首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
[求助]ida 反编译的一段代码,哪位大神知道md5加密的字符串是什么组合啊
发表于: 2017-3-10 09:28 3256

[求助]ida 反编译的一段代码,哪位大神知道md5加密的字符串是什么组合啊

小老蒋 活跃值
2017-3-10 09:28
3256

int __thiscall sub_10002D80(void *this, int a2)

{

  void *v2; // edi@1

  int v3; // eax@1

  int v4; // ecx@1

  int v5; // ST0C_4@1

  int v6; // ST08_4@1

  int v8; // [sp-Ch] [bp-38h]@1

  int v9; // [sp-8h] [bp-34h]@1

  int v10; // [sp-4h] [bp-30h]@1

  char v11; // [sp+Ch] [bp-20h]@1

  int v12; // [sp+10h] [bp-1Ch]@1

  int *v13; // [sp+14h] [bp-18h]@1

  int v14; // [sp+18h] [bp-14h]@1

  int v15; // [sp+1Ch] [bp-10h]@1

  int v16; // [sp+28h] [bp-4h]@1

  v2 = this;

  v12 = 0;

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v15);

  v16 = 1;

  v10 = sub_100028B0(0);//图片base64

  v3 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v13);

  LOBYTE(v16) = 2;

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=(&v15, v3);

  LOBYTE(v16) = 1;

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v13);

  v9 = *((_DWORD *)v2 + 126);

  v8 = v4;

  v13 = &v8;

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v8);

  sub_10002CF0((int)&v14, (int)&v15, v8);md5加密

  LOBYTE(v16) = 3;

  v13 = &v8;

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v8);

  sub_10002A80((int)&v11, (int)&v14);//随机码base64

  LOBYTE(v16) = 4;

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(a2);

  v5 = *(_DWORD *)(v14 - 12);

  v6 = *(_DWORD *)(v15 - 12);

  v12 = 1;

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::Format(a2, "%08X%08X", v6, v5);

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator+=(a2, &v15);

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator+=(a2, &v14);

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v11);

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v14);

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v15);

  return a2;

}

----------------------------------------------------------------------------------

int __usercall sub_10002CF0@<eax>(int a1@<edi>, int a2, int a3)

{

  int (__stdcall **v4)(char); // [sp+Ch] [bp-4Ch]@1

  int v5; // [sp+1Ch] [bp-3Ch]@1

  char v6; // [sp+20h] [bp-38h]@1

  int v7; // [sp+54h] [bp-4h]@1

  v5 = 0;

  v7 = 0;

  v4 = &off_10082234;

  LOBYTE(v7) = 1;

  sub_10005430((int)&v4, (const char *)a2, a3);

  LOBYTE(v7) = 0;

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(

    a1,

    &v6);

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&a2);

  return a1;

}

int __usercall sub_10002A80@<eax>(int a1@<edi>, int a2)

{

  int v2; // esi@1

  int v3; // eax@1

  int v4; // eax@1

  char v6; // [sp+10h] [bp-4010h]@1

  int v7; // [sp+401Ch] [bp-4h]@1

  v7 = 1;

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(a1);

  memset(&v6, 0, 0x4000u);

  v2 = sub_10007830(dword_1008BFF4) + 1;//random

  v3 = (int)sub_10001F20(a2, 1);

  v4 = sub_100033D0((int)&v6, v3, v2);  base64 加密

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=(a1, v4);

  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&a2);

  return a1;

}



[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (3)
小老蒋
雪    币: 0
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2
char *__userpurge sub_10005430@(char *a1@, int a2@, const char *a3, int a4) { HMODULE v4; // eax@1 HMODULE v5; // ebx@1 unsigned int v7; // [sp+Ch] [bp-7Ch]@1 char *v8; // [sp+10h] [bp-78h]@1 char v9; // [sp+18h] [bp-70h]@2 int v10; // [sp+20h] [bp-68h]@3 char v11; // [sp+70h] [bp-18h]@5 v8 = a1; v7 = strlen(a3); v4 = LoadLibraryA("advapi32.dll"); v5 = v4; if ( v4 ) { *(_DWORD *)(a2 + 4) = GetProcAddress(v4, "MD5Init"); *(_DWORD *)(a2 + 8) = GetProcAddress(v5, "MD5Update"); *(_DWORD *)(a2 + 12) = GetProcAddress(v5, "MD5Final"); (*(void (__stdcall **)(char *))(a2 + 4))(&v9); if ( a4 >= 0 ) v10 = a4; (*(void (__stdcall **)(char *, const char *, unsigned int))(a2 + 8))(&v9, a3, v7); (*(void (__stdcall **)(char *))(a2 + 12))(&v9); } return sub_10005340((int)&v11, v8); }
2017-3-10 09:31
0
小老蒋
雪    币: 0
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
这是md5加密的代码
2017-3-10 09:32
0
MOVESP
雪    币: 44
活跃值: (32)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
好像是几组1~F之间四位数的升序降序排列组合?还有两组其它的?
2017-3-10 21:15
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回