作者:ArchFire… 文章来源:看雪学院
;**************** Api32 V2.5 KeyMaker for fun.asm *******************
;by: ArchFire/ATA @2002-12-14
;*
;*
;* in this case, we will learn RSA algorithm.
;*
;* as we know that Vitaly Evseenko, the author of Apis32, once been a RCEer. So he shows how to use RAS in his little proggy
;* oh, well, it's not so hard, so just find what's happening....
;* you'd better have look on PEDiy's BBS Seletion III for more help, thx goes to those who have witten the good tutors :)
;*
;* IN RSA:
;* 1. Find two prime number: p, q. the larger the better
;* 2. n=p*q, f=(p-1)*(q-1)
;* 3. Select a random number e, which is satisfied: GCD(f, e)=1. Often, we choose 7, 13, 65537....
;* 4. Find d, where: (d*e) mod f=1
;* 5. Encipher proc: C=(M^e) mod n
;*Decipher proc: M=(C^d) mod n
;*
;* In Apis32:
;* C=((M^7) mod 8899) mod 0bb=(M^7) mod 0bb, 'cause 8899 mod 0bb=0
;* n=0bb=11*0b, f=10*0a=0a0, e=7, d=17
;* so, Decipher proc: M=(C^17) mod 0bb
;* Learn and enjoy!
;*
;********************************************************************
.386
.model flat,stdcall
option casemap:none
include hd.h
DlgProc proto :DWORD,:DWORD,:DWORD,:DWORD
DeRSA proto :DWORD, :DWORD
.const
BUFF_SIZEequ32
ID_MAKEequ1002
ID_ABOUTequ1003
ID_CLOSEequ1004
IDC_NAMEequ1010
IDC_CODEequ1011
OURICONequ1020
DLG_MAINequ1000
.data
szCdbBUFF_SIZE dup (0)
szMdbBUFF_SIZE dup (0)
szTempdbBUFF_SIZE dup (0)
szFormatdb"%02X", 0
MsgTitledb"ATAKeyGen", 0
MsgContenddb"Apis32 2.50 KeyGen for fun", 0dh, 0ah, 0dh, 0ah
db"by ArchFire/ATA", 0
szInputErrordb"Input 8 chars please...", 0
.data?
hInstanceHANDLE ?
.code
.RADIX 16
start:
invokeGetModuleHandle, NULL
movhInstance,eax
invokeDialogBoxParam,hInstance,DLG_MAIN,NULL,offset DlgProc,0
invokeExitProcess,NULL
DlgProcprocuses ebx edi esi, \
hWnd:DWORD,wMsg:DWORD,wParam:DWORD,lParam:DWORD
LOCAL Ps :PAINTSTRUCT
moveax,wMsg
.ifeax == WM_CLOSE
invokeEndDialog,hWnd,NULL
.elseif eax==WM_INITDIALOG
invoke LoadIconA, hInstance, OURICON;note: use "hInstance" instead of "hWnd"; if "dword ptr OURICON" -> PUSH WORD OURICON, wrong result
test eax, eax
je initerror
push edi
mov edi, eax
invoke SendMessageA, hWnd, WM_SETICON, ICON_BIG, eax
invoke SendMessageA, hWnd, WM_SETICON, ICON_SMALL, edi
pop edi
initerror:
nop
.elseif eax == WM_PAINT
invoke BeginPaint,hWnd,ADDR Ps
invoke FrameWindow,hWnd,0,1,1
invoke FrameWindow,hWnd,1,1,0
invoke EndPaint,hWnd,ADDR Ps
xor eax, eax
.elseifeax == WM_COMMAND
mov eax,wParam
.IF lParam!=0
.if ax==ID_MAKE
invoke RtlZeroMemory, addr szC, BUFF_SIZE
invoke RtlZeroMemory, addr szM, BUFF_SIZE
invoke GetDlgItemText,hWnd,IDC_NAME,addr szM, BUFF_SIZE
.if eax < 8
invoke SetDlgItemText,hWnd,IDC_NAME,addr szInputError
.else
lea esi, szC
lea edi, szM
invoke DeRSA, edi, esi
.endif
invoke SetDlgItemText,hWnd,IDC_CODE,addr szC
.elseif ax==ID_CLOSE
invokeEndDialog,hWnd,NULL
.elseif ax==ID_ABOUT
invoke MessageBox, hWnd, Addr MsgContend, Addr MsgTitle, MB_OK
.endif
.ENDIF
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
DlgProcENDP
DeRSA proc szName:DWORD, szCode:DWORD
mov esi, szName
push ebp
xor ebp, ebp
push 0bb
pop ebx
;
@loop2:
mov edi, 16;hmmm, when edi=17h, we get a wrong result
movzx eax, byte ptr [esi+ebp]
mov ecx, eax
@loop1:
imul ecx
cmp eax, ebx
jl @next2
idiv ebx
mov eax, edx
@next2:
dec edi
jnz @loop1
add ebp, 50
xor ax, bp
sub ebp, 50
mov [esi+ebp], al
inc ebp
cmp ebp, 8
jl @loop2
pop ebp
mov edi, szCode
xor ebx, ebx
p_loop:
xor eax, eax
lodsb
invoke wsprintf, addr szTemp, addr szFormat, eax
cmp bl, 4
jnz @f
mov al, '-'
stosb
@@:
mov ax, word ptr [szTemp+0]
stosw
inc ebx
cmp ebx, 08
jl p_loop
ret
DeRSA endp
end start
