블로그 이미지
ludwings

카테고리

분류 전체보기 (130)
WIN API (22)
워게임 (61)
만든것 (2)
메모 (37)
Total18,086
Today0
Yesterday3

메모

메모 / 2013. 11. 28. 18:12
#include 
#include 

//*


unsigned char input[] = 
{
	0x01, 0x20, 0x20, 0x20, 0x20, 0x20, 0x47, 0x46, 0x28, 0x32, 0x5E, 0x36, 0x34, 0x29, 0x5B, 0x58, 
	0x01, 0x2F, 0x28, 0x78, 0x5E, 0x36, 0x34, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x36, 0x32, 0x20, 0x2B,
	0x39, 0x46, 0xF7, 0x28, 0xA3, 0x16, 0xBB, 0x66, 0x78, 0x5E, 0x35, 0x35, 0x20, 0x2B, 0x20, 0x78, 
	0x01, 0x35, 0x34, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x35, 0x33, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x35,
	0x01, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x34, 0x37, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x34, 0x36, 0x20,
	0x01, 0x20, 0x78, 0x5E, 0x34, 0x35, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x34, 0x30, 0x20, 0x2B, 0x20,
	0x01, 0x5E, 0x33, 0x39, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x33, 0x38, 0x20, 0x2B, 0x20, 0x78, 0x5E,
	0x01, 0x37, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x33, 0x35, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x33, 0x33,
	0x20, 0x2B, 0x20, 0x78, 0x5E, 0x33, 0x32, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x33, 0x31, 0x20, 0x2B, 
	0x20, 0x78, 0x5E, 0x32, 0x39, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x32, 0x37, 0x20, 0x2B, 0x20, 0x78,
	0x5E, 0x32, 0x34, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x32, 0x33, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x32,
	0x32, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x32, 0x31, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x31, 0x39, 0x20,
	0x2B, 0x20, 0x78, 0x5E, 0x31, 0x37, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x31, 0x33, 0x20, 0x2B, 0x20,
	0x78, 0x5E, 0x31, 0x32, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x31, 0x30, 0x20, 0x2B, 0x20, 0x78, 0x5E,
	0x39, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x37, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x34, 0x20, 0x2B, 0x20,
	0x78, 0x5E, 0x31, 0x20, 0x2B, 0x20, 0x31, 0x29, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x00
};


unsigned int arr[] =
{
	0x00000000, 0x00000000, 0x03A75F6F, 0xB32E4CBE, 0xA840A05B, 0xF4843657, 0xABE7FF34, 0x47AA7AE9,
	0xFF8F5E33, 0x7BD0C384, 0xFC28015C, 0xC8FE8F3A, 0x57CFFE68, 0x8F54F5D3, 0x5468A107, 0x3C7AB96D,
	0xFF1EBC66, 0xF7A18709, 0xFCB9E309, 0x448FCBB7, 0x575E1C3D, 0x0325B15E, 0x54F94352, 0xB00BFDE0,
	0x0091E255, 0x8C71448D, 0x0336BD3A, 0x3F5F0833, 0xA8D1420E, 0x78F572DA, 0xAB761D61, 0xCBDB3E64,
	0x51336649, 0x7D9BA138, 0x52943926, 0xCEB5ED86, 0xF973C612, 0x891F976F, 0xFAD4997D, 0x3A31DBD1,
	0xAEBC387A, 0x064B62BC, 0xAD1B6715, 0xB5652E02, 0x06FC9821, 0xF2CF54EB, 0x055BC74E, 0x41E11855,
	0xAE2DDA2F, 0x8A3A2631, 0xAD8A8540, 0x39146A8F, 0x066D7A74, 0x7EBE1066, 0x05CA251B, 0xCD905CD8,
	0x51A2841C, 0xF1EAE5B5, 0x5205DB73, 0x42C4A90B, 0xF9E22447, 0x056ED3E2, 0xFA457B28, 0xB6409F5C,
	0xA266CC92, 0xFB374270, 0xA1C193FD, 0x48190ECE, 0x0A266CC9, 0x0FB37427, 0x098133A6, 0xBC9D3899,
	0x5DE992A1, 0x80E781F4, 0x5E4ECDCE, 0x33C9CD4A, 0xF5A932FA, 0x7463B7A3, 0xF60E6D95, 0xC74DFB1D,
	0x5D7870F4, 0x0C96C579, 0x5EDF2F9B, 0xBFB889C7, 0xF538D0AF, 0xF812F32E, 0xF69F8FC0, 0x4B3CBF90,
	0xA2F72EC7, 0x774606FD, 0xA15071A8, 0xC4684A43, 0x0AB78E9C, 0x83C230AA, 0x0910D1F3, 0x30EC7C14,
	0xF355AADB, 0x86ACE348, 0xF0F2F5B4, 0x3582AFF6, 0x5B150A80, 0x7228D51F, 0x58B255EF, 0xC10699A1,
	0x0CDAF4E8, 0xFD7C20CC, 0x0F7DAB87, 0x4E526C72, 0xA49A54B3, 0x09F8169B, 0xA73D0BDC, 0xBAD65A25,
	0x0C4B16BD, 0x710D6441, 0x0FEC49D2, 0xC22328FF, 0xA40BB6E6, 0x85895216, 0xA7ACE989, 0x36A71EA8,
	0xF3C4488E, 0x0ADDA7C5, 0xF06317E1, 0xB9F3EB7B, 0x5B84E8D5, 0xFE599192, 0x5823B7BA, 0x4D77DD2C,
	0xEBC387A1, 0x64B62BCA, 0xE864D8CE, 0xD7986774, 0x438327FA, 0x90321D9D, 0x40247895, 0x231C5123,
	0x144CD992, 0x1F66E84E, 0x17EB86FD, 0xAC48A4F0, 0xBC0C79C9, 0xEBE2DE19, 0xBFAB26A6, 0x58CC92A7,
	0x14DD3BC7, 0x9317ACC3, 0x177A64A8, 0x2039E07D, 0xBC9D9B9C, 0x67939A94, 0xBF3AC4F3, 0xD4BDD62A,
	0xEB5265F4, 0xE8C76F47, 0xE8F53A9B, 0x5BE923F9, 0x4312C5AF, 0x1C435910, 0x40B59AC0, 0xAF6D15AE,
	0xBAF0E1E8, 0x192D8AF2, 0xB957BE87, 0xAA03C64C, 0x12B041B3, 0xEDA9BCA5, 0x11171EDC, 0x5E87F01B,
	0x457FBFDB, 0x62FD4976, 0x46D8E0B4, 0xD1D305C8, 0xED3F1F80, 0x96797F21, 0xEE9840EF, 0x2557339F,
	0x45EE5D8E, 0xEE8C0DFB, 0x464902E1, 0x5DA24145, 0xEDAEFDD5, 0x1A083BAC, 0xEE09A2BA, 0xA9267712,
	0xBA6103BD, 0x955CCE7F, 0xB9C65CD2, 0x267282C1, 0x1221A3E6, 0x61D8F828, 0x1186FC89, 0xD2F6B496,
	0x49A54B33, 0x9F8169BA, 0x4A02145C, 0x2CAF2504, 0xE1E5EB68, 0x6B055FED, 0xE242B407, 0xD82B1353,
	0xB62A1500, 0xE451AA3E, 0xB58D4A6F, 0x577FE680, 0x1E6AB55B, 0x10D59C69, 0x1DCDEA34, 0xA3FBD0D7,
	0xB6BBF755, 0x6820EEB3, 0xB51CA83A, 0xDB0EA20D, 0x1EFB570E, 0x9CA4D8E4, 0x1D5C0861, 0x2F8A945A,
	0x4934A966, 0x13F02D37, 0x4A93F609, 0xA0DE6189, 0xE174093D, 0xE7741B60, 0xE2D35652, 0x545A57DE,
	0x18962D7A, 0xE21AC882, 0x1B317215, 0x5134843C, 0xB0D68D21, 0x169EFED5, 0xB371D24E, 0xA5B0B26B,
	0xE7197349, 0x99CA0B06, 0xE4BE2C26, 0x2AE447B8, 0x4F59D312, 0x6D4E3D51, 0x4CFE8C7D, 0xDE6071EF,
	0xE788911C, 0x15BB4F8B, 0xE42FCE73, 0xA6950335, 0x4FC83147, 0xE13F79DC, 0x4C6F6E28, 0x52113562,
	0x1807CF2F, 0x6E6B8C0F, 0x1BA09040, 0xDD45C0B1, 0xB0476F74, 0x9AEFBA58, 0xB3E0301B, 0x29C1F6E6,
	0xD7870F42, 0xC96C5795, 0xD420502D, 0x7A421B2B, 0x7FC7AF19, 0x3DE861C2, 0x7C60F076, 0x8EC62D7C,
	0x28085171, 0xB2BC9411, 0x2BAF0E1E, 0x0192D8AF, 0x8048F12A, 0x4638A246, 0x83EFAE45, 0xF516EEF8,
	0x2899B324, 0x3ECDD09C, 0x2B3EEC4B, 0x8DE39C22, 0x80D9137F, 0xCA49E6CB, 0x837E4C10, 0x7967AA75,
	0xD716ED17, 0x451D1318, 0xD4B1B278, 0xF6335FA6, 0x7F564D4C, 0xB199254F, 0x7CF11223, 0x02B769F1,
	0x86B4690B, 0xB4F7F6AD, 0x85133664, 0x07D9BA13, 0x2EF4C950, 0x4073C0FA, 0x2D53963F, 0xF35D8C44,
	0x793B3738, 0xCF273529, 0x7A9C6857, 0x7C097997, 0xD17B9763, 0x3BA3037E, 0xD2DCC80C, 0x888D4FC0,
	0x79AAD56D, 0x435671A4, 0x7A0D8A02, 0xF0783D1A, 0xD1EA7536, 0xB7D247F3, 0xD24D2A59, 0x04FC0B4D,
	0x86258B5E, 0x3886B220, 0x8582D431, 0x8BA8FE9E, 0x2E652B05, 0xCC028477, 0x2DC2746A, 0x7F2CC8C9,
	0x75E1C3D0, 0x325B15E5, 0x76469CBF, 0x8175595B, 0xDDA1638B, 0xC6DF23B2, 0xDE063CE4, 0x75F16F0C,
	0x8A6E9DE3, 0x498BD661, 0x89C9C28C, 0xFAA59ADF, 0x222E3DB8, 0xBD0FE036, 0x218962D7, 0x0E21AC88,
	0x8AFF7FB6, 0xC5FA92EC, 0x895820D9, 0x76D4DE52, 0x22BFDFED, 0x317EA4BB, 0x21188082, 0x8250E805,
	0x75702185, 0xBE2A5168, 0x76D77EEA, 0x0D041DD6, 0xDD3081DE, 0x4AAE673F, 0xDE97DEB1, 0xF9802B81,
	0x24D2A599, 0x4FC0B4DD, 0x2775FAF6, 0xFCEEF863, 0x8C9205C2, 0xBB44828A, 0x8F355AAD, 0x086ACE34,
	0xDB5DFBAA, 0x34107759, 0xD8FAA4C5, 0x873E3BE7, 0x731D5BF1, 0xC094410E, 0x70BA049E, 0x73BA0DB0,
	0xDBCC19FF, 0xB86133D4, 0xD86B4690, 0x0B4F7F6A, 0x738CB9A4, 0x4CE50583, 0x702BE6CB, 0xFFCB493D,
	0x244347CC, 0xC3B1F050, 0x27E418A3, 0x709FBCEE, 0x8C03E797, 0x3735C607, 0x8FA4B8F8, 0x841B8AB9,
	0x3C4488E3, 0xADDA7C5F, 0x3FE3D78C, 0x1EF430E1, 0x940428B8, 0x595E4A08, 0x97A377D7, 0xEA7006B6,
	0xC3CBD6D0, 0xD60ABFDB, 0xC06C89BF, 0x6524F365, 0x6B8B768B, 0x228E898C, 0x682C29E4, 0x91A0C532,
	0xC35A3485, 0x5A7BFB56, 0xC0FD6BEA, 0xE955B7E8, 0x6B1A94DE, 0xAEFFCD01, 0x68BDCBB1, 0x1DD181BF,
	0x3CD56AB6, 0x21AB38D2, 0x3F7235D9, 0x9285746C, 0x9495CAED, 0xD52F0E85, 0x97329582, 0x6601423B,
	0x6D77EEAA, 0xD041DD67, 0x6ED0B1C5, 0x636F91D9, 0xC5374EF1, 0x24C5EB30, 0xC690119E, 0x97EBA78E,
	0x92F8B099, 0xAB911EE3, 0x915FEFF6, 0x18BF525D, 0x3AB810C2, 0x5F1528B4, 0x391F4FAD, 0xEC3B640A,
	0x926952CC, 0x27E05A6E, 0x91CE0DA3, 0x94CE16D0, 0x3A29F297, 0xD3646C39, 0x398EADF8, 0x604A2087,
	0x6DE60CFF, 0x5C3099EA, 0x6E415390, 0xEF1ED554, 0xC5A6ACA4, 0xA8B4AFBD, 0xC601F3CB, 0x1B9AE303,
	0x9E224471, 0x56ED3E2F, 0x9D851B1E, 0xE5C37291, 0x3662E42A, 0xA2690878, 0x35C5BB45, 0x114744C6,
	0x61AD1A42, 0x2D3DFDAB, 0x620A452D, 0x9E13B115, 0xC9EDBA19, 0xD9B9CBFC, 0xCA4AE576, 0x6A978742,
	0x613CF817, 0xA14CB926, 0x629BA778, 0x1262F598, 0xC97C584C, 0x55C88F71, 0xCADB0723, 0xE6E6C3CF,
	0x9EB3A624, 0xDA9C7AA2, 0x9D14F94B, 0x69B2361C, 0x36F3067F, 0x2E184CF5, 0x35545910, 0x9D36004B,
	0xCF112238, 0x2B769F17, 0xCCB67D57, 0x9858D3A9, 0x67518263, 0xDFF2A940, 0x64F6DD0C, 0x6CDCE5FE,
	0x309E7C0B, 0x50A65C93, 0x33392364, 0xE388102D, 0x98DEDC50, 0xA4226AC4, 0x9B79833F, 0x170C267A,
	0x300F9E5E, 0xDCD7181E, 0x33A8C131, 0x6FF954A0, 0x984F3E05, 0x28532E49, 0x9BE8616A, 0x9B7D62F7,
	0xCF80C06D, 0xA707DB9A, 0xCC279F02, 0x14299724, 0x67C06036, 0x5383EDCD, 0x64673F59, 0xE0ADA173
}; // len == 512


//EAX = 0x72706163
//EDX = 0x69636369


//*/

const unsigned int CMP_EAX = 0x72706163;
const unsigned int CMP_EDX = 0x69636369;

unsigned int head_eax, head_edx;
unsigned int tail_eax, tail_edx;

bool check_crc(unsigned int _eax, unsigned int _edx, int index)
{
	for(int i = index; i < 256; i++)
	{
		int _ecx = input[i];
		int _edi = _eax & 0x000000ff;
		_edi = _ecx^_edi;

		__asm
		{
			mov eax, _eax
			mov edx, _edx
			shrd eax, edx, 8
			mov _eax, eax
		}

		_eax = _eax^arr[_edi*2];


		_edx = _edx>>8;
		_edx = _edx^arr[_edi*2+1];
	}

	if(_eax == CMP_EAX && _edx == CMP_EDX)
		return true;
	return false;
}

void check_AL(int index)
{
	int input;
	printf("index = 0x%02X\n", index);

	for(int al = 0 ; al < 0xff ; al++)
	{
		input = index^al;

		if(input >='a'&&input<='z'||
			input>='A'&&input<='Z'||
			input>='0'&&input<='9')
		{
			printf("al=0x%02X, input = %c(0x%02X)\n",  al, input,input);
		}
	}
}

int find_input(unsigned int eax, unsigned int edx, int index)
{
	eax = 0xF491315C;
	edx = 0xE5898627;

	// index of input
	index = 112;


	unsigned int tmp_edx = edx&0x00ffffff;

	for(int j = 0 ; j < 0x100 ; j++)
	{
		if(!(j >='a'&&j<='z'||
			j>='A'&&j<='Z'||
			j>='0'&&j<='9'))
		{
			continue;
		}

		input[index]=j;

		for(unsigned int i = 0x00000000 ; i <0xff000000 ; i += 0x01000000)
		{
			if(check_crc(eax, tmp_edx^i, index-7))
			{
				printf("있긴있냐?\n");
				printf("0x%08X, 0x%08X, %c\n",eax, tmp_edx^i, j);
				break;
			}
		}


	}
	

	return 0;
}

int main()
{
	int index = 0;

	tail_eax = CMP_EAX;
	tail_edx = CMP_EDX;
	/*
	1. edx를 이용해 index 를 알아낸다.
	2. index를 알아내서 edx 와 eax 를 그 index에 맞는 값과 xor
	3. edx를 << 2 eax 에서 앞 2자리 얻어옴. 이러면 head eax 완성이다.
	4. eax 뒤에 2자리는 index = 한글자 읽어온값 xor 이전의 AL 이니까
	   AL = 한글자 xor index 와 같다. 이렇게해서 추가해주면 head eax 완성이고.
	5. head eax, head edx 를 tail로 바꾸어서 반복해준다.
	*/

	// edx 를 찾아야지. 홀수와 짝수..

	find_input(0,0,0);


	for(int j = 255 ; j >= 0 ; j -- )
	{

		unsigned int ch = input[j];

		unsigned int tmp_edx = tail_edx;
		tmp_edx = tmp_edx&0xff000000;

		index = -1;

		for(int i = 0 ; i < 512 ; i += 2)
		{
			unsigned int tmp_arr = arr[i+1];
			tmp_arr = tmp_arr&0xff000000;
			
			if(tmp_arr == tmp_edx) // 앞에 두자리가 같잖아.. //찾은거야 
			{
				index = i/2; // i, i+1 로 사용

				tail_eax = tail_eax^arr[index*2];
				tail_edx = tail_edx^arr[index*2+1];

				break;
			}
		}

		if(index == -1 )
		{
			printf("arr index 검색 실패 ..\n");
			return 0;
		}
		__asm
		{
			push eax
			push edx

			mov eax, tail_eax
			mov edx, tail_edx

			shld edx, eax, 8
			shl eax, 8

			mov tail_eax, eax
			mov tail_edx, edx

			pop eax
			pop edx
		}
		unsigned int AL = ch^index;

		tail_eax = tail_eax^AL;

		if(ch==0x01)
		{
			printf("여기서 그거문자열ㄷ잇어야하는뎁?\n");
			getchar();
			check_AL(index);
			getchar();
		}

		if(check_crc(tail_eax,  tail_edx, j))
			printf("[string index = %d, %02X] EAX = 0x%08X\tEDX = 0x%08X\n", j, input[j], tail_eax, tail_edx);
		else
		{
			printf("Crc check 실패 \n");
			break;
		}
		
	}

	return 0;
}

이거 reversing.kr 에서 crc 문제로 있는앤대 code engn 에서 가져왔다더니 advance 17번 이었다 ㅋㅋ 시바.. 똑같은대서 막힌다

'메모' 카테고리의 다른 글

Windbg 사용, 설정  (0) 2013.12.24
JAVA Error occurred during initialization of VM 문제해결  (0) 2013.12.19
메모  (2) 2013.11.28
아나 하이라이터 ㅡㅡ  (0) 2013.11.01
리버싱&해킹공부자료  (1) 2013.10.30
도타2 챔프  (0) 2013.10.28
Posted by ludwings

댓글을 달아 주세요

  1. 2013.12.02 23:19 정연천사  댓글주소  수정/삭제  댓글쓰기

    또똑같은데서막히시는군요..

최근에 달린 댓글

최근에 받은 트랙백

글 보관함