先给出一组key:3131313113cac7acc6324051aabbeab730d1cfa9b4c42ca77cb12b6c9e161c106d70bf24de694e167473f4613014b74d3d0252ea2348a75bd27913e99aa4f9dd68294bf303445eeb701f5661e70d46973bdc61c2
分析过程
整个过程还是一个地图寻路,大小60*60, 0是障碍, 1可以通行,2为起点,3为终点
key的前8个字节来生成地图,和80字节的解密key
移动方向0->上, 1->下, 2->左, 3->右
我这边生成的地图数据为:
4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 2 4 4 4 4 4 4 4 4 4 4
4 0 0 0 1 0 0 1 0 0 1 0 1 1 0 1 0 0 0 0 1 0 1 0 0 1 1 0 0 0 0 1 1 1 0 1 0 0 0 1 0 1 0 1 1 1 0 0 1 1 0 0 1 1 0 0 0 0 0 4
4 1 0 1 0 1 1 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 1 0 0 1 0 0 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 1 0 1 0 0 1 0 0 0 0 0 0 4
4 0 0 0 0 1 1 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0 1 0 1 0 0 1 1 1 0 1 0 1 1 1 1 1 1 0 1 1 1 0 0 0 1 1 4
4 1 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 1 0 1 0 0 0 1 0 0 1 1 1 0 0 0 0 0 1 0 0 0 0 0 0 1 1 1 1 0 1 1 1 1 0 0 1 1 0 0 1 0 0 4
4 1 0 0 0 0 0 1 0 1 1 1 1 0 0 0 0 0 0 0 0 0 1 0 1 1 1 1 1 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 1 1 0 0 1 0 0 4
4 1 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 1 1 0 0 1 0 0 0 1 0 0 1 0 1 0 1 1 0 1 0 0 1 0 1 0 1 1 0 0 1 1 0 1 0 0 0 4
4 0 1 0 0 0 0 0 0 1 0 1 0 1 1 0 1 1 1 0 0 1 1 1 0 0 1 0 0 1 0 0 1 0 0 0 0 1 1 1 1 1 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 0 4
4 0 0 1 1 0 1 1 0 0 0 0 0 0 1 1 0 1 1 0 0 1 0 0 1 0 0 0 0 0 0 1 1 0 1 0 0 0 1 0 1 1 1 0 0 0 1 0 0 0 0 0 1 1 1 0 1 1 0 4
4 0 1 1 0 0 1 0 1 0 0 0 0 1 0 0 1 0 1 0 1 0 0 1 0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 1 1 1 0 1 0 0 0 0 0 0 1 1 0 1 1 0 4
4 1 1 0 0 1 0 0 0 1 1 0 0 1 1 1 0 0 1 1 1 1 0 1 0 0 1 0 0 1 0 1 0 0 0 0 1 0 0 0 0 0 1 0 1 1 0 0 0 0 1 1 0 0 0 1 0 1 0 4
4 0 1 0 0 0 0 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 1 1 1 1 0 0 0 0 0 1 0 0 0 1 1 0 0 0 1 0 0 1 1 0 1 0 0 1 4
4 1 0 0 0 1 1 0 0 0 0 1 0 1 0 1 0 0 1 1 1 1 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0 0 0 1 1 0 0 0 1 1 1 1 0 0 0 0 0 0 0 1 1 0 0 4
4 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 1 1 1 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 1 1 0 0 0 0 1 0 1 0 0 0 4
4 0 0 0 1 0 0 1 1 0 1 1 0 1 0 0 1 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 1 1 0 1 0 1 0 1 1 1 0 0 0 0 4
4 0 0 0 0 0 1 0 1 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 1 1 0 1 0 0 1 0 0 0 1 0 1 0 4
4 1 0 0 1 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 0 1 0 0 1 0 0 1 1 0 0 1 4
4 0 0 0 0 1 0 0 0 0 1 0 1 1 1 1 0 0 1 1 1 0 1 1 1 0 0 1 1 1 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 1 0 1 0 0 1 0 0 0 0 1 4
4 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 1 0 0 1 0 1 0 0 0 1 0 0 1 1 0 1 1 0 1 1 0 0 1 0 0 1 4
4 0 1 0 0 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 1 0 0 0 1 0 0 1 1 1 0 1 0 1 0 0 0 1 0 0 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 4
4 1 0 1 0 0 0 0 1 0 0 1 0 0 1 1 0 1 0 0 0 0 0 1 0 0 1 0 1 1 1 1 1 0 1 0 0 0 0 1 1 0 0 0 0 1 0 0 1 1 1 0 0 0 1 1 0 0 0 4
4 0 1 1 0 0 0 1 1 1 1 0 1 0 1 0 0 1 1 1 0 0 0 0 0 1 0 0 0 0 1 0 1 0 1 0 0 0 1 0 0 0 1 1 1 1 0 1 1 0 0 0 1 0 0 0 0 0 0 4
4 1 0 1 1 0 1 0 1 0 0 0 0 0 1 1 1 1 0 0 0 0 0 1 0 0 1 1 1 1 0 0 0 1 1 0 0 1 0 0 0 1 0 0 0 0 0 0 1 0 1 0 1 1 0 1 1 1 1 4
4 0 0 1 1 1 0 0 0 1 1 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 1 1 1 0 1 1 1 0 1 1 0 0 0 1 0 1 0 0 1 1 0 0 1 0 0 1 0 0 0 0 0 0 0 4
4 0 0 0 1 0 0 1 0 0 1 1 1 0 1 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 1 1 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 4
4 1 0 1 0 1 0 1 0 0 0 0 0 0 1 0 1 1 0 0 0 1 0 1 0 1 0 0 1 1 0 0 0 0 0 0 0 1 0 1 0 0 1 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 4
4 0 0 1 1 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 1 1 0 0 1 0 4
4 0 0 0 0 0 1 1 0 0 0 1 0 1 0 1 0 1 1 0 1 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 4
4 0 0 1 1 1 0 0 1 0 0 0 0 0 0 1 0 0 1 0 1 1 1 0 1 0 0 0 0 0 0 0 0 1 0 1 1 1 0 0 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 0 0 1 1 4
4 0 1 0 0 1 0 1 0 1 0 1 1 0 1 0 0 0 0 0 1 0 0 0 0 1 0 1 0 1 0 0 1 0 1 1 1 0 0 0 0 0 1 0 0 0 1 0 1 0 1 1 0 1 0 0 1 1 0 4
4 1 0 0 0 0 1 0 0 0 0 0 1 1 1 0 0 0 1 0 0 1 1 1 1 1 0 1 1 1 1 0 0 0 0 0 0 0 0 0 1 0 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0 0 0 4
4 1 0 0 1 1 1 1 1 1 0 0 0 0 1 1 0 0 1 1 0 1 0 0 0 1 0 0 1 1 0 0 1 0 0 0 1 1 1 0 0 1 0 0 1 1 1 0 1 0 1 0 1 0 1 0 0 1 1 4
4 0 1 0 1 1 0 0 0 1 1 0 1 0 0 0 0 1 0 0 0 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 1 0 1 0 1 1 0 0 0 1 0 1 1 4
4 0 1 0 1 0 0 0 0 1 0 0 0 1 0 1 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 0 0 0 0 1 1 1 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 0 0 0 4
4 0 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0 0 1 0 1 0 0 1 0 1 0 0 0 0 0 1 1 1 0 0 1 0 1 1 0 0 0 4
4 0 0 0 0 1 0 0 0 1 1 0 0 1 1 0 0 0 0 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 1 0 0 1 0 1 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 4
4 1 1 1 0 0 0 1 1 1 0 0 1 1 1 0 0 0 0 0 0 1 0 1 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 1 0 1 0 1 1 1 0 0 1 0 0 0 0 1 0 0 1 0 0 4
4 0 1 0 0 0 1 0 0 1 0 1 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 0 1 1 1 0 0 0 0 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 0 1 0 0 1 0 4
4 0 0 0 0 0 0 1 0 0 0 0 1 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 0 0 1 0 1 0 0 1 1 4
4 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 1 1 1 1 0 0 0 0 1 1 0 0 0 0 1 0 1 0 0 0 1 1 1 0 0 1 1 1 1 1 0 4
4 0 1 0 0 0 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 0 1 0 1 0 0 1 1 1 0 0 0 1 1 0 1 1 0 0 1 1 0 1 1 1 1 0 1 1 0 0 0 0 0 1 1 0 0 4
4 1 1 0 0 0 1 1 0 1 0 0 0 0 0 1 1 1 0 1 0 0 0 0 0 1 1 1 0 0 1 1 0 0 0 0 0 0 1 0 1 0 0 1 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 4
4 0 1 0 0 1 1 0 0 0 1 0 0 1 0 1 1 0 0 1 1 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 1 1 0 0 0 1 0 1 0 1 0 1 0 1 0 0 4
4 1 0 0 0 1 0 0 0 1 1 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 1 1 0 0 1 1 1 0 0 0 4
4 0 0 0 1 0 0 1 0 1 0 0 1 0 1 0 0 0 1 0 0 0 1 0 0 1 1 0 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 1 0 0 1 0 1 0 0 0 0 4
4 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 1 1 1 0 0 0 1 0 0 0 0 1 4
4 1 0 0 0 0 0 1 0 0 1 0 0 0 1 1 0 1 0 0 1 0 0 0 1 0 0 0 1 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 1 0 0 0 1 0 0 1 0 0 0 1 0 1 0 4
4 0 0 0 0 0 1 1 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 1 1 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 1 0 1 1 1 0 0 0 0 0 4
4 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 1 1 0 0 4
4 1 0 1 1 1 0 0 1 1 1 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 1 0 1 0 1 0 1 1 1 1 0 0 0 0 0 4
4 0 0 0 0 0 0 1 1 0 0 0 0 1 1 0 0 0 1 0 0 0 0 1 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 1 0 1 0 0 1 0 0 1 1 0 1 0 4
4 0 0 0 1 1 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 1 1 1 0 0 0 1 0 1 1 1 1 0 0 0 0 0 1 0 1 0 0 1 1 1 0 1 0 1 1 1 1 0 0 1 1 0 4
4 1 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 1 1 0 1 1 0 1 1 0 0 0 1 1 0 0 0 0 1 0 1 1 0 0 0 0 1 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 4
4 0 1 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 1 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 1 1 0 1 1 0 1 0 4
4 0 1 1 1 1 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 1 1 0 0 1 0 0 1 1 1 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 1 0 1 0 1 1 0 0 1 1 0 0 0 4
4 1 0 0 0 0 0 1 1 1 0 1 0 1 0 0 0 0 1 0 1 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 1 1 0 0 0 1 0 0 1 1 0 1 0 1 0 1 4
4 1 0 0 1 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 1 1 1 1 1 0 0 0 0 0 0 0 0 1 0 1 1 1 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 4
4 1 1 0 0 0 0 0 0 1 0 1 0 0 0 1 0 0 0 1 0 0 1 1 0 0 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 0 0 0 4
4 0 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 1 0 1 0 0 0 0 0 1 0 0 0 0 0 1 1 1 1 0 0 0 1 1 1 1 1 1 1 1 0 1 1 4
4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 3 4 4 4 4 4 4 4 4 4 4 4
寻路算法不熟
但可以明显的看到一条路径:11122222122211113133111333131111111111111111111111111111111111111111111123232311
最后面的232323是为了补齐长度在原地打转
路径找好了就是加密的过程了
解密过程被VM了,写个脚本还原了下:
0041EC30 /$ 55 push ebp
0041EC31 |. 89E5 mov ebp, esp
0041EC33 |. 83EC 18 sub esp, 0x18
0041EC36 |. 894D EC mov dword ptr [ebp-0x14], ecx
0041EC39 |. 8B45 08 mov eax, dword ptr [ebp+0x8]
0041EC3C |. 8845 E8 mov byte ptr [ebp-0x18], al
0041EC3F |. 8B45 EC mov eax, dword ptr [ebp-0x14]
0041EC42 |. 8B90 D8A80000 mov edx, dword ptr [eax+0xA8D8]
0041EC48 |. 8B45 0C mov eax, dword ptr [ebp+0xC]
0041EC4B |. 03C2 add eax, edx
0041EC4D |. 0FB600 movzx eax, byte ptr [eax]
0041EC50 |. 8845 F7 mov byte ptr [ebp-0x9], al
0041EC53 |. C745 F8 00000>mov dword ptr [ebp-0x8], 0x0
0041EC5A |. 8075 E8 60 xor byte ptr [ebp-0x18], 0x60
0041EC5E |. 0FB645 E8 movzx eax, byte ptr [ebp-0x18]
0041EC62 |. 3245 F7 xor al, byte ptr [ebp-0x9]
0041EC65 |. 8845 FF mov byte ptr [ebp-0x1], al
0041EC68 |> 807D FF 3B /cmp byte ptr [ebp-0x1], 0x3B
0041EC6C |. 76 0A |jbe short 0041EC78
0041EC6E |. 806D FF 3C |sub byte ptr [ebp-0x1], 0x3C
0041EC72 |. 8345 F8 01 |add dword ptr [ebp-0x8], 0x1
0041EC76 |.^ EB F0 \jmp short 0041EC68
0041EC78 |> 0FB645 FF movzx eax, byte ptr [ebp-0x1]
0041EC7C |. 8B55 F8 mov edx, dword ptr [ebp-0x8]
0041EC7F |. 2BD0 sub edx, eax
0041EC81 |. 8BC2 mov eax, edx
0041EC83 |. 8945 F0 mov dword ptr [ebp-0x10], eax
0041ECA6 |. 8B45 F0 mov eax, dword ptr [ebp-0x10]
0041ECA9 |. C9 leave
0041ECAA \. C2 0800 retn 0x8
然后就是加密过去就可以了:
Python代码为:
step_key = '4F969BB4DE2A5849F6A3F2AF6C8D93F56098F87320ED77B84AC240C4312CE3788235124A282FA83D6C48EB11615E0EB67F14FB078E254FB5C6F8A581347517AF5F1802B72C430A3DFFD95E4323083D9E'.decode('hex')
my_path = '11122222122211113133111333131111111111111111111111111111111111111111111123232311'
print len(step_key)
print len(my_path)
'''
0 -> 0
1 -> 60
2 -> 120
3 -> 180
'''
c = ''
for i in range(0, 80):
a = (ord(my_path[i]) - 0x30)
if a == 1:
b = 60
elif a == 2:
b = 120
elif a == 3:
b = 180
elif a == 0:
b = 0
else:
b = 0
c = c + chr(b ^ 0x60 ^ ord(step_key[i]))
print c.encode('hex')
分析过程
整个过程还是一个地图寻路,大小60*60, 0是障碍, 1可以通行,2为起点,3为终点
key的前8个字节来生成地图,和80字节的解密key
移动方向0->上, 1->下, 2->左, 3->右
我这边生成的地图数据为:
4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 2 4 4 4 4 4 4 4 4 4 4
4 0 0 0 1 0 0 1 0 0 1 0 1 1 0 1 0 0 0 0 1 0 1 0 0 1 1 0 0 0 0 1 1 1 0 1 0 0 0 1 0 1 0 1 1 1 0 0 1 1 0 0 1 1 0 0 0 0 0 4
4 1 0 1 0 1 1 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 1 0 0 1 0 0 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 1 0 1 0 0 1 0 0 0 0 0 0 4
4 0 0 0 0 1 1 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0 1 0 1 0 0 1 1 1 0 1 0 1 1 1 1 1 1 0 1 1 1 0 0 0 1 1 4
4 1 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 1 0 1 0 0 0 1 0 0 1 1 1 0 0 0 0 0 1 0 0 0 0 0 0 1 1 1 1 0 1 1 1 1 0 0 1 1 0 0 1 0 0 4
4 1 0 0 0 0 0 1 0 1 1 1 1 0 0 0 0 0 0 0 0 0 1 0 1 1 1 1 1 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 1 1 0 0 1 0 0 4
4 1 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 1 1 0 0 1 0 0 0 1 0 0 1 0 1 0 1 1 0 1 0 0 1 0 1 0 1 1 0 0 1 1 0 1 0 0 0 4
4 0 1 0 0 0 0 0 0 1 0 1 0 1 1 0 1 1 1 0 0 1 1 1 0 0 1 0 0 1 0 0 1 0 0 0 0 1 1 1 1 1 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 0 4
4 0 0 1 1 0 1 1 0 0 0 0 0 0 1 1 0 1 1 0 0 1 0 0 1 0 0 0 0 0 0 1 1 0 1 0 0 0 1 0 1 1 1 0 0 0 1 0 0 0 0 0 1 1 1 0 1 1 0 4
4 0 1 1 0 0 1 0 1 0 0 0 0 1 0 0 1 0 1 0 1 0 0 1 0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 1 1 1 0 1 0 0 0 0 0 0 1 1 0 1 1 0 4
4 1 1 0 0 1 0 0 0 1 1 0 0 1 1 1 0 0 1 1 1 1 0 1 0 0 1 0 0 1 0 1 0 0 0 0 1 0 0 0 0 0 1 0 1 1 0 0 0 0 1 1 0 0 0 1 0 1 0 4
4 0 1 0 0 0 0 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 1 1 1 1 0 0 0 0 0 1 0 0 0 1 1 0 0 0 1 0 0 1 1 0 1 0 0 1 4
4 1 0 0 0 1 1 0 0 0 0 1 0 1 0 1 0 0 1 1 1 1 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0 0 0 1 1 0 0 0 1 1 1 1 0 0 0 0 0 0 0 1 1 0 0 4
4 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 1 1 1 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 1 1 0 0 0 0 1 0 1 0 0 0 4
4 0 0 0 1 0 0 1 1 0 1 1 0 1 0 0 1 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 1 1 0 1 0 1 0 1 1 1 0 0 0 0 4
4 0 0 0 0 0 1 0 1 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 1 1 0 1 0 0 1 0 0 0 1 0 1 0 4
4 1 0 0 1 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 0 1 0 0 1 0 0 1 1 0 0 1 4
4 0 0 0 0 1 0 0 0 0 1 0 1 1 1 1 0 0 1 1 1 0 1 1 1 0 0 1 1 1 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 1 0 1 0 0 1 0 0 0 0 1 4
4 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 1 0 0 1 0 1 0 0 0 1 0 0 1 1 0 1 1 0 1 1 0 0 1 0 0 1 4
4 0 1 0 0 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 1 0 0 0 1 0 0 1 1 1 0 1 0 1 0 0 0 1 0 0 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 4
4 1 0 1 0 0 0 0 1 0 0 1 0 0 1 1 0 1 0 0 0 0 0 1 0 0 1 0 1 1 1 1 1 0 1 0 0 0 0 1 1 0 0 0 0 1 0 0 1 1 1 0 0 0 1 1 0 0 0 4
4 0 1 1 0 0 0 1 1 1 1 0 1 0 1 0 0 1 1 1 0 0 0 0 0 1 0 0 0 0 1 0 1 0 1 0 0 0 1 0 0 0 1 1 1 1 0 1 1 0 0 0 1 0 0 0 0 0 0 4
4 1 0 1 1 0 1 0 1 0 0 0 0 0 1 1 1 1 0 0 0 0 0 1 0 0 1 1 1 1 0 0 0 1 1 0 0 1 0 0 0 1 0 0 0 0 0 0 1 0 1 0 1 1 0 1 1 1 1 4
4 0 0 1 1 1 0 0 0 1 1 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 1 1 1 0 1 1 1 0 1 1 0 0 0 1 0 1 0 0 1 1 0 0 1 0 0 1 0 0 0 0 0 0 0 4
4 0 0 0 1 0 0 1 0 0 1 1 1 0 1 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 1 1 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 4
4 1 0 1 0 1 0 1 0 0 0 0 0 0 1 0 1 1 0 0 0 1 0 1 0 1 0 0 1 1 0 0 0 0 0 0 0 1 0 1 0 0 1 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 4
4 0 0 1 1 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 1 1 0 0 1 0 4
4 0 0 0 0 0 1 1 0 0 0 1 0 1 0 1 0 1 1 0 1 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 4
4 0 0 1 1 1 0 0 1 0 0 0 0 0 0 1 0 0 1 0 1 1 1 0 1 0 0 0 0 0 0 0 0 1 0 1 1 1 0 0 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 0 0 1 1 4
4 0 1 0 0 1 0 1 0 1 0 1 1 0 1 0 0 0 0 0 1 0 0 0 0 1 0 1 0 1 0 0 1 0 1 1 1 0 0 0 0 0 1 0 0 0 1 0 1 0 1 1 0 1 0 0 1 1 0 4
4 1 0 0 0 0 1 0 0 0 0 0 1 1 1 0 0 0 1 0 0 1 1 1 1 1 0 1 1 1 1 0 0 0 0 0 0 0 0 0 1 0 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0 0 0 4
4 1 0 0 1 1 1 1 1 1 0 0 0 0 1 1 0 0 1 1 0 1 0 0 0 1 0 0 1 1 0 0 1 0 0 0 1 1 1 0 0 1 0 0 1 1 1 0 1 0 1 0 1 0 1 0 0 1 1 4
4 0 1 0 1 1 0 0 0 1 1 0 1 0 0 0 0 1 0 0 0 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 1 0 1 0 1 1 0 0 0 1 0 1 1 4
4 0 1 0 1 0 0 0 0 1 0 0 0 1 0 1 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 0 0 0 0 1 1 1 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 0 0 0 4
4 0 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0 0 1 0 1 0 0 1 0 1 0 0 0 0 0 1 1 1 0 0 1 0 1 1 0 0 0 4
4 0 0 0 0 1 0 0 0 1 1 0 0 1 1 0 0 0 0 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 1 0 0 1 0 1 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 4
4 1 1 1 0 0 0 1 1 1 0 0 1 1 1 0 0 0 0 0 0 1 0 1 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 1 0 1 0 1 1 1 0 0 1 0 0 0 0 1 0 0 1 0 0 4
4 0 1 0 0 0 1 0 0 1 0 1 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 0 1 1 1 0 0 0 0 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 0 1 0 0 1 0 4
4 0 0 0 0 0 0 1 0 0 0 0 1 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 0 0 1 0 1 0 0 1 1 4
4 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 1 1 1 1 0 0 0 0 1 1 0 0 0 0 1 0 1 0 0 0 1 1 1 0 0 1 1 1 1 1 0 4
4 0 1 0 0 0 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 0 1 0 1 0 0 1 1 1 0 0 0 1 1 0 1 1 0 0 1 1 0 1 1 1 1 0 1 1 0 0 0 0 0 1 1 0 0 4
4 1 1 0 0 0 1 1 0 1 0 0 0 0 0 1 1 1 0 1 0 0 0 0 0 1 1 1 0 0 1 1 0 0 0 0 0 0 1 0 1 0 0 1 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 4
4 0 1 0 0 1 1 0 0 0 1 0 0 1 0 1 1 0 0 1 1 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 1 1 0 0 0 1 0 1 0 1 0 1 0 1 0 0 4
4 1 0 0 0 1 0 0 0 1 1 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 1 1 0 0 1 1 1 0 0 0 4
4 0 0 0 1 0 0 1 0 1 0 0 1 0 1 0 0 0 1 0 0 0 1 0 0 1 1 0 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 1 0 0 1 0 1 0 0 0 0 4
4 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 1 1 1 0 0 0 1 0 0 0 0 1 4
4 1 0 0 0 0 0 1 0 0 1 0 0 0 1 1 0 1 0 0 1 0 0 0 1 0 0 0 1 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 1 0 0 0 1 0 0 1 0 0 0 1 0 1 0 4
4 0 0 0 0 0 1 1 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 1 1 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 1 0 1 1 1 0 0 0 0 0 4
4 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 1 1 0 0 4
4 1 0 1 1 1 0 0 1 1 1 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 1 0 1 0 1 0 1 1 1 1 0 0 0 0 0 4
4 0 0 0 0 0 0 1 1 0 0 0 0 1 1 0 0 0 1 0 0 0 0 1 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 1 0 1 0 0 1 0 0 1 1 0 1 0 4
4 0 0 0 1 1 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 1 1 1 0 0 0 1 0 1 1 1 1 0 0 0 0 0 1 0 1 0 0 1 1 1 0 1 0 1 1 1 1 0 0 1 1 0 4
4 1 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 1 1 0 1 1 0 1 1 0 0 0 1 1 0 0 0 0 1 0 1 1 0 0 0 0 1 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 4
4 0 1 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 1 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 1 1 0 1 1 0 1 0 4
4 0 1 1 1 1 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 1 1 0 0 1 0 0 1 1 1 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 1 0 1 0 1 1 0 0 1 1 0 0 0 4
4 1 0 0 0 0 0 1 1 1 0 1 0 1 0 0 0 0 1 0 1 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 1 1 0 0 0 1 0 0 1 1 0 1 0 1 0 1 4
4 1 0 0 1 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 1 1 1 1 1 0 0 0 0 0 0 0 0 1 0 1 1 1 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 4
4 1 1 0 0 0 0 0 0 1 0 1 0 0 0 1 0 0 0 1 0 0 1 1 0 0 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 0 0 0 4
4 0 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 1 0 1 0 0 0 0 0 1 0 0 0 0 0 1 1 1 1 0 0 0 1 1 1 1 1 1 1 1 0 1 1 4
4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 3 4 4 4 4 4 4 4 4 4 4 4
寻路算法不熟
但可以明显的看到一条路径:11122222122211113133111333131111111111111111111111111111111111111111111123232311
最后面的232323是为了补齐长度在原地打转
路径找好了就是加密的过程了
解密过程被VM了,写个脚本还原了下:
0041EC30 /$ 55 push ebp
0041EC31 |. 89E5 mov ebp, esp
0041EC33 |. 83EC 18 sub esp, 0x18
0041EC36 |. 894D EC mov dword ptr [ebp-0x14], ecx
0041EC39 |. 8B45 08 mov eax, dword ptr [ebp+0x8]
0041EC3C |. 8845 E8 mov byte ptr [ebp-0x18], al
0041EC3F |. 8B45 EC mov eax, dword ptr [ebp-0x14]
0041EC42 |. 8B90 D8A80000 mov edx, dword ptr [eax+0xA8D8]
0041EC48 |. 8B45 0C mov eax, dword ptr [ebp+0xC]
0041EC4B |. 03C2 add eax, edx
0041EC4D |. 0FB600 movzx eax, byte ptr [eax]
0041EC50 |. 8845 F7 mov byte ptr [ebp-0x9], al
0041EC53 |. C745 F8 00000>mov dword ptr [ebp-0x8], 0x0
0041EC5A |. 8075 E8 60 xor byte ptr [ebp-0x18], 0x60
0041EC5E |. 0FB645 E8 movzx eax, byte ptr [ebp-0x18]
0041EC62 |. 3245 F7 xor al, byte ptr [ebp-0x9]
0041EC65 |. 8845 FF mov byte ptr [ebp-0x1], al
0041EC68 |> 807D FF 3B /cmp byte ptr [ebp-0x1], 0x3B
0041EC6C |. 76 0A |jbe short 0041EC78
0041EC6E |. 806D FF 3C |sub byte ptr [ebp-0x1], 0x3C
0041EC72 |. 8345 F8 01 |add dword ptr [ebp-0x8], 0x1
0041EC76 |.^ EB F0 \jmp short 0041EC68
0041EC78 |> 0FB645 FF movzx eax, byte ptr [ebp-0x1]
0041EC7C |. 8B55 F8 mov edx, dword ptr [ebp-0x8]
0041EC7F |. 2BD0 sub edx, eax
0041EC81 |. 8BC2 mov eax, edx
0041EC83 |. 8945 F0 mov dword ptr [ebp-0x10], eax
0041ECA6 |. 8B45 F0 mov eax, dword ptr [ebp-0x10]
0041ECA9 |. C9 leave
0041ECAA \. C2 0800 retn 0x8
然后就是加密过去就可以了:
Python代码为:
step_key = '4F969BB4DE2A5849F6A3F2AF6C8D93F56098F87320ED77B84AC240C4312CE3788235124A282FA83D6C48EB11615E0EB67F14FB078E254FB5C6F8A581347517AF5F1802B72C430A3DFFD95E4323083D9E'.decode('hex')
my_path = '11122222122211113133111333131111111111111111111111111111111111111111111123232311'
print len(step_key)
print len(my_path)
'''
0 -> 0
1 -> 60
2 -> 120
3 -> 180
'''
c = ''
for i in range(0, 80):
a = (ord(my_path[i]) - 0x30)
if a == 1:
b = 60
elif a == 2:
b = 120
elif a == 3:
b = 180
elif a == 0:
b = 0
else:
b = 0
c = c + chr(b ^ 0x60 ^ ord(step_key[i]))
print c.encode('hex')