CRC32算法逆向分析 秒破解 1-6 文明(全覆盖) 具体实现思路加程序c#
- 关注
CRC32算法逆向分析 秒破解 1-6 文明(全覆盖) 具体实现思路加程序c#
前言
因为我目前的工作就是审计查看各种代码,再加上多年的开发习惯,所以遇到感兴趣的源码总会多看几眼。经过了几个小时的整理,终于把程序做出来,效果也是比较符合我的预期的。但是因为时间太仓促了,所以代码也是没有做什么美化,完全是随着我的思路一路飘出来的,话不多说先上图看一下效果_。
计算3字节明文时间:
计算4字节明文时间:
计算5字节铭文时间:
计算6字节明文时间:
7字节的虽然没什么意义 但是我依旧写了:
因为从6字节开始可得到相同crc的可能性就变大了:
所以增加明文字符表的选项 用作筛选:
下面我会详细讲解我的实现思路。
一、CRC加密算法
首先我们先拿一段查表法的crc32加密代码做一下分析
其中比较核心的就是生成表 与计算两个位置
生成码表:(其中的决定因素是)0xedb88320)
计算CRC32
看完这两个核心的点之后 ,基本上代码逻辑我们就很清楚了,初始crc为0xFFFFFFFF。
0、输入的内容首先 异或(^)0xFFFFFFFF。
1、遍历待加密的每一个字节。
2、将遍历到的字节与上一个crc值 异或^。
3、将异或后的值 与& 0xFF 取8 位 。
4、将上边得的值用作角标 在码表内寻找值。
5、将找到的值与 前一个 crc右移8后的 值进行异或得到。
6、最后将输出的值与 0xFFFFFFFF做异或。
二、分析加密算法 反推算法
任意输入字符串 X0, X1, X2, X3, X4…Xn,
都有 CRC32(Xn) ^ 0xFFFFFFFF=(CRC32(Xn-1) >>8 ) ^ crc32[CRC32(Xn-1) &0xff ^ Xn] n>1
接下来我们看一下都有什么操作
异或(^) 这个无关紧要 毕竟是可逆的
右移(>>) 这个会损失 0x12345678 >>8 = 》 0x123456
与(&) 别的代码内可能有影响 但是这里没有什么影响 0x12345678 &0xFF=》0x78
到这里基本上我们就很清楚代码为什么说很难反推了…
因为其中有 右移 操作 >>存在,具体就是每循环一次会舍弃8位,
那么就会在这一级别 增加 0x00 到 0xFF 也就 256 种可能性,那么我么的反推需要计算 256的N次方吗…目前看是的,
但其实实应该是 从 明文长度为4开始 才变成了 256的1次方可能性,明文长度为5时 变为 256的2次方可能性…等等
因为随着分析的深入 我们发现 长度为3字节以内的可能性仅仅为1 也就是说长度为3字节的明文crc32我们是可以直接反推计算的。如何计算呢?
下面就涉及到我们的码表了,首先码表是确定的吗?
是确定的!
那么里面的值重复吗?
不重复!
全篇文字太多 怕大家遗忘我把上面的图引用下来
我们看到加密是通过 下标(上一个 crc值 & 0xFF ^ 当前内容) 来找的 码值,
反推的话 我们就需要根据 码值 来找到对应的 下标。
为了更好理解 我们来拿一个实例解释一下
char 1 的CRC32 值为 0x83DCEFB7
反推的话 首先 0x83DCEFB7 ^ 0xFFFFFFFF =0x7c231048
然后是
value= (value>>8) 异或 …
value >>8 我们知道吗 我们知道一部分 那就是value>> 8 ==0x00???
ok 到这里就不用我再去分析异或的操作了吧~
crc32Table[index] 其实就等与 value ^ 0x00???
起码我们可以知到8位的内容
也就是 0x7c231048 ^ 0x00??? =0x7c???;
然后关键点就来了 我放上一张crc32Table输出的图片
其实根据码表输出函数也可以看出来 ,但是图片更加直观一些,
所有的数据不重复,并且 crcTable[n] >> 24 位 之后 也是不重复的
右移 >>24 0x12345678 >>24 ==>0x12
多么激动!! 我们完全可以制作一张 map 根据我们 仅知道 的 8位来得到 下标 index的值
终于开始写代码了(写代码才是我的强项)我的习惯一般是c# >java >python >c/c++ 所以这套代码还是优先使用c#实现
//首先定义一个类用来存放 稍后获取到的下标 和 码值
public class index_value
{
public int index_ { get; set; }
public ulong value { get; set; }
public index_value(ulong value, int index_)
{
this.index_ = index_;
this.value = value;
}
}
static Hashtable crc32Map = new Hashtable() { };//创建一个hashTable 用来存放
public void GetCRC32Table()
{
ulong Crc;
int i,j;
for (i = 0 ;i < 256 ; i ++ )
{
Crc = ( ulong )i;
for (j = 8 ; j > 0 ; j -- )
{
if ((Crc & 1 ) == 1 )
Crc = (Crc >> 1 ) ^ 0xEDB88320 ;
else
Crc >>= 1 ;
}
crc32Map.Add(Crc >> 24, new index_value(Crc, i)) ;
}
}
如果这个看着不直观 ,下面还有一个直观的
#region 码值
static Hashtable crc32Map = new Hashtable()
{
{0x0,new index_value(0x0,0)},
{0x77,new index_value(0x77073096,1)},
{0xEE,new index_value(0xEE0E612C,2)},
{0x99,new index_value(0x990951BA,3)},
{0x7,new index_value(0x76DC419,4)},
{0x70,new index_value(0x706AF48F,5)},
{0xE9,new index_value(0xE963A535,6)},
{0x9E,new index_value(0x9E6495A3,7)},
{0xE,new index_value(0xEDB8832,8)},
{0x79,new index_value(0x79DCB8A4,9)},
{0xE0,new index_value(0xE0D5E91E,10)},
{0x97,new index_value(0x97D2D988,11)},
{0x9,new index_value(0x9B64C2B,12)},
{0x7E,new index_value(0x7EB17CBD,13)},
{0xE7,new index_value(0xE7B82D07,14)},
{0x90,new index_value(0x90BF1D91,15)},
{0x1D,new index_value(0x1DB71064,16)},
{0x6A,new index_value(0x6AB020F2,17)},
{0xF3,new index_value(0xF3B97148,18)},
{0x84,new index_value(0x84BE41DE,19)},
{0x1A,new index_value(0x1ADAD47D,20)},
{0x6D,new index_value(0x6DDDE4EB,21)},
{0xF4,new index_value(0xF4D4B551,22)},
{0x83,new index_value(0x83D385C7,23)},
{0x13,new index_value(0x136C9856,24)},
{0x64,new index_value(0x646BA8C0,25)},
{0xFD,new index_value(0xFD62F97A,26)},
{0x8A,new index_value(0x8A65C9EC,27)},
{0x14,new index_value(0x14015C4F,28)},
{0x63,new index_value(0x63066CD9,29)},
{0xFA,new index_value(0xFA0F3D63,30)},
{0x8D,new index_value(0x8D080DF5,31)},
{0x3B,new index_value(0x3B6E20C8,32)},
{0x4C,new index_value(0x4C69105E,33)},
{0xD5,new index_value(0xD56041E4,34)},
{0xA2,new index_value(0xA2677172,35)},
{0x3C,new index_value(0x3C03E4D1,36)},
{0x4B,new index_value(0x4B04D447,37)},
{0xD2,new index_value(0xD20D85FD,38)},
{0xA5,new index_value(0xA50AB56B,39)},
{0x35,new index_value(0x35B5A8FA,40)},
{0x42,new index_value(0x42B2986C,41)},
{0xDB,new index_value(0xDBBBC9D6,42)},
{0xAC,new index_value(0xACBCF940,43)},
{0x32,new index_value(0x32D86CE3,44)},
{0x45,new index_value(0x45DF5C75,45)},
{0xDC,new index_value(0xDCD60DCF,46)},
{0xAB,new index_value(0xABD13D59,47)},
{0x26,new index_value(0x26D930AC,48)},
{0x51,new index_value(0x51DE003A,49)},
{0xC8,new index_value(0xC8D75180,50)},
{0xBF,new index_value(0xBFD06116,51)},
{0x21,new index_value(0x21B4F4B5,52)},
{0x56,new index_value(0x56B3C423,53)},
{0xCF,new index_value(0xCFBA9599,54)},
{0xB8,new index_value(0xB8BDA50F,55)},
{0x28,new index_value(0x2802B89E,56)},
{0x5F,new index_value(0x5F058808,57)},
{0xC6,new index_value(0xC60CD9B2,58)},
{0xB1,new index_value(0xB10BE924,59)},
{0x2F,new index_value(0x2F6F7C87,60)},
{0x58,new index_value(0x58684C11,61)},
{0xC1,new index_value(0xC1611DAB,62)},
{0xB6,new index_value(0xB6662D3D,63)},
{0x76,new index_value(0x76DC4190,64)},
{0x1,new index_value(0x1DB7106,65)},
{0x98,new index_value(0x98D220BC,66)},
{0xEF,new index_value(0xEFD5102A,67)},
{0x71,new index_value(0x71B18589,68)},
{0x6,new index_value(0x6B6B51F,69)},
{0x9F,new index_value(0x9FBFE4A5,70)},
{0xE8,new index_value(0xE8B8D433,71)},
{0x78,new index_value(0x7807C9A2,72)},
{0xF,new index_value(0xF00F934,73)},
{0x96,new index_value(0x9609A88E,74)},
{0xE1,new index_value(0xE10E9818,75)},
{0x7F,new index_value(0x7F6A0DBB,76)},
{0x8,new index_value(0x86D3D2D,77)},
{0x91,new index_value(0x91646C97,78)},
{0xE6,new index_value(0xE6635C01,79)},
{0x6B,new index_value(0x6B6B51F4,80)},
{0x1C,new index_value(0x1C6C6162,81)},
{0x85,new index_value(0x856530D8,82)},
{0xF2,new index_value(0xF262004E,83)},
{0x6C,new index_value(0x6C0695ED,84)},
{0x1B,new index_value(0x1B01A57B,85)},
{0x82,new index_value(0x8208F4C1,86)},
{0xF5,new index_value(0xF50FC457,87)},
{0x65,new index_value(0x65B0D9C6,88)},
{0x12,new index_value(0x12B7E950,89)},
{0x8B,new index_value(0x8BBEB8EA,90)},
{0xFC,new index_value(0xFCB9887C,91)},
{0x62,new index_value(0x62DD1DDF,92)},
{0x15,new index_value(0x15DA2D49,93)},
{0x8C,new index_value(0x8CD37CF3,94)},
{0xFB,new index_value(0xFBD44C65,95)},
{0x4D,new index_value(0x4DB26158,96)},
{0x3A,new index_value(0x3AB551CE,97)},
{0xA3,new index_value(0xA3BC0074,98)},
{0xD4,new index_value(0xD4BB30E2,99)},
{0x4A,new index_value(0x4ADFA541,100)},
{0x3D,new index_value(0x3DD895D7,101)},
{0xA4,new index_value(0xA4D1C46D,102)},
{0xD3,new index_value(0xD3D6F4FB,103)},
{0x43,new index_value(0x4369E96A,104)},
{0x34,new index_value(0x346ED9FC,105)},
{0xAD,new index_value(0xAD678846,106)},
{0xDA,new index_value(0xDA60B8D0,107)},
{0x44,new index_value(0x44042D73,108)},
{0x33,new index_value(0x33031DE5,109)},
{0xAA,new index_value(0xAA0A4C5F,110)},
{0xDD,new index_value(0xDD0D7CC9,111)},
{0x50,new index_value(0x5005713C,112)},
{0x27,new index_value(0x270241AA,113)},
{0xBE,new index_value(0xBE0B1010,114)},
{0xC9,new index_value(0xC90C2086,115)},
{0x57,new index_value(0x5768B525,116)},
{0x20,new index_value(0x206F85B3,117)},
{0xB9,new index_value(0xB966D409,118)},
{0xCE,new index_value(0xCE61E49F,119)},
{0x5E,new index_value(0x5EDEF90E,120)},
{0x29,new index_value(0x29D9C998,121)},
{0xB0,new index_value(0xB0D09822,122)},
{0xC7,new index_value(0xC7D7A8B4,123)},
{0x59,new index_value(0x59B33D17,124)},
{0x2E,new index_value(0x2EB40D81,125)},
{0xB7,new index_value(0xB7BD5C3B,126)},
{0xC0,new index_value(0xC0BA6CAD,127)},
{0xED,new index_value(0xEDB88320,128)},
{0x9A,new index_value(0x9ABFB3B6,129)},
{0x3,new index_value(0x3B6E20C,130)},
{0x74,new index_value(0x74B1D29A,131)},
{0xEA,new index_value(0xEAD54739,132)},
{0x9D,new index_value(0x9DD277AF,133)},
{0x4,new index_value(0x4DB2615,134)},
{0x73,new index_value(0x73DC1683,135)},
{0xE3,new index_value(0xE3630B12,136)},
{0x94,new index_value(0x94643B84,137)},
{0xD,new index_value(0xD6D6A3E,138)},
{0x7A,new index_value(0x7A6A5AA8,139)},
{0xE4,new index_value(0xE40ECF0B,140)},
{0x93,new index_value(0x9309FF9D,141)},
{0xA,new index_value(0xA00AE27,142)},
{0x7D,new index_value(0x7D079EB1,143)},
{0xF0,new index_value(0xF00F9344,144)},
{0x87,new index_value(0x8708A3D2,145)},
{0x1E,new index_value(0x1E01F268,146)},
{0x69,new index_value(0x6906C2FE,147)},
{0xF7,new index_value(0xF762575D,148)},
{0x80,new index_value(0x806567CB,149)},
{0x19,new index_value(0x196C3671,150)},
{0x6E,new index_value(0x6E6B06E7,151)},
{0xFE,new index_value(0xFED41B76,152)},
{0x89,new index_value(0x89D32BE0,153)},
{0x10,new index_value(0x10DA7A5A,154)},
{0x67,new index_value(0x67DD4ACC,155)},
{0xF9,new index_value(0xF9B9DF6F,156)},
{0x8E,new index_value(0x8EBEEFF9,157)},
{0x17,new index_value(0x17B7BE43,158)},
{0x60,new index_value(0x60B08ED5,159)},
{0xD6,new index_value(0xD6D6A3E8,160)},
{0xA1,new index_value(0xA1D1937E,161)},
{0x38,new index_value(0x38D8C2C4,162)},
{0x4F,new index_value(0x4FDFF252,163)},
{0xD1,new index_value(0xD1BB67F1,164)},
{0xA6,new index_value(0xA6BC5767,165)},
{0x3F,new index_value(0x3FB506DD,166)},
{0x48,new index_value(0x48B2364B,167)},
{0xD8,new index_value(0xD80D2BDA,168)},
{0xAF,new index_value(0xAF0A1B4C,169)},
{0x36,new index_value(0x36034AF6,170)},
{0x41,new index_value(0x41047A60,171)},
{0xDF,new index_value(0xDF60EFC3,172)},
{0xA8,new index_value(0xA867DF55,173)},
{0x31,new index_value(0x316E8EEF,174)},
{0x46,new index_value(0x4669BE79,175)},
{0xCB,new index_value(0xCB61B38C,176)},
{0xBC,new index_value(0xBC66831A,177)},
{0x25,new index_value(0x256FD2A0,178)},
{0x52,new index_value(0x5268E236,179)},
{0xCC,new index_value(0xCC0C7795,180)},
{0xBB,new index_value(0xBB0B4703,181)},
{0x22,new index_value(0x220216B9,182)},
{0x55,new index_value(0x5505262F,183)},
{0xC5,new index_value(0xC5BA3BBE,184)},
{0xB2,new index_value(0xB2BD0B28,185)},
{0x2B,new index_value(0x2BB45A92,186)},
{0x5C,new index_value(0x5CB36A04,187)},
{0xC2,new index_value(0xC2D7FFA7,188)},
{0xB5,new index_value(0xB5D0CF31,189)},
{0x2C,new index_value(0x2CD99E8B,190)},
{0x5B,new index_value(0x5BDEAE1D,191)},
{0x9B,new index_value(0x9B64C2B0,192)},
{0xEC,new index_value(0xEC63F226,193)},
{0x75,new index_value(0x756AA39C,194)},
{0x2,new index_value(0x26D930A,195)},
{0x9C,new index_value(0x9C0906A9,196)},
{0xEB,new index_value(0xEB0E363F,197)},
{0x72,new index_value(0x72076785,198)},
{0x5,new index_value(0x5005713,199)},
{0x95,new index_value(0x95BF4A82,200)},
{0xE2,new index_value(0xE2B87A14,201)},
{0x7B,new index_value(0x7BB12BAE,202)},
{0xC,new index_value(0xCB61B38,203)},
{0x92,new index_value(0x92D28E9B,204)},
{0xE5,new index_value(0xE5D5BE0D,205)},
{0x7C,new index_value(0x7CDCEFB7,206)},
{0xB,new index_value(0xBDBDF21,207)},
{0x86,new index_value(0x86D3D2D4,208)},
{0xF1,new index_value(0xF1D4E242,209)},
{0x68,new index_value(0x68DDB3F8,210)},
{0x1F,new index_value(0x1FDA836E,211)},
{0x81,new index_value(0x81BE16CD,212)},
{0xF6,new index_value(0xF6B9265B,213)},
{0x6F,new index_value(0x6FB077E1,214)},
{0x18,new index_value(0x18B74777,215)},
{0x88,new index_value(0x88085AE6,216)},
{0xFF,new index_value(0xFF0F6A70,217)},
{0x66,new index_value(0x66063BCA,218)},
{0x11,new index_value(0x11010B5C,219)},
{0x8F,new index_value(0x8F659EFF,220)},
{0xF8,new index_value(0xF862AE69,221)},
{0x61,new index_value(0x616BFFD3,222)},
{0x16,new index_value(0x166CCF45,223)},
{0xA0,new index_value(0xA00AE278,224)},
{0xD7,new index_value(0xD70DD2EE,225)},
{0x4E,new index_value(0x4E048354,226)},
{0x39,new index_value(0x3903B3C2,227)},
{0xA7,new index_value(0xA7672661,228)},
{0xD0,new index_value(0xD06016F7,229)},
{0x49,new index_value(0x4969474D,230)},
{0x3E,new index_value(0x3E6E77DB,231)},
{0xAE,new index_value(0xAED16A4A,232)},
{0xD9,new index_value(0xD9D65ADC,233)},
{0x40,new index_value(0x40DF0B66,234)},
{0x37,new index_value(0x37D83BF0,235)},
{0xA9,new index_value(0xA9BCAE53,236)},
{0xDE,new index_value(0xDEBB9EC5,237)},
{0x47,new index_value(0x47B2CF7F,238)},
{0x30,new index_value(0x30B5FFE9,239)},
{0xBD,new index_value(0xBDBDF21C,240)},
{0xCA,new index_value(0xCABAC28A,241)},
{0x53,new index_value(0x53B39330,242)},
{0x24,new index_value(0x24B4A3A6,243)},
{0xBA,new index_value(0xBAD03605,244)},
{0xCD,new index_value(0xCDD70693,245)},
{0x54,new index_value(0x54DE5729,246)},
{0x23,new index_value(0x23D967BF,247)},
{0xB3,new index_value(0xB3667A2E,248)},
{0xC4,new index_value(0xC4614AB8,249)},
{0x5D,new index_value(0x5D681B02,250)},
{0x2A,new index_value(0x2A6F2B94,251)},
{0xB4,new index_value(0xB40BBE37,252)},
{0xC3,new index_value(0xC30C8EA1,253)},
{0x5A,new index_value(0x5A05DF1B,254)},
{0x2D,new index_value(0x2D02EF8D,255)}
};
#endregion
有了这张表 我们就可以通过
0x7c231048 ^ 0x00??? =0x7c???;
crc32Map[0x7c??? >>24] 得到具体的index 以及 原始内容了
也就得到 {0x7C,new index_value(0x7CDCEFB7,206)},
再次把这张图 和例子 搬下来…
char 1 的CRC32 值为 0x83DCEFB7
0x83DCEFB7 ^ 0xFFFFFFFF =0x7c231048
value >>8 我们知道吗 我们知道一部分 那就是value>> 8 ==0x00???
crc32Table[index] 其实就等与 value ^ 0x00???
起码我们可以知道前两位
也就是 0x7c231048 ^ 0x00??? =0x7c???;
到这就可以知道 上一个 crc32 &0xFF ^ ? ==206也就是0xCE
crc32Table[206]=0x7CDCEFB7
也就知道了 value >>8 ==0x7c231048 ^ 0x7CDCEFB7 ==0x00FFFFFF
然而0x00FFFFFF <<8之后 发现码表内没有对应,应为他是初始值~
多好 连递归的跳出条件都找到了~
那接下来 得到 crc32 &0xFF ^ ? ==206 也就是易如反掌了
?=0xFFFFFFFF &0xFF ^ 206 =49 就是 char型的 1;
然后就会发现其实3之前只是一个 跳出条件为0xFFFFFFFF的 递归~
三、1-3明文长度的递归
c# :
DateTime startTime = DateTime.Now;
resultRichTBox.Clear();
ulong checkCRC32 = ulong.Parse(crcTextBox.Text.Replace("0x", "").Trim(), System.Globalization.NumberStyles.HexNumber);// d0x4F5344CD;
checkCRC32 = checkCRC32 ^ 0xFFFFFFFF;
calc_O_T(checkCRC32 );
//上面部分是在 按键触发事件里写的
public void calc_O_T(ulong checkCRC32)
{
try
{
List<int> strResult = new List<int>();
getCrack(checkCRC32, strResult, 3);
string StrF = "";
strResult.ForEach(x => StrF += "[" + x + "] ");
resultRichTBox.AppendText("十进制:" + StrF + "\n");
StrF = "";
strResult.ForEach(x => StrF += (char)x);
resultRichTBox.AppendText("字符串:" + StrF + "\n");
strResult = null;
}
catch
{
MessageBox.Show("传入字符串有问题!");
}
}
//核心处理 1 -3的 递归类。
public static ulong getCrack(ulong checkCRC32, List<int> strreRult, int Olen)
{
try
{
if (Olen == 0)
{
return 0;
}
int i = (int)(checkCRC32 >> 24);
index_value test_crcTable = (index_value)crc32Map[i];
checkCRC32 = checkCRC32 ^ test_crcTable.value;
uint x = (uint)(checkCRC32 >> 16);
if (x == 0xff)
{
strreRult.Add((int)((0xffffffff & 0xff) ^ (ulong)test_crcTable.index_));
return test_crcTable.value ^ (0xffffffff >> 8);
}
ulong tems = getCrack(checkCRC32 << 8, strreRult, Olen - 1);
if (tems == 0)
{
return 0;
}
strreRult.Add((int)(tems & 0xff ^ (ulong)test_crcTable.index_));
return test_crcTable.value ^ (tems >> 8);
}
catch
{
return 0;
}
}
四、4 长度明文长度的递归
//接收到的参数为原始明文的可能性
public List<List<int>> calc_fo(ulong checkCRC32, ref List<ulong> rfCrc)
{
List<List<int>> listResulr = new List<List<int>>();
int i = (int)(checkCRC32 >> 24);
index_value test = (index_value)crc32Map[i];
checkCRC32 = checkCRC32 ^ test.value;
checkCRC32 = checkCRC32 << 8;
for (int z = 0; z <= 255; z++)
{
List<int> strTemp = new List<int>();
checkCRC32 = checkCRC32 + (uint)1;
ulong tems = getCrack(checkCRC32, strTemp, 3);
if (strTemp.Count == 3)
{
strTemp.Add((int)(tems & 0xff ^ (ulong)test.index_));
listResulr.Add(strTemp);
rfCrc.Add(test.value ^ (tems >> 8));
}
strTemp = null;
}
return listResulr;
}
这里的计算
List<List> listResulr = new List<List>();
int i = (int)(checkCRC32 >> 24);
index_value test = (index_value)crc32Map[i];
checkCRC32 = checkCRC32 ^ test.value;
checkCRC32 = checkCRC32 << 8;
到这步可以得到一个数 0xNNNNNN?? 这个取值范围为 [0xNNNNNN00,0xNNNNNNFF] CRC32(前3个字节) ^0xFFFFFFFF 也在这个区间内
但是因为前面的 >>8 操作 所以并不能确定 值具体是哪个…所以此处需要 穷举 0x00-oxFF 也就是256种
所以需要使用循环去尝试 之前写好的反推3长度以内的递归函数。
五、长度为5字节明文CRC反推
5字节长度的可能性也是一样的,也是由于 >>8 的操作 造成我们无法确定就的0xNNNNNN00 到0xNNNNNNFF具体是哪个…所以需要再增加一个循环 来 依次调用 4长度的求值方法。
以下具体看一下 代码:
//接收到的参数为原始明文的可能性
public List<List<int>> calc_fi(ulong checkCRC32, ref List<ulong> rff)
{
List<List<int>> list = new List<List<int>>();
int i = (int)(checkCRC32 >> 24);
index_value test = (index_value)crc32Map[i];
checkCRC32 = checkCRC32 ^ test.value;
checkCRC32 = checkCRC32 << 8;
for (int z = 0; z <= 255; z++)
{
checkCRC32 = checkCRC32 + (uint)1;
List<ulong> rf = new List<ulong>();
List<List<int>> listf = calc_fo(checkCRC32, ref rf);
for (int t = 0; t < listf.Count; t++)
{
if (listf[t].Count == 4)
{
List<int> strTemp = new List<int>();
bool b = true;
foreach (int x in listf[t])
{
if (x < 32 || x > 126) b = false;
strTemp.Add(x);
}
if (b)
{
int temp=(int)(rf[t] & 0xff ^ (ulong)test.index_);
if (temp < 32 || temp > 126) { }
else
{
strTemp.Add((int)(rf[t] & 0xff ^ (ulong)test.index_));
rff.Add(test.value ^ (rf[t] >> 8));
list.Add(strTemp);
}
}
strTemp = null;
}
}
listf = null;
rf = null;
}
return list;
}
六、长度为6字节及以上的反推
//接收到的参数为原始明文的可能性
public List<List<int>> calc_s(ulong checkCRC32, ref List<ulong> rff)
{
Application.DoEvents();
List<List<int>> list = new List<List<int>>();
int i = (int)(checkCRC32 >> 24);
index_value test = (index_value)crc32Map[i];
checkCRC32 = checkCRC32 ^ test.value;
checkCRC32 = checkCRC32 << 8;
for (int z = 0; z <= 255; z++)
{
checkCRC32 = checkCRC32 + (uint)1;
List<ulong> rf = new List<ulong>();
List<List<int>> listf = calc_fi(checkCRC32, ref rf);
for (int t = 0; t < listf.Count; t++)
{
if (listf[t].Count == 5)
{
List<int> strTemp = new List<int>();
bool b = true;
foreach (int x in listf[t])
{
if (x < 32 || x > 126) b = false;
strTemp.Add(x);
}
if (b)
{
int temp=(int)(rf[t] & 0xff ^ (ulong)test.index_);
if (temp < 32 || temp > 126) { }
else{
strTemp.Add((int)(rf[t] & 0xff ^ (ulong)test.index_));
list.Add(strTemp);
rff.Add(test.value ^ (rf[t] >> 8));
}
}
strTemp = null;
}
}
listf = null;
rf = null;
}
return list;
}其实再往上就是重复之前的动作了 感兴趣的可以去下载一下我写的程序 或者复制代码自行编译~
希望可以共同进步~
by _UYU_
被以下专辑收录,发现更多精彩内容
+ 收入我的专辑
相关推荐
- 0 文章数
- 0 评论数
- 0 关注者
文章目录
请登录/注册后在FreeBuf发布内容哦