简单的算法逆向
使用ida打开,并反编译,找到算法部分
v6 = len(name); // 第一个最早出现的时候
if ( v6 > 0 )
{
v7 = 0;
v8 = v6;
if ( v6 > 0 )
{
v9 = 1;
do
{
v7 += (v9 - 1) * *(_BYTE *)(name + v9 - 1);
++v9;
--v8; // 长度自减一
}
while ( v8 );
}
v10 = dword_4050B8[v7 & 0xF]; // 这是另一个
sub_402F1C(v19, dword_404204);
v11 = sub_403FA0(v19); // 这是其中一个
about_chuangkou((volatile signed __int32 *)&name, (signed __int32)"Error");
about_chuangkou(&v19, (signed __int32)"Invalid");
if ( v10 == v11 ) // 如果这两个相等,那么就成功
{
about_chuangkou((volatile signed __int32 *)&name, (signed __int32)dword_404220);
about_chuangkou(&v19, (signed __int32)"Thanks a lot");
}
v1 = len(v10) + 1; // pass
v2 = 0;
v3 = 1;
do
v2 = *(_BYTE *)(v10 + v3++ - 1) + 10 * v2 - 48;
while ( v1 != v3 );
v4 = v2;
大概可以看出name算法是:每一个字节*index 求和,pass算法也大同小异,结合汇编语言,进行python编程如下
name = 'zhang'
name_len = len(name)
name_index = 0
name_result=0
while name_len>0:
name_result =name_index*ord(name[name_index]) +name_result
name_len-=1
name_index+=1
print(name_result & 0xf) #根据这个值偏移就行
'''
26 11 79 19 07 10 79 19
79 19 26 11 79 19 07 10 78 56 34 12 F0 DE BC 9A
34 34 12 12 78 78 78 78 C6 CC C6 CC 00 CC 00 CC
FF EF EF FF 55 55 CC DD 89 87 67 67 CC CB CE CE
AB 99 88 77 66 77 33 44
'''
password = '0'+'427364646'
len_pass = len(password)
pass_result = 0
pass_index = 0
while pass_index != len_pass:
pass_result = pass_result*10 - 48+ ord(password[pass_index])
pass_index += 1
print(hex(pass_result))