|
|
//发送映射
const BYTE g_SendByteMap[256]=
{
0x70,0x2F,0x40,0x5F,0x44,0x8E,0x6E,0x45,0x7E,0xAB,0x2C,0x1F,0xB4,0xAC,0x9D,0x91,
0x0D,0x36,0x9B,0x0B,0xD4,0xC4,0x39,0x74,0xBF,0x23,0x16,0x14,0x06,0xEB,0x04,0x3E,
0x12,0x5C,0x8B,0xBC,0x61,0x63,0xF6,0xA5,0xE1,0x65,0xD8,0xF5,0x5A,0x07,0xF0,0x13,
0xF2,0x20,0x6B,0x4A,0x24,0x59,0x89,0x64,0xD7,0x42,0x6A,0x5E,0x3D,0x0A,0x77,0xE0,
0x80,0x27,0xB8,0xC5,0x8C,0x0E,0xFA,0x8A,0xD5,0x29,0x56,0x57,0x6C,0x53,0x67,0x41,
0xE8,0x00,0x1A,0xCE,0x86,0x83,0xB0,0x22,0x28,0x4D,0x3F,0x26,0x46,0x4F,0x6F,0x2B,
0x72,0x3A,0xF1,0x8D,0x97,0x95,0x49,0x84,0xE5,0xE3,0x79,0x8F,0x51,0x10,0xA8,0x82,
0xC6,0xDD,0xFF,0xFC,0xE4,0xCF,0xB3,0x09,0x5D,0xEA,0x9C,0x34,0xF9,0x17,0x9F,0xDA,
0x87,0xF8,0x15,0x05,0x3C,0xD3,0xA4,0x85,0x2E,0xFB,0xEE,0x47,0x3B,0xEF,0x37,0x7F,
0x93,0xAF,0x69,0x0C,0x71,0x31,0xDE,0x21,0x75,0xA0,0xAA,0xBA,0x7C,0x38,0x02,0xB7,
0x81,0x01,0xFD,0xE7,0x1D,0xCC,0xCD,0xBD,0x1B,0x7A,0x2A,0xAD,0x66,0xBE,0x55,0x33,
0x03,0xDB,0x88,0xB2,0x1E,0x4E,0xB9,0xE6,0xC2,0xF7,0xCB,0x7D,0xC9,0x62,0xC3,0xA6,
0xDC,0xA7,0x50,0xB5,0x4B,0x94,0xC0,0x92,0x4C,0x11,0x5B,0x78,0xD9,0xB1,0xED,0x19,
0xE9,0xA1,0x1C,0xB6,0x32,0x99,0xA3,0x76,0x9E,0x7B,0x6D,0x9A,0x30,0xD6,0xA9,0x25,
0xC7,0xAE,0x96,0x35,0xD0,0xBB,0xD2,0xC8,0xA2,0x08,0xF3,0xD1,0x73,0xF4,0x48,0x2D,
0x90,0xCA,0xE2,0x58,0xC1,0x18,0x52,0xFE,0xDF,0x68,0x98,0x54,0xEC,0x60,0x43,0x0F
};
//接收映射
const BYTE g_RecvByteMap[256]=
{
0x51,0xA1,0x9E,0xB0,0x1E,0x83,0x1C,0x2D,0xE9,0x77,0x3D,0x13,0x93,0x10,0x45,0xFF,
0x6D,0xC9,0x20,0x2F,0x1B,0x82,0x1A,0x7D,0xF5,0xCF,0x52,0xA8,0xD2,0xA4,0xB4,0x0B,
0x31,0x97,0x57,0x19,0x34,0xDF,0x5B,0x41,0x58,0x49,0xAA,0x5F,0x0A,0xEF,0x88,0x01,
0xDC,0x95,0xD4,0xAF,0x7B,0xE3,0x11,0x8E,0x9D,0x16,0x61,0x8C,0x84,0x3C,0x1F,0x5A,
0x02,0x4F,0x39,0xFE,0x04,0x07,0x5C,0x8B,0xEE,0x66,0x33,0xC4,0xC8,0x59,0xB5,0x5D,
0xC2,0x6C,0xF6,0x4D,0xFB,0xAE,0x4A,0x4B,0xF3,0x35,0x2C,0xCA,0x21,0x78,0x3B,0x03,
0xFD,0x24,0xBD,0x25,0x37,0x29,0xAC,0x4E,0xF9,0x92,0x3A,0x32,0x4C,0xDA,0x06,0x5E,
0x00,0x94,0x60,0xEC,0x17,0x98,0xD7,0x3E,0xCB,0x6A,0xA9,0xD9,0x9C,0xBB,0x08,0x8F,
0x40,0xA0,0x6F,0x55,0x67,0x87,0x54,0x80,0xB2,0x36,0x47,0x22,0x44,0x63,0x05,0x6B,
0xF0,0x0F,0xC7,0x90,0xC5,0x65,0xE2,0x64,0xFA,0xD5,0xDB,0x12,0x7A,0x0E,0xD8,0x7E,
0x99,0xD1,0xE8,0xD6,0x86,0x27,0xBF,0xC1,0x6E,0xDE,0x9A,0x09,0x0D,0xAB,0xE1,0x91,
0x56,0xCD,0xB3,0x76,0x0C,0xC3,0xD3,0x9F,0x42,0xB6,0x9B,0xE5,0x23,0xA7,0xAD,0x18,
0xC6,0xF4,0xB8,0xBE,0x15,0x43,0x70,0xE0,0xE7,0xBC,0xF1,0xBA,0xA5,0xA6,0x53,0x75,
0xE4,0xEB,0xE6,0x85,0x14,0x48,0xDD,0x38,0x2A,0xCC,0x7F,0xB1,0xC0,0x71,0x96,0xF8,
0x3F,0x28,0xF2,0x69,0x74,0x68,0xB7,0xA3,0x50,0xD0,0x79,0x1D,0xFC,0xCE,0x8A,0x8D,
0x2E,0x62,0x30,0xEA,0xED,0x2B,0x26,0xB9,0x81,0x7C,0x46,0x89,0x73,0xA2,0xF7,0x72
};
// MapSend
desData = g_SendByteMap[(BYTE)(srcData+m_cbSendRound)];
m_cbSendRound += 3;
// MapRecv
desData = g_RecvByteMap[cbData] - m_cbRecvRound;
m_cbRecvRound += 3;
映射加密原理分析:
约定srcData表示准备加密的数据desData表示加密后的数据,sendMap表示发送Map,recvMap表示接收Map;
就以上代码中恒有:
推导:
[size=13.333333969116211px]if desData == sendMap[srcData + offset]
[size=13.333333969116211px]then srcData == recvMap[desData] - offset
[size=13.333333969116211px]这个公式可以自己取一个[0, 255]之间的值,带到上面两个map中去算,,,
分析:
BYTE可能的值是0到255,正好是map的索引。
sendMap提供把实际值变成recvMap的索引的能力。
recvMap提供把recvMap索引还原成真实值的能力。
offset的引入是为了加强破解难度,唯一可能疑惑的问题是BYTE溢出,这个可以参考计算机组成原理前几章。
我们可以这样山寨:
[size=13.333333969116211px][size=13.333333969116211px]class CSendMapper;
[size=13.333333969116211px]class CRecvMapper;
[size=13.333333969116211px]很显然sendMap是和CSendMapper类紧耦合的,recvMapper和CRecvMapper类紧耦合
所以:
[size=13.333333969116211px][size=13.333333969116211px]class CSendMapper
[size=13.333333969116211px] ;
[size=13.333333969116211px]class CRecvMapper
[size=13.333333969116211px] static const BYTE[256] ms_recvMap;
[size=13.333333969116211px]接下来是offset,在网狐的代码中每次都有如下操作:m_cbSendRound += 3;
所以offset是和Mapper对象耦合的,同时也是上下文相关的,这样也倒置mapper是上下文相关的。
[size=13.333333969116211px][size=13.333333969116211px]class CSendMapper
[size=13.333333969116211px] static const BYTE[256] ms_sendMap;
[size=13.333333969116211px] ;
[size=13.333333969116211px]class CRecvMapper
[size=13.333333969116211px] static const BYTE[256] ms_recvMap;
[size=13.333333969116211px] BYTE m_btOffset;
[size=13.333333969116211px]
这样,只要是offset匹配的recv和send协作就能实现数据加解映射了,,,
最后的测试代码如下(MAP函数被实现的时候改了,返回值的做法写起来是方便了,但是优化的时候比较麻烦):
[size=13.333333969116211px][size=13.333333969116211px]nf6602::CSendMapper sendMapper;
[size=13.333333969116211px]_el::TBYTE btTem = 0;
[size=13.333333969116211px]sendMapper.SendMap(0, btTem);
[size=13.333333969116211px]if (0x70 != btTem)
[size=13.333333969116211px]{
[size=13.333333969116211px] std::cout << "sendMapper.SendMap faild!" << std::endl;
[size=13.333333969116211px]}
[size=13.333333969116211px]nf6602::CRecvMapper recvMapper;
[size=13.333333969116211px]btTem = 0;
[size=13.333333969116211px]recvMapper.RecvMap(0, btTem);
[size=13.333333969116211px]if (0x51 != btTem)
[size=13.333333969116211px]{
[size=13.333333969116211px] std::cout << "recvMapper.RecvMap faild!" << std::endl;
[size=13.333333969116211px]}
[size=13.333333969116211px]//if desData == sendMap[srcData]
[size=13.333333969116211px]//then srcData == recvMap[desData]
[size=13.333333969116211px]for (int i = 0; i < _EL_MAX_TBYTE*10; i++)
[size=13.333333969116211px]{
[size=13.333333969116211px] _el::TBYTE btSrcData = i;
[size=13.333333969116211px] _el::TBYTE btDesData = 0;
[size=13.333333969116211px] sendMapper.SendMap(btSrcData, btTem);
[size=13.333333969116211px] recvMapper.RecvMap(btTem, btDesData);
[size=13.333333969116211px] if (btSrcData != btDesData)
[size=13.333333969116211px] {
[size=13.333333969116211px] std::cout << "if desData == sendMap[srcData] then srcData == recvMap[desData] faild!" << std::endl;
[size=13.333333969116211px] }
[size=13.333333969116211px] else
[size=13.333333969116211px] {
[size=13.333333969116211px] int j = 0 ;
[size=13.333333969116211px] }
[size=13.333333969116211px]}
|
温馨提示:
1、本站所有信息都来源于互联网有违法信息与本网站立场无关。
2、当有关部门,发现本论坛有违规,违法内容时,可联系站长删除,否则本站不承担任何责任。
3、当政府机关依照法定程序要求披露信息时,论坛均得免责。
4、本帖部分内容转载自其它媒体,但并不代表本站赞同其观点和对其真实性负责
5、如本帖侵犯到任何版权问题,请立即告知本站,本站将及时予与删除并致以最深的歉意
6、如果使用本帖附件,本站程序只提供学习使用,请24小时内删除!使用者搭建运营触犯法律,违法,违规,本站不承担任何责任。
|
发表于 2015-10-5 17:15:30
发表于 2015-10-5 17:16:34
2491572707
