[调试逆向]
[原创]RTX(腾讯通)本地保存密码TEA变形算法及还原器
2012-11-11 12:35
16367
[调试逆向]
[原创]RTX(腾讯通)本地保存密码TEA变形算法及还原器
2012-11-11 12:35
16367
上月在研究RTX本地保存密码还原,发现是变形的TEA,伪代码如下:
//TEA test program written by HappyTown [2006-10-10]
#include
#include
#include "winsock2.h"
#pragma comment(lib,"WS2_32.LIB")
#include "tea.h"
//变形TEADec
void myDecrypt(unsigned char *data,unsigned char *key,unsigned char *out);
//变形TEAEnc
void myEncrypt(unsigned char *data,unsigned char *key,unsigned char *out);
//Ecnrypt
void myEncrypt(unsigned char *data,unsigned char *key,unsigned char *out)
{
int i;
unsigned int y=0,z=0,a,b,c,d;
int e = 0;
unsigned int sum = 0x61C88647;
//设置y和z
// printf("%08X\n",*(DWORD*)data);
// printf("%08X\n",*(DWORD*)(data+4));
y = ntohl(*(DWORD*)data);
z = ntohl(*(DWORD*)(data+4));
// printf("y=%08X z=%08X\n",y,z);
//变形key设置a,b,c,d值
a = ntohl(*(DWORD*)(key+0));
b = ntohl(*(DWORD*)(key+4));
c = ntohl(*(DWORD*)(key+8));
d = ntohl(*(DWORD*)(key+12));
// printf("a=%08X,b=%08X,c=%08X,d=%08X\n",a,b,c,d);
// printf("%08X %08X %08X\n",(c+(y<<4)),(d+(y>>5)),(c+(y<<4))^(d+(y>>5)));
// printf("%08X %08X %08X\n",(delta+y),(delta+y) ^ (c+(y<<4))^(d+(y>>5)),z-((delta+y) ^ (c+(y<<4))^(d+(y>>5))));
//Decrypt
for(i=0; i<16; i++)
{
e -= sum;
y +