐ7È˻ظ´
-
300Çóµ÷¼Á
ÒѾÓÐ8È˻ظ´
-
Çóµ÷¼ÁÍƼö
ÒѾÓÐ7È˻ظ´
-
289 ·Ö105500ҩѧר˶Çóµ÷¼Á(ÕÒBÇøѧУ)
ÒѾÓÐ4È˻ظ´
-
0854Çóµ÷¼Á
ÒѾÓÐ13È˻ظ´
-
³õÊÔ324 ÖÐҩѧ Ò»Ö¾Ô¸ÌìÖÐÒ½ Çóµ÷¼Á
ÒѾÓÐ3È˻ظ´
-
ҩѧÇóµ÷¼Á
ÒѾÓÐ14È˻ظ´
-
327Çóµ÷¼Á
ÒѾÓÐ27È˻ظ´
-
¼±Ðèµ÷¼Á
ÒѾÓÐ5È˻ظ´
-
271Çóµ÷¼Á
ÒѾÓÐ33È˻ظ´
sdlj8051
½ð³æ (ÖøÃûдÊÖ)
- Ó¦Öú: 0 (Ó׶ùÔ°)
- ¹ó±ö: 0.1
- ½ð±Ò: 1149.8
- ºì»¨: 3
- Ìû×Ó: 2254
- ÔÚÏß: 18.1Сʱ
- ³æºÅ: 71297
- ×¢²á: 2005-05-30
- רҵ: µç·Óëϵͳ
|
ÀûÓ÷´ÏòЧÑéдÁËÒ»¸öanti-debugµÄÀý×Ó£¬È«²¿´úÂëºÍÊý¾ÝÒ»ÆðЧÑ飬ȻºóÀûÓÃЧÑéÖµ½âÃÜ£¬µ±È»Ð§ÑéÖµÊÇÊÂÏÈÏëºÃµÄ£¬Õâ¸öÀý×ÓÀïЧÑéÖµ=0x123456789 ¼ÓÃÜÇ°µÄ´úÂ룺 .code check_start: start: mov esi,check_start call InitCRC32 mov ecx,check_end-check_start mov eax,0FFFFFFFFh call CRC32 mov ecx,(encrypt_end-encrypt_start) shr ecx,2 mov esi,encrypt_start decrypt: push eax push ecx mov ecx,4 call CRC32 mov [esi-4],eax pop ecx pop eax inc eax loop decrypt encrypt_start: jmp msgout msg db "this debugme cracked by none!",0,0,0,0,0,0,0,0,0 tmsg db "test CRC32 by DonQuixote[CCG][iPB]",0 msgout: invoke MessageBox,NULL,offset msg,offset tmsg,MB_OK invoke ExitProcess,NULL encrypt_end: InitCRC32: mov ecx, 256 _nexttable: lea eax, [ecx-1] push ecx mov ecx, 8 _nextbit: shr eax,1 jnc _notcarry xor eax, 0edb88320h _notcarry: dec ecx jnz _nextbit pop ecx mov [dwcrc32table + ecx*4 - 4], eax dec ecx jnz _nexttable ret CRC32: ;esi=data ;ecx=len of data ;eax=init of checksum or esi, esi jz _done or ecx, ecx jz _done _nextbyte: mov dl, [esi] xor dl, al movzx edx, dl shr eax, 8 xor eax, [dwcrc32table + edx*4] inc esi call antibp loop _nextbyte _done: not eax ret antibp: push seh push fs:[0] mov fs:[0],esp db 0CCh pop fs:[0] add esp,4 ret seh: mov eax,dword ptr ss:[esp+4h] mov ecx,dword ptr ss:[esp+0Ch] inc dword ptr ds:[ecx+0B8h] mov eax,dword ptr ds:[eax] xor eax,80000003h jnz start ;xor eax,eax and dword ptr ds:[ecx+4h],eax and dword ptr ds:[ecx+8h],eax and dword ptr ds:[ecx+0Ch],eax and dword ptr ds:[ecx+10h],eax and dword ptr ds:[ecx+14h],0FFFF0FF0h and dword ptr ds:[ecx+18h],0DC00h ret check_end: end start ¶ÔÓ²¼þ¶Ïµã×öÁËÒ»µã´¦Àí£¬¼ÓÃÜËã·¨ÈÔÈ»ÊÇCRC32 ÒòΪÓÃCRC32ЧÑéÒ»¸öDWORDʱ£¬ÖªµÀ ЧÑéÊý¾Ý ЧÑé³õÖµ ЧÑéÖµ 3¸öÖеÄ2¸ö¾Í¿ÉÒÔÇóÁíÍâÒ»¸ö CRC32:ÊÇCRC32ЧÑ飬eaxÖ¸¶¨Ð§Ñé³õÖµ(eax=0xFFFFFFFF¾ÍÊDZê×¼CRC32) ¼ÓÃÜʱµÄËã·¨£º #define LEN 0x141 BYTE data[LEN]; DWORD wantedcrc=0x12345678; DWORD filebase=0x400; int fixfile() { FILE*fh=fopen("E:\\Crack\\CRC32\\anti.exe","r+"  ;fseek(fh,filebase,SEEK_SET); fread(data,1,LEN,fh); DWORD iendata=0x3A; for(int i=0;i<0x1A;i++) { *(DWORD*)(data+iendata)=rCRC32(~*(DWORD*)(data+iendata),(wantedcrc+i)); iendata+=4; } DWORD b=~StdCRC(data,0x5D); DWORD a=RevCRC(~wantedcrc,(DWORD*)(data+0x61),(0x141-0x61)/4); *(DWORD*)(data+0x5D)=rCRC32(a,b); fseek(fh,filebase,SEEK_SET); fwrite(data,1,LEN,fh); fclose(fh); return 0; } wantedcrc=0x12345678ÊÇÔ¤ÏÈÉ趨µÄЧÑéÖµ for(int i=0;i<0x1A;i++)²¿·Ö¼ÓÃÜÊý¾Ý RevCRC·´ÏòЧÑ飬ȻºóÔÚ*(DWORD*)(data+0x5D)ÕâÀïpatchÐÞ²¹Â룬ʹЧÑéÖµ=wantedcrc ·´ÏòЧÑéµÄ´úÂ룺 //return init reg DWORD RevCRC(DWORD reg,DWORD*pdata,int n) { for(int i=n-1;i>=0;i--)reg=RCRC32(reg,pdata); return reg; } //¸ù¾ÝÊý¾ÝºÍЧÑéÖµÇó³öЧÑé³õÖµ ÀûÓÃCRC32¼ÓÃܵı任Ҳ¿ÉÒÔÓ¦Óõ½ÐòÁкű任À¿ÉÒÔÔö¼ÓÒ»µãдKeyGenµÄÄѶȣº£© |
2Â¥2006-08-23 18:15:28
