Here is a detailed analysis. I just learned some interesting algorithms.
Analysis Link
This is the content in the reverse decryption process using 3DES:
Use Microsoft's crypt library to use 3DES to decrypt additional data in the program
Code:
VOID encryptData () {TCHAR szModuleFile [MAX_PATH] = "C: \ Users \ Administrator \ Desktop \ crack technical question 360 \ crack question. over "; HANDLE hFile =: CreateFile (szModuleFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL); if (! HFile) {AfxMessageBox ("createfile error"); return;} DWORD dwFileSize = 0; dwFileSize =: GetFileSize (hFile, NULL); DWORD dwError =: GetLastError (); TCHAR * pBuffer = new TCHAR [dwFileSize * 2]; memset (pBuffer, 0, sizeof (pBuffer); DWORD dwReaded = 0;: ReadFile (hFile, pBuffer, dwFileSize, & dwReaded, NULL); TCHAR pText [] = "dfe963a6"; // create/obtain a password container CSPHCRYPTPROV hProv; TCHAR pszContentName [] = "Microsoft Enhanced RSA and AES Cryptographic Provider "; if (!: CryptAcquireContext (& hProv, NULL, pszContentName, 0x18, 0) {DWORD dwError =: GetLastError (); AfxMessageBox ("cryptAcquireContext error"); return ;} // create/obtain/import a key HCRYPTHASH hHash; if (! CryptCreateHash (hProv, 0x8003, 0, 0, & hHash) {AfxMessageBox ("cryptcreateHash error"); return ;}// use the key for encryption/Decryption :: cryptHashData (hHash, (BYTE *) pText, strlen (pText), NULL); HCRYPTKEY hKey;: CryptDeriveKey (hProv, 0x660E, hHash, 0x800000, & hKey ); // CALG_AES_128 0x660E 0x800000: CryptDecrypt (hKey, 0, TRUE, 0, (BYTE *) pBuffer, & dwFileSize); // 0: CryptDestroyKey (hKey );:: CryptDestroyHash (hHash);: free (pBuffer);: CloseHandle (hFile );}
Test environment:
1. Use ffi to export the additional data in crackme as the input data of this program.
2. settings when Microsoft's encrypted library is used
Add the following lines of code to stdafx. h:
#ifndef _WIN32_WINNT #define _WIN32_WINNT 0x0400 #endif
3. The pBuffer in the program is the decrypted data.
Attachment download
Http://download.csdn.net/detail/xiaocaiju/7417093