Encryption and decryption, information summary algorithm collection

zhaozj2021-02-12  194

MD5 algorithm research

Review

The full name of MD5 is Message-Digest Algorithm 5 (information-summary algorithm), which was developed by Mit Laboratory for Computer Science and RSA Data Security Inc, and the MD2, MD3 and MD4 were developed by MD2, MD3 and MD4 in the 1990s. Its role is to make large capacity information to be "compressed" into a confidential format before signing private privacy with digital signature software (that is, transforms an arbitrary length of byte string into a certain length). Whether it is MD2, MD4 or MD5, they all need to obtain a random length of information and generate a 128-bit information summary. Although the structure of these algorithms is more similar, the design of MD2 is completely different from MD4 and MD5, because MD2 is designed for 8-bit machines, while MD4 and MD5 are 32-bit computers. The descriptions of these three algorithms have a detailed description in Internet RFCS 1321 (http://www.ietf.org/rfc/rfc1321.txt), this is the most authoritative document, by Ronald L Rivest submitted to IEFT in August 1992.

Rivest developed an MD2 algorithm in 1989. In this algorithm, the information is first supplied to the information, so that the byte length of the information is a multiple of 16. Then, at a 16-bit test and append to the end of the information. And calculate the hash value based on this new information. Later, Rogier and Chauvaud found that if the test and the MD2 conflict will be generated. The result of the encryption of the MD2 algorithm is unique - neither repeat.

In order to enhance the safety of the algorithm, RiveSt has developed an MD4 algorithm in 1990. The MD4 algorithm also needs to fill the information to ensure that the byte length of the information plus 448 can be divided by 512 (information byte length MOD 512 = 448). Then, one of the initial lengths of information indicated by 64-bit binary is added. The information is processed into blocks of 512-bit DAMG? RD / Merkle iterative structure, and each block is to be processed by three different steps. Den Boer and Bosselaers and others quickly discovered the first step and third steps in the MD4 version. Dobbertin demonstrates how to use a regular personal computer to find a conflict in the full version of the MD4 in a few minutes (this conflict is actually a vulnerability, which will result in encryption of different content but may get the same encryption. result). There is no doubt that MD4 is eliminated.

Although the MD4 algorithm has such a large vulnerability in the security, it has a guiding role in the presence of several information security encryption algorithms that have been developed thereon. In addition to MD5, there are also SHA-1, RIPE-MD, and HAVAL, etc.

One year later, that is, in 1991, Rivest developed technology more approached MD5 algorithm. It adds the concept of "safe-band" (safty-beelts) based on MD4. Although MD5 is slightly slower than MD4, it is safer. This algorithm is obvious by four and MD4 designs with a little different steps. In the MD5 algorithm, the size of the information - summary and the necessary conditions of the filler are identical to the MD4. Den Boer and Bosselaers have discovered pseudo-collisions in the MD5 algorithm, but there is no other resulting result.

Van Orschot and Wiener have considered a function of violent search conflicts in hash, and they guess a machine that is designed to search for MD5 conflicts (this machine is approximately manufactured in 1994 It is a million US dollars) to find a conflict every 24 days. However, from 1991 to 2001, there is no new algorithm for MD6 or other names that have alternative MD5 algorithms, and we can see that this flaw does not have much impact on MD5 security. All of these is not enough to become MD5 problems in practical applications. Also, since the use of the MD5 algorithm does not need to pay any copyright costs, in general (non-top secret applications. But even if the application is in the top secret field, MD5 is not a very good intermediate technology), MD5 It should be considered very safe. Application of algorithm

The typical application of MD5 is a message-digest to prevent tampering. For example, there are many softwares in UNIX to have a file name in the download, and the file extension is the file named .md5, in this file, there is usually only one line of text, which is approximately structured.

MD5 (tanajiya.tar.gz) = 0ca175b9c0f726a831d895e269332461

This is a digital signature of tanajiya.tar.gz file. MD5 uses the entire file as a large text message, producing this unique MD5 information summary through its irreversible string conversion algorithm. If in the process of transmitting this file later, regardless of any form changes in the content of the file (including the transmission error caused by the line instability during the download process), as long as you recall the MD5, you will find it. The summary of the information is different, thereby determining that you get just an incorrect file. If there is another third party certification body, use MD5 to prevent "reliability" of the author, this is the so-called digital signature application.

MD5 is also widely used in encryption and decryption technology. For example, the user's password in the UNIX system is stored in the file system after the MD5 (or other similar algorithm) is encrypted. When the user logs in, the system calculates the password entered into the MD5 value, then goes and saved the MD5 value in the file system to compare, and then determine if the input password is correct. By this step, the system can determine the legality of the user login system without knowing the coding of the user's password. This not only avoids the user's password known by the user of the system administrator privilege, but also adds the difficulty of password being crack to some extent.

It is precisely because of this reason, the method of hacked the most deciphering password is a method called "running". There are two ways to get a dictionary, one is a character string table for daily collections, the other is to generate the MD5 value of these dictionaries with the MD5 program, and then use the target The MD5 value is retrieved in this dictionary. We assume that the maximum length of the password is 8-bit bytes (8 bytes), and the password can only be a letter and a number, a total of 26 26 10 = 62 characters, and the number of items that are arranged in the group is P (62, 1) p (62, 2) .... P (62, 8), it is already a very an astronomical number, storing this dictionary requires a TB-level disk array, and this method has a premise, It is possible to get the password MD5 value of the target account. This encryption technology is widely used in UNIX systems, which is why the UNIX system is more robust than a general operating system.

Algorithm Description

A brief description of the MD5 algorithm may be: MD5 is grouped with 512-bit grouping to process the input information, and each group is divided into 16 32-bit sub-packets. After a series of processes, the output of the algorithm is from four 32 bits. The packet consists, and the four 32-bit grouping level will generate a 128-bit scatter value. In the MD5 algorithm, the information is first to be filled, so that the result of the byte length to 512 is equal to 448. Therefore, the byte length of the information will be extended to N * 512 448, namely N * 64 56 bytes, n is a positive integer. The filling method is as follows, and one 1 and countless 0 are filled in the rear of the information until 0 to the information of the information is stopped using 0. Then, the length of the pre-filling before this result is additionally indicated by 64-bit binary. After these two steps, the current information byte length = N * 512 448 64 = (n 1) * 512, that is, the length is exactly the integer multiple of 512. The reason for this is to meet the requirements of the information length in the back processing.

The MD5 has four 32-bit integer parameters of chaining variable, which are: a = 0x01234567, b = 0x89abcdef, c = 0xfedcba98, d = 0x76543210.

When these four link variables are set, the four-wheel loop calculation of the algorithm is started. The number of cycles is the number of 512-bit information packets in the information.

Copy the above four link variables to the other four variables: A to A, B to B, C to C, D to D.

The main circulation has four rounds (MD4 only three rounds), each round of cycles are similar. The first round of 16 operations. Each of the A, B, C, and D is operated for a nonlinear function calculation, and then the resulting result is added to the fourth variable, a sub-packet and a constant of the text. The resulting result is then moved to the right ring and plus one of A, B, C or D. Finally, the results are used to replace one of A, B, C or D. Take it is the four nonlinear functions used in each operation (one per wheel).

F (x, y, z) = (x & y) | ((~ x) & z) g (x, y, z) = (x & z) | (Y & (~ z)) h (x, y, z) = x ^ y ^ z i (x, y, z) = y ^ (x | (~ z)) (& Yes, | Yes, ~ is right, ^ is almost or)

Description of these four functions: If the corresponding position of X, Y and Z is independent and uniform, each bit of the result should also be independent and uniform. f is a function of bitmaping. That is, if x, then y, otherwise z. The function h is a bitmap parity.

Suppose MJ represents the jth packet (from 0 to 15), << ff (A, B, C, D, MJ, S, Ti) ((A (F (B, C, D) MJ Ti) << GG (A, B, C, D, MJ, S, Ti) represents A = B ((A (G (B, C, D) MJ Ti) << HH (A, B, C, D, MJ, S, Ti) represent A = B ((A (H (B, C, D) MJ Ti) << II (A, B, C, D, MJ, S, Ti ) Represents A = B ((A (i (B, C, D) MJ Ti) << These four rounds (64 steps) are: first round

FF (A, B, C, D, M0, 7, 0xD76AA478) FF (D, A, B, C, M1, 12, 0XE8C7B756) FF (C, D, A, B, M2, 17, 0X242070DB) FF ( B, C, D, A, M3, 22, 0xC1BDCEEE) FF (A, B, C, D, M4, 7, 0xF57C0FAF) FF (D, A, B, C, M5, 12, 0X4787C62A) FF (C, D, A, B, M6, 17, 0XA8304613) FF (B, C, D, M7, 22, 0xFD469501) FF (A, B, C, D, M8, 7, 0X698098D8) FF (D, A, B, C, M9, 12, 0x8B44F7AF) FF (C, D, A, B, M10, 17, 0xFFFF5BB1) FF (B, C, D, A, M11, 22, 0X895CD7BE) FF (A, B, C, D, M12, 7, 0x6b901122) FF (D, A, B, C, M13, 12, 0xFD987193) FF (C, D, A, B, M14, 17, 0XA679438E) FF (B, C, D, A, M15, 22, 0x49b40821)

second round

Gg (a, b, c, d, m1, 5, 0xF61e2562) Gg (D, A, B, C, M6, 9, 0xc040b340) Gg (C, D, A, B, M11, 14, 0x265E5A51) GG ( B, C, D, M0, 20, 0XE9B6C7AA) Gg (A, B, C, D, M5, 5, 0 x D62F105D) Gg (D, A, B, C, M10, 9, 0x02441453) Gg (C, D, A, B, M15, 14, 0XD8A1E681) Gg (B, C, D, M4, 20, 0 xE7D3FBC8) Gg (a, b, c, d, m9, 5, 0x21e1cde6) Gg (D, A, B, C, M14, 9, 0XC33707D6) Gg (C, D, B, M3, 14, 0xF4D50D87) Gg (B, C, D, A, M8, 20, 0X455A14ED) Gg (A, B, C, D, M13, 5, 0xA9E3E905) Gg (D, A, B, C, M2, 9, 0xFCEFA3F8) Gg (C, D, A, B, M7, 14, 0X676F02D9) Gg (B, C, D, A, M12, 20, 0x8d2a4c8a)

Third round

HH (A, B, C, D, M5, 4, 0xFFFA3942) HH (D, A, B, C, M8, 11, 0x8771F681) HH (C, D, A, B, M11, 16, 0x6D9D6122) HH ( B, C, D, A, M14, 23, 0xFDE5380C) HH (A, B, C, D, M1, 4, 0XA4Beea44) HH (D, A, B, C, M4, 11, 0X4BDECFA9) HH (C, D, A, B, M7, 16, 0xF6Bb4B60) HH (B, C, D, A, M10, 23, 0 xbebfbc70) HH (A, B, C, D, M13, 4, 0X289B7EC6) HH (D, A, B, C, M0, 11, 0xEAA127FA) HH (C, D, B, M3, 16, 0xD4ef3085) HH (B, C, D, A, M6, 23, 0x04881D05) HH (A, B, C, D, M9, 4, 0xD9D4D039) HH (D, A, B, C, M12, 11, 0 xE6DB99E5) HH (C, D, A, B, M15, 16, 0X1FA27CF8) HH (B, C, D, A, M2, 23, 0xc4ac5665) fourth round

II (A, B, C, D, M0, 6, 0xF429244) II (D, A, B, C, M7, 10X432AFF97) II (C, D, A, B, M14, 15, 0XAB9423A7) II ( B, C, D, M5, 21, 0xFC93A039) II (A, B, C, D, M12, 6, 0x655559C3) II (D, A, B, C, M3, 10X8F0CC92) II (C, D, A, B, M10, 15, 0xFFEFF47D) II (B, C, D, A, M1, 21, 0x85845DD1) II (A, B, C, D, M8, 6, 0X6FA87E4F) II (D, A, B, C, M15, 10XFE2CE6E0) II (C, D, A, B, M6, 15, 0XA3014314) II (B, C, D, A, M13, 21, 0X4E0811A1) II (A, B, C, D, M4, 6, 0xF7537E82) II (D, A, B, C, M11, 10, 0 xbd3af235) II (C, D, A, B, M2, 15, 0X2AD7D2BB) II (B, C, D, A, M9, 21, 0xeb86d391)

The constant TI can choose from:

In the first step, Ti is 4294967296 * ABS (SiN (i)) integer part, and the unit of I is an arc. (4294967296 equal to 2 32) All of these completed, add A, B, C, and D, respectively, plus A, B, C, D. Then use the next packet data to continue the algorithm, and the last output is cascaded of A, B, C, and D.

When you implement the MD5 algorithm according to the method I mentioned above, you can use the following information to make a simple test you made, see if there is any error.

md5 ( "") = d41d8cd98f00b204e9800998ecf8427e md5 ( "a") = 0cc175b9c0f1b6a831c399e269772661 md5 ( "abc") = 900150983cd24fb0d6963f7d28e17f72 md5 ( "message digest") = f96b697d7cb7938d525a2f31aaf161d0 md5 ( "abcdefghijklmnopqrstuvwxyz") = c3fcd3d76192e4007dfb496cca67e13b md5 ( "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789") = d174ab98d277d9f5a5611c2c9f419d9f md5 ( "123456789012345678901234567890123456789012345678901234567890123456789 01234567890") = 57edf4a22be3c955ac49da2e2107b67a If you use the above information for each instance of md5 algorithm do you do the test, and finally concluded that the standard answer exactly the same, then I will be here as you said loudly congratulated. To know, my program is not derived from the same result when the first compilation is successful.

MD5 security

Improvements made by MD5 relative to MD4:

1. Added the fourth round;

2. Each step has a unique addition constant;

3. To reduce the symmetry of function G in the second round from (X & Y) | (Y & Z) to (Y & Z) | (Y & (~ Z));

4. The first step plus the result of the previous step, which will cause faster avalanche effects;

5. Change the order of accessing the message sub-packet in the second round and third rounds, making it more different;

6. Approximately optimize the loop left shift transmissions in each round to achieve a faster avalanche effect. The displacement amount of each wheel is different.

[06 / 22-12: 58: 29] RSA algorithm of encryption algorithm

It is the first algorithm that can be used for data encryption and digital signatures. It is easy to understand and operate, and it is also very popular. The name of the algorithm is naming in the inventor's name: Ron Rivest, Adi Shamir and Leonard Adleman. But RSA's security has not been able to obtain theoretical proof. It has experienced various attacks and has not been completely broken.

First, RSA algorithm:

First, find three numbers, p, q, r, where P, q is two different rigid numbers, R is with (P-1) (q-1) mutual number ... P , Q, R These three numbers are private keys

Next, find M, make RM == 1 mod (p-1) (Q-1) ..... this m must exist, because R and (P-1) (Q-1) mutual, tossing You can get it again ..... more, calculate n = pq ....... M, N these two numbers are public keys

The encoding process is that if the information is A, it will be regarded as a large integer, assuming a = n, a table is set to S carry (S <= n, usually s = 2 ^ T), each bit is less than N, then segmentation encoding ... Next, calculate B == a ^ m mod N, (0 <= b), b is encoded) data of......

The process of decoding is calculated C == B ^ R mod pq (0 <= c

If the third party is eavesdrop, he will get a few: m, n (= pq), b ... he must find R ... if he wants to decode, you must find R ... So he It must first decompose the N-action factor ......... It is necessary to prevent him from decomposition, the most effective way is to find two very large numbers P, Q, which makes difficulties when the third party is decomposed .. ....... If p, q is a meticulous number, RM == 1 mod (p-1) (Q-1), A is any positive integer, b == a ^ m mod PQ, c == b ^ r mod pq, then c == a mod pq

The process of certification will be used to use the Maima's aimation, and the following: m is either, n is any integer, then n ^ m == n mod m (change another sentence, if n and m N ^ (m-1) == 1 MOD M) Use some basic groupual knowledge, it can be easily certified to the horse's small theorem ........

Because of Rm == 1 MOD (P-1) (Q-1), RM = K (P-1) (Q-1) 1, where K is an integer because in MODULO is a preserve multiplication ( X == y mod z => xu == yV MOD Z), so c == b ^ r == (a ^ m) ^ r == a ^ (rm) == a ^ (k (p-1) (Q-1) 1) MOD PQ

1. If a is not a multiple of P, it is not a multiple of Q, then a ^ (p-1) == 1 mod p (GM small theorem) => A ^ (k (p-1) (Q-1) )) == 1 mod pa ^ (q-1) == 1 mod ((马 小 ore) => a ^ (k (p-1)) == 1 mod il, P, Q All can be all A ^ (k (p-1) (q-1)) - 1 => pq | a ^ (k (p-1) (q-1)) - 1 is A ^ (k (p-1 ) (q-1)) == 1 mod pq => c == a ^ (k (p-1) (Q-1) 1) == a mod pq

2. If A is the multiple of P, but is not a multiple of Q, then a ^ (q-1) == 1 mod => A ^ (k (p-1) (Q-1) )) == 1 mod => c == a ^ (k (p-1) (q-1) 1) == a mod => Q | C - a due to P | a => c == A ^ (k (p-1) (Q-1) 1) == 0 mod p => P | c - a, PQ | C - a => c == a mod pq

3. If A is the multiple of Q, but when it is a multiple of P, it proves the same

4. If a is the multiple of P and Q, PQ | a => c == a ^ (k (p-1) (Q-1) 1) == 0 mod pq => PQ | C - a => c == a mod pq qed

This theorem illustrates that A == C mod n (n = pq) ... but we limit 0 <= a

The security of RSA depends on the large number of decomposition, but whether it is equivalent to the theoretical proof, because there is no proven to crack the RSA, there must be a large number of decomposition. Assume that there is an algorithm that does not have to decompose, it must be modified to become a large number of decomposition algorithms. At present, some of RSA's variety algorithms have been proven to be equivalent to large decomposition. Anyway, decomposition N is the most obvious attack method. Nowadays, people have decomposed a number of decimal places. Therefore, the modulus n must be selected, depending on the specific applicability.

Third, the speed of RSA

Since all of them are calculated, the fastest cases of RSA are slower than DES, whether it is software or hardware implementation. The speed has always been the defect of RSA. Generally, only a small amount of data encryption.

Fourth, RSA's Choice Ciphertext Attack

RSA is very fragile in front of the selection of ciphertext attacks. The general attacker is to make a piece of information, and sign the entity owned by the private key. Then, the information it wants can be obtained after calculation. In fact, the attack is the same weakness, that is, there is a fact: multiplying the input multiplication structure:

(Xm) ^ D = x ^ D * m ^ D mod n

As mentioned earlier, this inherent problem comes from the most useful feature of the public key cryptographic system - each person can use the public key. However, from the algorithm to solve this problem, there are two main measures: one is a good public key protocol to ensure that the entity does not decrypt the information generated by other entities during the work, and is not known for the information you know nothing. One is never sent to the random document signature sent by the stranger, first use One-Way HashFunction to process the document as Hash, or use different signature algorithms simultaneously. Several different types of attack methods are mentioned in China.

V. RSA public analog number attack

If there is a modulus in the system, only different people have different E and D, and the system will be dangerous. The most common situation is that the same information is encrypted with different public keys, and these public keys are common mode and mutually matched, then the information can be restored without private key. Set P as a clear text, two encryption keys E1 and E2, the public modulus is n, then:

C1 = P ^ E1 MOD N

C2 = P ^ E2 MOD N

Cryptographic analysts know N, E1, E2, C1 and C2, can get P.

Because E1 and E2 are mutual, I can find R and S with the Euclidean algorithm, satisfying:

R * E1 S * E2 = 1

Suppose r is negative, need to calculate C1 ^ (- 1) with the ECLIDEAN algorithm, then

(C1 ^ (- 1)) ^ (- r) * C2 ^ s = p mod n

In addition, there are several other methods that use common analog to attack. In summary, if you know a pair of E and D for a given analog number, one is conducive to the attacker to decompose analog, one is to contribute to the attacker to calculate other paired E 'and D' without having to decompose anode. The solution is only one, that is, do not share analog number n.

The small index attack of RSA. There is a suggestion for increasing the RSA speed to make the public key E take a smaller value, which makes the encryption easy to achieve, and the speed is improved. But this is unsafe, and the method of dealing with E and D take a large value.

The RSA algorithm is the first algorithm that can be used for encryption and digital signatures, and is also easy to understand and operate. RSA is the most widely studied public key algorithm. From now on, it has been in the past two decades. It has experienced various attacks, and gradually accepts people, and is generally one of the best public key schemes. The security of RSA depends on the factor decomposition of the large number, but does not in theory to prove the difficulty of deciphering RSA and the equivalent of the large number of decomposition. That is, the significant defects of RSA are unable to grasp its confidentiality performance in theory, and most people who pass codenic programs tend to decompose factor is not NPC issues. The shortcomings of RSA have mainly: a) It is very troublesome to generate a key, which is limited by the number of techniques, so it is difficult to achieve a secret. B) Packet length is too large, in order to ensure safety, n at least 600 bits or more, make the calculation cost, especially slower, more symmetric cryptographic algorithms, slowly, and with the development of large decomposition technology This length is also increasing, which is not conducive to standardization of data format. Currently, the SET (Secure Electronic Transaction) protocol requires CA to use a bit long key, and other entities use the bit of the bit. [06 / 22-12: 58: 37] DES algorithm

I. DES algorithm

The US State Standards Bureau began researching the data encryption standards of computer systems in other departments outside the Ministry of Defense, and issued an announcement of the Encryption algorithm twice on August 27, 1973 and August 27, 1973. The purpose of the encryption algorithm (commonly referred to as the DES password algorithm) is mainly the following four points: ☆ Provide high quality data protection to prevent data unauthorized leaks and unaware modifications;

☆ It has a considerable complexity that makes the deciphering overhead exceeds the benefits that may be obtained, and it is necessary to understand and master;

☆ The security of the DES password system should not depend on the confidentiality of the algorithm, and its security is only based on the confidentiality of the encryption key;

☆ Realize the economy, run effective, and apply to a variety of completely different applications.

In January 1977, the US government promulgated: adopted IBM's design as a formal data encryption standard for non-confidential data (DES Jujube Data ENCRYPTION STANDARD).

At present, with the start of the three gold projects, the DES algorithm is widely used in POS, ATM, Magnetic Card and Smart Card (IC Card), Gas Station, Expressway Toll Station, etc., to achieve the key Data confidential, such as credit cardholder PIN encryption, two-way authentication between IC cards and POS, MAC checking of financial transaction packets, etc. There are three entrance parameters of the DES algorithm: Key, Data, Mode. Where KEY is 8 bytes a total of 64 bits, which is the working key of the DES algorithm; DATA is also 8 bytes of 64 bits, is the data to be encrypted or decrypted; Mode is desperate, there are two types: Encryption or decryption. The DES algorithm is working like this: If Mode is encrypted, use Key to encrypt data DATA, generate DATA's password (64-bit) as the output result of DES; if Mode is decrypted, use Key to put the password form Data DATA decryption, restoring the image of the DATA (64-bit) as the output result of the DES. On both ends of the communication network, the two parties agree to en encrypt the core data in the source of communication with Key, and then transmitted to the communication network in the public communication network (such as the telephone network) in the form of a password. After the destination, the cryptographic data is decrypted with the same Key, and the core data of the coded form is reproduced. In this way, the security and reliability of the core data (such as PIN, MAC, etc.) is transmitted in the public communication network. By regularly switching new Key at the same time and destination, the data is further improved, which is the popular practice of financial transaction networks. Detail DES Algorithm Detail The 64-bit express input block becomes 64-bit ciphertext block, which is also 64 bits, the mainstream diagram of the entire algorithm is as follows: The function is to input the input 64-bit data The block is re-combined, and the output is divided into L0, R0, each of which is 32 points, and its replacement rules are shown below: 58, 50, 12, 34, 26, 18, 10, 2, 60, 52 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39 31, 23, 15, 7, the 58th of the input is changed to the first bit, and the 50th is changed to the second bit, ..., according to this type, the last bit is the original 7th bit. L0, R0 is the two parts after the transposition output, and the L0 is the left 32 bits of the output, and R0 is the right 32 bits, an example: set the input value of D1D2D2D3 ... D64, after initial replacement The result is: L0 = D58D50 ... D8; R0 = D57D49 ... D7. After 16 iterative operations. L16, R16 gets this as input, and the reverse replacement is performed, that is, the ciphertext output is obtained.

The inverse replacement is exactly the initial counterputation, for example, after the initial replacement, in the 40th, by reverse replacement, the inverse replacement rules are shown in the table below. : 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30, 37 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 34, 2 42, 10, 50, 18, 58 26, 33, 1, 41, 9, 49, 17, 57, 25, amplifying Tables 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 17, 12, 19, 20, 21, 20, 21, 22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1, simple transposition table 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 2, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25, in F (Ri , Ki) In the diagram, S1, S2 ... S8 is the selection function, which is functional to turn the 6bit data to 4 bit data.

The menu of the selection function Si (i = 1, 2 ... 8) is given below: Select function Si S1: 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6 12, 5, 9, 0, 7, 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 4, 1, 14, 8 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10 , 0, 6, 13, s2: 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 3, 13, 4, 7, 15 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3 2, 15, 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9, s3: 10, 0, 9, 14, 6, 3 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15 , 1, 13, 6, 4, 9, 8, 15, 3, 10, 11, 1, 2, 12, 5, 10, 14, 7, 1, 10, 13, 0, 6, 9, 8, 7 4, 15, 14, 3, 11, 5, 2, 12, s4: 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 10, 6, 9, 0, 12, 11, 7, 13, 15 1, 3, 14, 5, 2, 8, 4, 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14, S5: 2 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 14, 11, 2, 12, 4, 7, 13, 1, 5, 0 15, 10, 3, 9, 8, 6, 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 11, 8, 12 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3, s6: 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3 4, 14, 7, 5, 11, 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 9, 14, 15, 5 , 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11 6, 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13, s7: 4, 11, 2, 14, 15, 0, 8 13, 3, 12, 9, 7, 5, 10, 6, 1, 13, 10, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 6, 11, 13, 8, 1, 4, 10, 7, 9 5, 10, 15, 14, 2, 3, 12, s8: 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 1 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 7, 11, 4, 1, 9, 12, 14, 2, 0, 6 10, 13, 15, 3, 5, 8, 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11, here S1 Examples have their functions, we can see that in S1, there are 4 lines of data, named 0, 1, 2, 3 lines; there are 16 columns per line, named 0, 1, 2, 3, .... .., 14, 15 columns. The input is: D = D1D2D3D4D5D6 order: column = D2D3D4D5 line = D1D6 then enables the corresponding number in the S1 table, indicated in a 4-bit binary, that is, the output of the selection function S1.

The generation algorithm for the child key Ki (48bit) is given from the generated algorithm of the sub-key Ki. We can see: the initial key value is 64 bits, but the DES algorithm is set, of which 8th, 16, ... ... 64 bits are parity blocks and do not participate in the DES operation. Therefore, KEY is only 56. That is, after the change of the change in the selection of the transmissions Table 1, the number of keys turned from 64 bits to 56 bits. This 56 bit is divided into C0, D0 two parts, each 28 bits, then perform the first cycle left shift , Obtain C1, D1, combined with C1 (28), D1 (28) to obtain 56 bits, and then reducing the selection of transposition 2, thereby obtaining a key K0 (48 bits). If you push it, you can get K1, K2, ..., K15, but it should be noted that the left shift bit number of 16 cyclic left shifts should be performed according to the following rules: cyclic left shift number 1 The encryption process of the DES algorithm is described above 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, and 1. The DES algorithm decryption process is the same, and the difference is only to use sub-key K15, the second K14, ..., the last time I use K0, and the algorithm itself does not change. Second, DES algorithm theory diagram

The algorithm of DES is symmetrical, which can be used for encryption and can be used for decryption. The following figure is a crude block diagram of its algorithm. The specific operation process has the following seven steps.

Third, the application misunderstanding of the DES algorithm

The DES algorithm has extremely high security, so far, in addition to the use of the exhaustion search method to attack the DES algorithm, there is no more effective way. The 56-bit long key is 256, which means that if a computer detects one million key per second, it takes near 2285 time. It can be seen that this is difficult to implement, of course, with the development of science and technology, after an ultra-high speed computer, we can consider reducing the length of the DES key to achieve a higher degree of confidentiality. Introduction to the above DES algorithm We can see that only 56 bits of 64-bit keys are used in the DES algorithm, while 8th, 16th, 24, ... 64-bit 8 bits are not involved in the DES operation At this point, we have proposed a request for the application, that is, the security of DES is based on the combined change in combination of 56 bits outside of 8, 16, 24, ... 64, is guaranteed. Therefore, in practical applications, we should avoid using rated 8, 16, 24, ... 64 as a valid data bit, and use other 56-bit as a valid data bit, to ensure the DES algorithm is safe and reliable. Play a role. If you don't understand this, use the key KEY's 8, 16, 24, .....64 bit as a valid data, will not guarantee the security of the DES encryption data, generate the system that uses DES to achieve a confidential role. Data is deciphering, this is the misunderstanding of the DES algorithm in the application, leaving a very hidden danger that is being attacked and decipherted.

[06 / 22-12: 58: 52] DSA algorithm

Digital Signature Algorithm (DSA) is a variant of Schnorr and Elgamal signature algorithms, which is used as DSS (DigitalSignature Standard) by the US NIST. The following parameters are applied in the algorithm:

P: L bits long prime numbers. L is a multiple of 64, the range is 512 to 1024; Q: P - 1 160BITS presence; g: g = h ^ ((p-1) / q) MOD P, H satisfying H

1; x: x

DSA is based on integer limited domain discrete logs, and its security is similar to RSA. One of the important features of DSA is that the number of two prime numbers is disclosed. When using others's P and Q, even if you don't know the private key, you can confirm whether they are randomized, or have a hands and feet. The RSA algorithm does not do.

[06 / 22-12: 59: 06] ELGAMAL algorithm of encryption algorithm ELGAMAL algorithm

The Elgamal algorithm can be used for data encryption and can also be used in digital signatures, and its security depends on the problem of discrete logarithm in calculation. Key pair is generated. First, select a populinary number P, two random numbers, G, and X, G, X

A = g ^ k (MOD P) Re-use the Euclidean algorithm to solve the following equation B:

M = Xa KB (MOD P - 1)

Signature is (A, B). Random number K must be discarded. Verify the following formula when verifying:

Y ^ a * a ^ b (mod p) = g ^ m (MOD P)

At the same time, be sure to test whether 1 <= a

A = g ^ k (MOD P) b = y ^ k M (MOD P)

(a, b) is a ciphertext, which is twice as long. Decrypt time calculation

M = B / a ^ x (MOD P)

The security of the Elgamal signature depends on the discrete logarithm calculation on the multiplication group (IFP) *. The number P must be large enough, and P-1 contains at least one bulk factor to resist the attack of the Pohlig & Hellman algorithm. M General should use the HASH value of information (such as the SHA algorithm). The security of Elgamal is mainly based on P and G. If you choose not proper, the signature is easy to fake, and the GM is not about the P-1. Some attack methods and countermeasures are mentioned in D.blentichenbache "GeneratingElgamal Signatures WITHOUT KNOWING THE Secret Key". A shortcoming of Elgamal is its ciphertext classification. The DSA (Digital Signature Algorithm) algorithm in the United States is the Elgamal algorithm.

[06 / 22-12: 59: 27] BLOWFISH Algorithm

Servers: Nightlings: luoyi_ly1@sina.com Time: October 6, 2001: Blowfish's CRACKME1 Registrar: BFKeygen

First, the Blowfish algorithm illustrates (the data type in the text is subject to TC2.0)

The blowfish algorithm is used to encrypt the 64bit length string. Blowfish algorithm uses two "boxes" --ungigned long pbox [18] and unsigned long sbox [4,256]. In the blowfish algorithm, there is a core encryption function: bf_en (detailed later). This function inputs 64-bit information, and outputs it in the form of 64-bit ciphertext after operation. Encrypt information with a blowfish algorithm requires two processes:

1. Key preoperant 2. Information encryption

The following description: Key Prerequisites: The source key of the Blowfish algorithm - Pbox and Sbox are fixed. We want to encrypt a message, you need to choose a key, use this key to transform Pbox and Sbox, get the next information encryption, KEY_PBOX and Key_Sbox you want to use. The specific variation algorithm is as follows:

1) Fill KEY_SBOX 2 with SBOX 2) Different or PBOX, use ash or result with the result of ours or the result. Key can be used cyclically. For example: The choice of Key is "Abcdefghijklmn". The same or the process is: key_pbox [0] = pbox [0] ^ Abcdefgh key_pbox [1] = Pbox [1] ^ ijklmnab .............. .......... This loop until Key_box fills. 3) Encrypt a total of 64-bit information with BF_EN, replace Key_PBox [0] and Key_PBox [1] with the result of the output. i = 0 4) Key_PBox [i], key_pbox [i 1] encrypted with bf_en, use output replacement KEY_PBOX [i 2] and key_pbox [i 3] 5) i 2, continue in step 4, Until KEY_PBOX is all replaced 6) Do the first input with key_pbox [16] and key_pbox [17] (equivalent to the top of the full 0 above), with similar methods, replace the key_sbox information encryption. Information encryption is to divide two parts of 32 bits with functions: XL, XR bf_en transform input information, BF_EN functions detailed process:

For i = 1 to 16 xl = xl ^ pi xr = f (xl) ^ XR swap XL and XR (last round cancel this calculation) XR = XR ^ P17 XL = XL ^ P18 Re-complicated XL and XR function f See Photo:

8-digit 32-bit | ----------- S box 1 ----------- | | 加 | 8-digit 32-bit | ---- | ------ ----- S box 2 ----------- | | | | | Different or ---- 32 - | | | | 8-bit 32-bit | | | -------- ----- S box 3 --------------- | 加 | | ---------------- 32 | | | | | | | | 8-bit 32-bit | | ----------- S box 4 ----------------------- divide XL into 4 8 A, B, C and D output: f (xl) = ((((S [1, A] S [2, B]) MOD 4294967296) ^ s [3, c]) s [ 4, D]) MOD 4294967296 (2 of 32) (2 32) The result of re-merged output is the ciphertext we need. Decryption with a blowfish algorithm and two processes are also required. 1. Key Prerequisit 2. The process of decrypting the information decryption key pre-processed process is the process of decrypting the information encryption process to use the key_pbox of the information encryption process.

It can be seen that different KEY is selected, and the same information is encrypted with a BlowFish algorithm, and different results can be obtained. To crack the blowfish algorithm, it is to get the key of the Blowfish algorithm. Therefore, using the BlowFish algorithm for encryption, the most important thing is the choice of Key and the confidentiality of Key. The choice of KEY can be inspected using the _weakkey function in bf_sdk. The following is the description of this function:

Source: ----------------------------------------------- ---------------------------------------- _Weakkey Function: Test if The Generated Boxes Are Weak Argument: None Return: AX = Status (1 = Weak, 0 = Good) Affects: AX, BX, CX, DX, Si, Di, Direction Flag Description: after "_initcrypt" You Should Test the Boxes with this function. If the boxes PROVIDE A WEAKNESS WHICH A CRYPTOANALST COULD USE to BREAK The Cipher A "1" is returned. in this case.. --------------------------- -------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- ------------- _WeakKey function: The test generated Box is safe parameters: no return: AX = 1 is not safe; AX = 0 security impact: AX, BX, CX, DX, Si, Di , Directional Sign Description: After using the "_initcrypt" function to generate Boxes for encryption, you should use this function to test whether Boxes generated is secure. If the key generated by the key is unsafe - you can pass the password analyst to get Key by analyzing Boxes, then you should use another key to generate a secure BoxES to encrypt.

-------------------------------------------------- ------------------------------------- 2, blowfish's crackme1 analysis

Since the CRACKME is mainly to test your cryptographic knowledge, there is no custom card in other respects. In order to reduce the volume of the file, shorten the time to download, use the UPX to add the shell, and use the TRW2000 "Pnewsec Makepe" to take off the shell. By conventional methods, to quickly find the key at the following comparison:: 004015D9 51 push ecx: 004015DA 52 push edx: 004015DB 6880894000 push 00408980: 004015E0 E8EBFAFFFF call 004010D0 // BF_De (sn): 004015E5 8B442464 mov eax, dword ptr [esp 64]: 004015E9 8B0DF0994000 mov ecx, dword ptr [004099F0]: 004015EF 83C41C add esp, 0000001C: 004015F2 3BC1 cmp eax, ecx // comparison: 004015F4 7529 jne 0040161F: 004015F6 8B4C244C mov ecx, dword ptr [esp 4C]: 004015FA A1EC994000 MOV EAX, DWORD PTR [00409 TeC]: 004015FF 3BC8 CMP ECX, EAX // Comparison: 00401601 751C JNE 0040161F: 00401603 6A30 PUSH 00000030 Since the information of the Blowfish algorithm encryption, the information of the decryption output is 64bit, so it is necessary to carry out two comparisons. Since we knew that his transform for our SN is bf_de, ​​then, it is obvious that we have to find the program to initialize the place to initialize KEY_PBOX and Key_SBOX. Follow the 4015E0 Call, find Key_Pbox at 408980, lower BPM, then track, analyze, find the program to initialize KEY_PBOX and Key_SBOX, as follows:

: 004016C0 50 Push EAX

* Possible StringData Ref from Data Obj -> "CrackingForFun" |: 004016C1 6844804000 push 00408044: 004016C6 6880894000 push 00408980: 004016CB E860FAFFFF call 00401130 // initialize Boxes From this we know BF_De (sn) is the key "CrackingForFun". Half of the problem has been solved. Let's take another 64 bit of the other 64bit to compare. After the BPM 4099EC W followed, it was found to be generated by bf_en (ComputerID, Key = "chinackingGroup"). At this point, we can write a registration machine algorithm: SN = bf_en ((computer)), key = "crackingforfun") As long as you have enough programming, the cryptography is also going, write this thing The registration machine is not difficult. Attach: ComputerID is generated if you are very interested in this CRACKME, I still want to study how his computerID is generated, or continue to track, analyze, here, I will give me a analysis Result: ComputerID = BF_EN (0776F6C62H, 068736966H, Key = pw_1) where the PW_1 is your Windows version number, can be seen in the "System Properties", that is, H_L_M / Software / Microsoft / Windows / CurrentVersion in the registry The ProductID item. On my machine: "25001-OEM-0080247-46673" registrar source code has some statements without sending, using ";" shielded, if you are interested, you can put the front; I'm going back and then put the PW_1 of the .DATA section to your machine's ComputerID, then according to the instructions in the program, you will modify the source program, use the MASM32V6 to recompile, press Generate, and get the correct serial number. Third, registration machine Source

Blowfish's Crackme's Keygen Writen By Night Month [CCG]; Any Questions, please e-mail to luoyi.ly@yeah.net; Thanks to Garfield, Blowfish, Toye; Software Process:; 1.getversion Get the machine Windows version number. PW_1; 2. Fixed string "chinacckinggroup". PW_2; 3. Secure string "crackingforfun". PW_3; 4. The string you entered. Sn; bf_en (0776F6C62H, 068736966H, Key = PW_1) Gets a Computer ID; BF_EN (ComputerID, Key = PW_2) Get MAGICNUM; IF (BF_DE (Sn, Key = PW_3) == MAGICNUM) THEN Registed OK!

.386 .Model flat, stdcall option, casp: none include windows.inc include user32.inc include kernel32.inc include comctl32.inc include comdlg32.inc include masm32.inc

IncludDelib Masm32.lib includeelib user32.lib incrudelib kernel32.lib incrudelib comctl32.lib includeLIB COMDLG32.LIBDLG_MAIN EQU 100 IDGEN EQU 10 Edit1 EQU 11 Edit2 EQU 12

LEN_PW_1 EQU Offset Data1_P - Offset PW_1

_Procdlgmain Proto Word, Word, Word, Word_Math Proto Word, Word, Word Blowfish_en Proto Word, Word Blowfish_fun proto word bulwfish_init proto word, word

.DATA? HINSTANCE DD?

.data; if you use the ComputerID to generate a serial number, you should change the PW_1 to your own machine's Windows version number; PW_1 DB "25001-OEM-0080247-46673" PW_2 DB "CRACKINGGROUP" PW_3 DB "CRACKINGFORFUN" SZID DB 20 DUP (0) SZText DB 9 DUP (0) DATA1_P DD 0776F6C62H, 068736966H KEY DD 1058 DUP (0) Bflow DD 0

BFHIGH DD 0 Mybflow DD 0 Mybfhigh DD 0

pbox dd 0243f6a88h, 085a308d3h, 013198a2eh, 003707344h, 0a4093822h, 0299f31d0h dd 0082efa98h, 0ec4e6c89h, 0452821e6h, 038d01377h, 0be5466cfh, 034e90c6ch dd 0c0ac29b7h, 0c97c50ddh, 03f84d5b5h, 0b5470917h, 09216d5d9h, 08979fb1bh

sbox1 dd 0d1310ba6h, 098dfb5ach, 02ffd72dbh, 0d01adfb7h, 0b8e1afedh, 06a267e96h dd 0ba7c9045h, 0f12c7f99h, 024a19947h, 0b3916cf7h, 00801f2e2h, 0858efc16h dd 0636920d8h, 071574e69h, 0a458fea3h, 0f4933d7eh, 00d95748fh, 0728eb658h dd 0718bcd58h, 082154aeeh, 07b54a41dh, 0c25a59b5h, 09c30d539h, 02af26013h dd 0c5d1b023h, 0286085f0h, 0ca417918h, 0b8db38efh, 08e79dcb0h, 0603a180eh dd 06c9e0e8bh, 0b01e8a3eh, 0d71577c1h, 0bd314b27h, 078af2fdah, 055605c60h dd 0e65525f3h, 0aa55ab94h, 057489862h, 063e81440h, 055ca396ah, 02aab10b6h dd 0b4cc5c34h, 01141e8ceh, 0a15486afh, 07c72e993h, 0b3ee1411h, 0636fbc2ah dd 02ba9c55dh, 0741831f6h, 0ce5c3e16h, 09b87931eh, 0afd6ba33h, 06c24cf5ch dd 07a325381h, 028958677h, 03b8f4898h, 06b4bb9afh, 0c4bfe81bh, 066282193h dd 061d809cch, 0fb21a991h, 0487cac60h, 05dec8032h, 0ef845d5dh, 0e98575b1h dd 0dc262302h, 0eb651b88h, 023893e81h, 0d396acc5h, 00f6d6ff3h, 083f44239h dd 02e0b4482h, 0a4842004h, 069C8F04AH, 09E1F9B5EH, 021C66842H, 0F6E96C9AH DD 0670C9C61H, 0ABD388F0H, 06A51 a0d2h, 0d8542f68h, 0960fa728h, 0ab5133a3h dd 06eef0b6ch, 0137a3be4h, 0ba3bf050h, 07efb2a98h, 0a1f1651dh, 039af0176h dd 066ca593eh, 082430e88h, 08cee8619h, 0456f9fb4h, 07d84a5c3h, 03b8b5ebeh dd 0e06f75d8h, 085c12073h, 0401a449fh, 056c16aa6h, 04ed3aa62h, 0363f7706h dd 01bfedf72h, 0429b023dh, 037d0d724h, 0d00a1248h, 0db0fead3h, 049f1c09bh dd 0075372c9h, 080991b7bh, 025d479d8h, 0f6e8def7h, 0e3fe501ah, 0b6794c3bh dd 0976ce0bdh, 004c006bah, 0c1a94fb6h, 0409f60c4h, 05e5c9ec2h, 0196a2463h dd 068fb6fafh, 03e6c53b5h, 01339b2ebh, 03b52ec6fh, 06dfc511fh, 09b30952ch dd 0cc814544h, 0af5ebd09h, 0bee3d004h, 0de334afdh, 0660F2807H, 0192E4BB3H DD 0C0CBA857H, 045C8740FH, 0D20B5F39H, 0B9D3FBDBH, 05579C0BDH, 01A60320AH DD 0D6A100C6H, 0402C7279H, 0679F25FEH,

0fb1fa3cch, 08ea5e9f8h, 0db3222f8h dd 03c7516dfh, 0fd616b15h, 02f501ec8h, 0ad0552abh, 0323db5fah, 0fd238760h dd 053317b48h, 03e00df82h, 09e5c57bbh, 0ca6f8ca0h, 01a87562eh, 0df1769dbh dd 0d542a8f6h, 0287effc3h, 0ac6732c6h, 08c4f5573h, 0695b27b0h, 0bbca58c8h dd 0e1ffa35dh, 0b8f011a0h, 010fa3d98h, 0fd2183b8h, 04afcb56ch, 02dd1d35bh dd 09a53e479h, 0b6f84565h, 0d28e49bch, 04bfb9790h, 0e1ddf2dah, 0a4cb7e33h dd 062fb1341h, 0cee4c6e8h, 0ef20cadah, 036774c01h, 0d07e9efeh, 02bf11fb4h dd 095dbda4dh, 0ae909198h, 0eaad8e71h, 06b93d5a0h, 0d08ed1d0h, 0afc725e0h dd 08e3c5b2fh, 08e7594b7h, 08ff6e2fbh, 0f2122b64h, 08888b812h, 0900df01ch dd 04fad5ea0h, 0688fc31ch, 0d1cff191h, 0b3a8c1adh, 02f2f2218h, 0be0e1777h dd 0ea752dfeh, 08b021fa1h, 0e5a0cc0fh, 0b56f74e8h, 018acf3d6h, 0ce89e299h dd 0b4a84fe0h, 0fd13e0b7h, 07cc43b81h, 0d2ada8d9h, 0165fa266h, 080957705h dd 093cc7314h, 0211a1477h, 0e6ad2065h, 077b5fa86h, 0c75442f5h, 0fb9d35cfh dd 0EBCDAF0CH, 07B3E89A0H, 0D6411BD3H, 0AE1E7E49H, 000250E2DH, 02071B35EH DD 0226800bbh, 057b8e0afh, 02464369bh, 0f009b91eh, 05563911dh, 059dfa6aah dd 078c14389h, 0d95a537fh, 0207d5ba2h, 002e5b9c5h, 083260376h, 06295cfa9h dd 011c81968h, 04e734a41h, 0b3472dcah, 07b14a94ah, 01b510052h, 09a532915h dd 0d60f573fh, 0bc9bc6e4h, 02b60a476h, 081e67400h, 008ba6fb5h, 0571be91fh dd 0f296ec6bh, 02A0DD915H, 0B6636521H, 0E7B9F9B6H, 0F34052EH, 0C5855664H DD 053B02D5DH, 0A99F8FA1H, 008BA4799H, 06E85076AH

sbox2 dd 04b7a70e9h, 0b5b32944h dd 0db75092eh, 0c4192623h, 0ad6ea6b0h, 049a7df7dh, 09cee60b8h, 08fedb266h dd 0ecaa8c71h, 0699a17ffh, 05664526ch, 0c2b19ee1h, 0193602a5h, 075094c29h dd 0a0591340h, 0e4183a3eh, 03f54989ah, 05b429d65h, 06b8fe4d6h, 099f73fd6h dd 0a1d29c07h, 0efe830f5h, 04d2d38e6h, 0f0255dc1h, 04cdd2086h, 08470eb26h dd 06382e9c6h, 0021ecc5eh, 009686b3fh, 03ebaefc9h, 03c971814h, 06b6a70a1h dd 0687f3584h, 052a0e286h, 0b79c5305h, 0aa500737h, 03e07841ch, 07fdeae5ch dd 08e7d44ech, 05716f2b8h, 0b03ada37h, 0f0500c0dh, 0f01c1f04h, 00200b3ffh dd 0ae0cf51ah, 03cb574b2h, 025837a58h, 0dc0921bdh, 0d19113f9h, 07ca92ff6h dd 094324773h, 022f54701h, 03ae5e581h, 037c2dadch, 0c8b57634h, 09af3dda7h dd 0a9446146h, 00fd0030eh, 0ecc8c73eh, 0a4751e41h, 0e238cd99h, 03bea0e2fh dd 03280bba1h, 0183eb331h, 04e548b38h, 04f6db908h, 06f420d03h, 0f60a04bfh dd 02cb81290h, 024977c79h, 05679b072h, 0bcaf89afh, 0de9a771fh, 0d9930810h dd 0B38BAE12H, 0DCCF3F2EH, 05512721FH, 02E6B7124H, 0501ADDE6H, 09F84CD87H DD 07A 584718h, 07408da17h, 0bc9f9abch, 0e94b7d8ch, 0ec7aec3ah, 0db851dfah dd 063094366h, 0c464c3d2h, 0ef1c1847h, 03215d908h, 0dd433b37h, 024c2ba16h dd 012a14d43h, 02a65c451h, 050940002h, 0133ae4ddh, 071dff89eh, 010314e55h dd 081ac77d6h, 05f11199bh, 0043556f1h, 0d7a3c76bh, 03c11183bh, 05924a509h dd 0f28fe6edh, 097f1fbfah, 09ebabf2ch, 01e153c6eh, 086e34570h, 0eae96fb1h dd 0860e5e0ah, 05a3e2ab3h, 0771fe71ch, 04e3d06fah, 02965dcb9h, 099e71d0fh dd 0803e89d6h, 05266c825h, 02e4cc978h, 09c10b36ah, 0c6150ebah, 094e2ea78h dd 0a5fc3c53h, 01e0a2df4h, 0f2f74ea7h, 0361d2b3dh, 01939260fh, 019c27960h dd 05223a708h, 0f71312b6h, 0eAc31f66h, 0e3bc4595h, 0A67BC883H DD 0B17F37D1H, 0018CFF28H, 0C332DDEFH, 0BE6C5AA5H, 065582185H, 068AB9802H DD 0EECEA50FH,

0db2f953bh, 02aef7dadh, 05b6e2f84h, 01521b628h, 029076170h dd 0ecdd4775h, 0619f1510h, 013cca830h, 0eb61bd96h, 00334fe1eh, 0aa0363cfh dd 0b5735c90h, 04c70a239h, 0d59e9e0bh, 0cbaade14h, 0eecc86bch, 060622ca7h dd 09cab5cabh, 0b2f3846eh, 0648b1eafh, 019bdf0cah, 0a02369b9h, 0655abb50h dd 040685a32h, 03c2ab4b3h, 0319ee9d5h, 0c021b8f7h, 09b540b19h, 0875fa099h dd 095f7997eh, 0623d7da8h, 0f837889ah, 097e32d77h, 011ed935fh, 016681281h dd 00e358829h, 0c7e61fd6h, 096dedfa1h, 07858ba99h, 057f584a5h, 01b227263h dd 09b83c3ffh, 01ac24696h, 0cdb30aebh, 0532e3054h, 08fd948e4h, 06dbc3128h dd 058ebf2efh, 034c6ffeah, 0fe28ed61h, 0ee7c3c73h, 05d4a14d9h, 0e864b7e3h dd 042105d14h, 0203e13e0h, 045eee2b6h, 0a3aaabeah, 0db6c4f15h, 0facb4fd0h dd 0c742f442h, 0ef6abbb5h, 0654f3b1dh, 041cd2105h, 0d81e799eh, 086854dc7h dd 0e44b476ah, 03d816250h, 0cf62a1f2h, 05b8d2646h, 0fc8883a0h, 0c1c7b6a3h dd 07f1524c3h, 069cb7492h, 047848a0bh, 05692b285h, 0095BBF00H, 0AD19489DH DD 01462B174H, 023820E00H, 058428D2AH, 00C55F5EAH, 01 dadf43eh, 0233f7061h dd 03372f092h, 08d937e41h, 0d65fecf1h, 06c223bdbh, 07cde3759h, 0cbee7460h dd 04085f2a7h, 0ce77326eh, 0a6078084h, 019f8509eh, 0e8efd855h, 061d99735h dd 0a969a7aah, 0c50c06c2h, 05a04abfch, 0800bcadch, 09e447a2eh, 0c3453484h dd 0fdd56705h, 00e1e9ec9h, 0db73dbd3h, 0105588cdh, 0675fda79h, 0E3674340H DD 0C5C43465H, 0713E38D8H, 03D28F89EH, 0F16DFF20H, 0153E21E7H, 08FB03D4AH DD 0E6E39F2BH, 0DB83ADF7H

sbox3 dd 0e93d5a68h, 0948140f7h, 0f64c261ch, 094692934h dd 0411520f7h, 07602d4f7h, 0bcf46b2eh, 0d4a20068h, 0d4082471h, 03320f46ah dd 043b7d4b7h, 0500061afh, 01e39f62eh, 097244546h, 014214f74h, 0bf8b8840h dd 04d95fc1dh, 096b591afh, 070f4ddd3h, 066a02f45h, 0bfbc09ech, 003bd9785h dd 07fac6dd0h, 031cb8504h, 096eb27b3h, 055fd3941h, 0da2547e6h, 0abca0a9ah dd 028507825h, 0530429f4h, 00a2c86dah, 0e9b66dfbh, 068dc1462h, 0d7486900h dd 0680ec0a4h, 027a18deeh, 04f3ffea2h, 0e887ad8ch, 0b58ce006h, 07af4d6b6h dd 0aace1e7ch, 0d3375fech, 0ce78a399h, 0406b2a42h, 020fe9e35h, 0d9f385b9h dd 0ee39d7abh, 03b124e8bh, 01dc9faf7h, 04b6d1856h, 026a36631h, 0eae397b2h dd 03a6efa74h, 0dd5b4332h, 06841e7f7h, 0ca7820fbh, 0fb0af54eh, 0d8feb397h dd 0454056ach, 0ba489527h, 055533a3ah, 020838d87h, 0fe6ba9b7h, 0d096954bh dd 055a867bch, 0a1159a58h, 0cca92963h, 099e1db33h, 0a62a4a56h, 03f3125f9h dd 05ef47e1ch, 09029317ch, 0fdf8e802h, 004272f70h, 080bb155ch, 005282ce3H DD 095C11548H, 0E4C66D22H, 048C1133FH, 0C70F86DCH, 007F9 c9eeh, 041041f0fh dd 0404779a4h, 05d886e17h, 0325f51ebh, 0d59bc0d1h, 0f2bcc18fh, 041113564h dd 0257b7834h, 0602a9c60h, 0dff8e8a3h, 01f636c1bh, 00e12b4c2h, 002e1329eh dd 0af664fd1h, 0cad18115h, 06b2395e0h, 0333e92e1h, 03b240b62h, 0eebeb922h dd 085b2a20eh, 0e6ba0d99h, 0de720c8ch, 02da2f728h, 0d0127845h, 095b794fdh dd 0647d0862h, 0e7ccf5f0h, 05449a36fh, 0877d48fah, 0c39dfd27h, 0f33e8d1eh dd 00a476341h, 0992eff74h, 03a6f6eabh, 0f4f8fd37h, 0a812dc60h, 0a1ebddf8h dd 0991be14ch, 0db6e6b0dh, 0c67b5510h, 06d672c37h, 02765d43bh, 0dcd0e804h dd 0f1290dc7h, 0cc00ffa3h, 0b5390f92h, 0690fed0bh, 0667b9ffbh, 0cedb7d9ch dd 0A091CF0BH, 0D9155EA3H, 0BB132F88H, 0515BAD24H, 07B9479BFH, 0763BD6EBH DD 037392EB3H, 0CC115979H, 08026E297H, 0F42E312DH, 06842ADA7H,

0c66a2b3bh dd 012754ccch, 0782ef11ch, 06a124237h, 0b79251e7h, 006a1bbe6h, 04bfb6350h dd 01a6b1018h, 011caedfah, 03d25bdd8h, 0e2e1c3c9h, 044421659h, 00a121386h dd 0d90cec6eh, 0d5abea2ah, 064af674eh, 0da86a85fh, 0bebfe988h, 064e4c3feh dd 09dbc8057h, 0f0f7c086h, 060787bf8h, 06003604dh, 0d1fd8346h, 0f6381fb0h dd 07745ae04h, 0d736fccch, 083426b33h, 0f01eab71h, 0b0804187h, 03c005e5fh dd 077a057beh, 0bde8ae24h, 055464299h, 0bf582e61h, 04e58f48fh, 0f2ddfda2h dd 0f474ef38h, 08789bdc2h, 05366f9c3h, 0c8b38e74h, 0b475f255h, 046fcd9b9h dd 07aeb2661h, 08b1ddf84h, 0846a0e79h, 0915f95e2h, 0466e598eh, 020b45770h dd 08cd55591h, 0c902de4ch, 0b90bace1h, 0bb8205d0h, 011a86248h, 07574a99eh dd 0b77f19b6h, 0e0a9dc09h, 0662d09a1h, 0c4324633h, 0e85a1f02h, 009f0be8ch dd 04a99a025h, 01d6efe10h, 01ab93d1dh, 00ba5a4dfh, 0a186f20fh, 02868f169h dd 0dcb7da83h, 0573906feh, 0a1e2ce9bh, 04fcd7f52h, 050115e01h, 0a70683fah dd 0a002b5c4h, 00de6d027h, 09AF88C27H, 0773F8641H, 0C3604C06H, 061A806B5H DD 0F0177A28H, 0C0F586E0H, 0006058aah, 030dc7d62h, 011e69ed7h, 02338ea63h dd 053c2dd94h, 0c2c21634h, 0bbcbee56h, 090bcb6deh, 0ebfc7da1h, 0ce591d76h dd 06f05e409h, 04b7c0188h, 039720a3dh, 07c927c24h, 086e3725fh, 0724d9db9h dd 01ac15bb4h, 0d39eb8fch, 0ed545578h, 008fca5b5h, 0d83d7cd3h, 04dad0fc4h dd 01e50ef5eh, 0b161e6f8h, 0a28514d9h, 06C51133CH, 06FD5C7E7H, 056E14EC4H DD 0362ABFCEH, 0DDC6C837H, 0D79A3234H, 092638212H, 0670EFA8EH, 0406000E0H

sbox4 dd 03a39ce37h, 0d3faf5cfh, 0abc27737h, 05ac52d1bh, 05cb0679eh, 04fa33742h dd 0d3822740h, 099bc9bbeh, 0d5118e9dh, 0bf0f7315h, 0d62d1c7eh, 0c700c47bh dd 0b78c1b6bh, 021a19045h, 0b26eb1beh, 06a366eb4h, 05748ab2fh, 0bc946e79h dd 0c6a376d2h, 06549c2c8h, 0530ff8eeh, 0468dde7dh, 0d5730a1dh, 04cd04dc6h dd 02939bbdbh, 0a9ba4650h, 0ac9526e8h, 0be5ee304h, 0a1fad5f0h, 06a2d519ah dd 063ef8ce2h, 09a86ee22h, 0c089c2b8h, 043242ef6h, 0a51e03aah, 09cf2d0a4h dd 083c061bah, 09be96a4dh, 08fe51550h, 0ba645bd6h, 02826a2f9h, 0a73a3ae1h dd 04ba99586h, 0ef5562e9h, 0c72fefd3h, 0f752f7dah, 03f046f69h, 077fa0a59h dd 080e4a915h, 087b08601h, 09b09e6adh, 03b3ee593h, 0e990fd5ah, 09e34d797h dd 02cf0b7d9h, 0022b8b51h, 096d5ac3ah, 0017da67dh, 0d1cf3ed6h, 07c7d2d28h dd 01f9f25cfh, 0adf2b89bh, 05ad6b472h, 05a88f54ch, 0e029ac71h, 0e019a5e6h dd 047b0acfdh, 0ed93fa9bh, 0e8d3c48dh, 0283b57cch, 0f8d56629h, 079132e28h dd 0785f0191h, 0ed756055h, 0F7960E44H, 0E3D35E8CH, 015056DD4H, 088F46DBAH DD 003A16125H, 00564F0BDH, 0C3EB 9e15h, 03c9057a2h, 097271aech, 0a93a072ah dd 01b3f6d9bh, 01e6321f5h, 0f59c66fbh, 026dcf319h, 07533d928h, 0b155fdf5h dd 003563482h, 08aba3cbbh, 028517711h, 0c20ad9f8h, 0abcc5167h, 0ccad925fh dd 04de81751h, 03830dc8eh, 0379d5862h, 09320f991h, 0ea7a90c2h, 0fb3e7bceh dd 05121ce64h, 0774fbe32h, 0a8b6e37eh, 0c3293d46h, 048de5369h, 06413e680h dd 0a2ae0810h, 0dd6db224h, 069852dfdh, 009072166h, 0b39a460ah, 06445c0ddh dd 0586cdecfh, 01c20c8aeh, 05bbef7ddh, 01b588d40h, 0ccd2017fh, 06bb4e3bbh dd 0dda26a7eh, 03a59ff45h, 03e350a44h, 0bcb4cdd5h, 072eacea8h, 0fa6484bbh dd 08d6612aeh, 0bf3c6f47h, 0d29be463h, 0542f5d9eh, 0AEC2771BH, 0F64E6370H DD 0740E0D8DH, 0E75B1357H, 0F8721671H, 0AF537D5DH, 04040CB08H, 04EB4E2CCH DD 034D2466AH, 00115AF84H, 0E1B00428H,

095983a1dh, 006b89fb4h, 0ce6ea048h dd 06f3f3b82h, 03520ab82h, 0011a1d4bh, 0277227f8h, 0611560b1h, 0e7933fdch dd 0bb3a792bh, 0344525bdh, 0a08839e1h, 051ce794bh, 02f32c9b7h, 0a01fbac9h dd 0e01cc87eh, 0bcc7d1f6h, 0cf0111c3h, 0a1e8aac7h, 01a908749h, 0d44fbd9ah dd 0d0dadecbh, 0d50ada38h, 00339c32ah, 0c6913667h, 08df9317ch, 0e0b12b4fh dd 0f79e59b7h, 043f5bb3ah, 0f2d519ffh, 027d9459ch, 0bf97222ch, 015e6fc2ah dd 00f91fc71h, 09b941525h, 0fae59361h, 0ceb69cebh, 0c2a86459h, 012baa8d1h dd 0b6c1075eh, 0e3056a0ch, 010d25065h, 0cb03a442h, 0e0ec6e0eh, 01698db3bh dd 04c98a0beh, 03278e964h, 09f1f9532h, 0e0d392dfh, 0d3a0342bh, 08971f21eh dd 01b0a7441h, 04ba3348ch, 0c5be7120h, 0c37632d8h, 0df359f8dh, 09b992f2eh dd 0e60b6f47h, 00fe3f11dh, 0e54cda54h, 01edad891h, 0ce6279cfh, 0cd3e7e6fh dd 01618b166h, 0fd2c1d05h, 0848fd2c5h, 0f6fb2299h, 0f523f357h, 0a6327623h dd 093a83531h, 056cccd02h, 0acf08162h, 05a75ebb5h, 06e163697h, 088d273cch dd 0DE966292H, 081B949D0H, 04C50901BH, 071C65614H, 0E6C6C7BDH, 0327A140AH DD 045e1d006h, 0c3f27b9ah, 0c9aa53fdh, 062a80f00h, 0bb25bfe2h, 035bdd2f6h dd 071126905h, 0b2040222h, 0b6cbcf7ch, 0cd769c2bh, 053113ec0h, 01640e3d3h dd 038abbd60h, 02547adf0h, 0ba38209ch, 0f746ce76h, 077afa1c5h, 020756060h dd 085cbfe4eh, 08ae88dd8h, 07aaaf9b0h, 04cf9aa7eh, 01948c25ch, 002fb8a8ch dd 001c36ae4h, 0D6EBE1F9H, 090D4F869H, 0A65CDEA0H, 03F09252DH, 0C208E69FH DD 0B74E6132H, 0CE77E25BH, 0578FDFE3H, 03AC372E6H

.code; s box transform functions BLOWFISH_Fun Proc Uses EBX EDI ESI Esi EDX ECX, BFNumWord Mov ECX, BFNUM MOV Al, Cl And Eax, 0FFH SHR ECX, 08 MOV EDX, EAX MOV Al, Cl Mov Edi, Offset Key and Eax, 0FFH SHR ECX, 08 MOV ESI, EAX MOV EAX, ECX SHR EAX, 08 and ES, 0FFH AND ECX, 0FFH AND ESI, 0FFFFH AND EDX, 0FFFFH MOV EAX, [EDI EAX * 4 48H] MOV EBX, [EDI ECX * 4 0448H] MOV ECX, [EDI ESI * 4 0848H] Add Eax, EBX XOR EAX, ECX MOV ECX, [EDI EDX * 4 0C48H] Add EAX, ECX RET BLOWFISH_FUN ENDP; BLOWFISH Endenection Accidental Function BlowFish_En proc uses ebx edi esi edx ecx, highbfWORD, lowbfWORD LOCAL num WORD MOV EAX, highbf MOV ECX, lowbf MOV EAX, [EAX] MOV ESI, [ECX] MOV EDI, offset key MOV num, 10h MOV EBX, EDI loc_40108E: XOR EAX, [EBX] MOV EDX, EAX INVOKE BLOWFISH_FUN, ESI, ESI AD EBX, 4 DEC ECX MOV ESI, ESI, EDX MOV NUM, ECX JNZ LOC_40108E

MOV ECX, [EDI 40H] MOV EDX, [EDI 44H] xor ECX, EAX XOR EDX, ESI

MOV [Bfhigh], EDX MOV [Bflow], ECX RET BLOWFISH_EN ENDP

; The BlowFish initialization function BlowFish_Init proc uses ebx edi esi edx ecx, PWDWORD, len_PWDWORD LOCAL pbox_num18WORD LOCAL pbox_num4 WORD LOCAL snum WORD; initialization s cartridge MOV ESI, offset key MOV EAX, offset sbox1 LEA ECX, [ESI 48h] loc_401141: MOV EDX , 0100h LOC_401146: MOV EDI, [EAX] Add Eax, 4 MOV [ECX], EDI Add ECX, 4 DEC EDX JNZ LOC_401146 CMP Eax, Offset SBOX1 1000H JL LOC_401141

; Initialize the P box; first step: the original P box and PWD are different or

MOV EDX, PWD MOV EDI, OFFSET PBOX XOR EX, EAX SUB EDI, ESI MOV PBOX_NUM18, 12H LOC_401173: XOR ECX, ECX MOV PBOX_NUM4, 04 LOC_40117D: XOR EBX, EBX MOV BL, [EAX EDX] SHL ECX, 08 OR ECX, EBX INC EAX CMP EAX, len_PWD JL loc_40118E XOR EAX, EAX loc_40118E: MOV EBX, pbox_num4 DEC EBX MOV pbox_num4, EBX JNZ loc_40117D MOV EBX, [EDI ESI] ADD ESI, 4 XOR EBX, ECX MOV ECX, pbox_num18 MOV [ESI-04], EBX DEC ECX MOV PBOX_NUM18, ECX JNZ LOC_401173

P-box MOV EBX, Offset Key Xor EAX, EAX MOV ESI, EBX MOV EDI, 09 LOC_4011C4: Lea Eax, Bflow Lea ECX, BFHIGH INVOKE BLOW LEA ECX, ECX, EAX MOV EAX, BFHIGH MOV ECX, BFLOW MOV [ESI], EJ MOV [ESI 04], ECX Add ESI, 8 DEC EDI JNZ LOC_4011C4; Fill S Box Lea ESI with continuous Blowfish algorithm, [EBX 4CH] MOV SNUM, 04; 4 S boxes. LOC_4011F2: MOV EDI, 80H; Each box is filled with 80H = 128 times (two numbers per fill). loc_4011F7: LEA ECX, BFLOW LEA EDX, BFHIGH invoke BlowFish_En, EDX, ECX MOV ECX, BFHIGH MOV EDX, BFLOW MOV [ESI-04], ECX MOV [ESI], EDX ADD ESI, 8 DEC EDI JNZ loc_4011F7 DEC snum JNZ loc_4011F2 RET BLOWFISH_INIT ENDP

; Message handler _ProcDlgMain proc uses ebx edi esi edx ecx, hWndWORD, wMsgWORD, wParamWORD, lParamWORD mov eax, wMsg .if eax == WM_CLOSE invoke EndDialog, hWnd, NULL .elseif eax == WM_COMMAND mov eax, wParam and eax, 0FFFFH .IF EAX == idgen; if you use computerID to generate serial numbers, from here to MOV MyBFlow, EBX should block invoke getdlgitemtext, hwnd, edit1, offset szid, 17 xor EBX, EBX XOR EAX, EJ MOV ESI, OFFSET Szid MoV ECX, 8 @@ 33:

OR EBX, EAX XOR EAX, EAX LODSB CMP EAX, 39H Jle @@ 3 Sub Eax, 7 @@ 3: Sub Eax, 30H

SHL EBX, 4 LOOP @@ 33 or EBX, EAX MOV Mybfhigh, EBX

Mov ESI, Offset Szid 8 MOV ECX, 8 xor Eax, EAX XOR EBX, EBX @@ 44: OR EBX, EAX LODSB CMP EAX, 39H Jle @@ 4 Sub Eax, 7 @@ 4: Sub Eax, 30H SHL EBX , 4 loop @@ 44 or EBX, EAX MOV Mybflow, EBX; ..................................................................................................... ............... If you use the ComputerID to generate a serial number, all statements behind here should be activated; Invoke Blowfish_init, Offset PW_1, 23; Invoke Blowfish_en, Offset Data1_P, Offset Data1_P 4; Mov Eax, Bfhigh ; MOV MYBFHIGH, EAX; MOV EAX, BFLOW; MOV MYBFLOW, EAX invoke BlowFish_Init, offset PW_2,18 invoke BlowFish_En, offset MYBFHIGH, offset MYBFLOW MOV EAX, BFHIGH MOV MYBFHIGH, EAX MOV EAX, BFLOW MOV MYBFLOW, EAX invoke BlowFish_Init, offset PW_3, 14 invoke blowfish_en, offset mybfhigh, offset mybflowmov EBX, BFHIGH MOV EAX, EBX MOV EDI, OFFSET SZTEXT MOV ECX, 8 @@ 12: MOV EAX, EBX SHL EBX, 4 Shr EAX, 28 CMP EAX, 9 Jle @@ 11 Add Eax, 7 @@ 11: add eax, 30h and Eax, 0ffh stosb loop @@ 12

MOV EBX, BFlow Mov Eax, EBX MOV EDI, OFFSET SZTEXT 8 MOV ECX, 8 @@ 22: Mov Eax, EBX SHL EBX, 4 Shr Eax, 28 CMP Eax, 9 Jle @@ 21 Add Eax, 7 @@ 21 : Add eax, 30h and Eax, 0ffh stosb loop @@ 22

xor eax, eax mov [edi], eax invoke SetDlgItemText, hWnd, Edit2, offset szText mov eax, FALSE ret .elseif eax == IDCLOSE invoke EndDialog, hWnd, NULL .endif .else mov eax, FALSE ret .endif mov eax, True Ret

_PrOCDLGMain ENDP

Main program start: Invoke InitcommonControls Invoke GetModuleHandle, Null Mov Hinstance, Eax Invoke Dialogboxparam, Hinstance, DLG_Main, NULL, OFFSET _PROCDLGMAIN, 0 Invoke EXITPROCESS, NULL End Start

end

; Resource file: rsrc.r; #include

; #define IDGEN 10

; #define DLG_MAIN 100

; #define edit1 11

; #define edit2 12

;

DLG_MAIN DIALOGEX 100, 150, 250, 60

STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | WS_THICKFRAME; CAPTION "BLOWFISH'S CRACKME KENGEN BY Night Month [CCG]"

FONT 9, "Song"

;

Begin

Control "ID:", - 1, "static", SS_LEFT, 10, 13, 40, 17

Control "SN:", -2, "static", ss_center, 10, 40, 20, 17

Control "", 11, "Edit", ES_LEFT, 30, 13, 150, 10

Control "", 12, "Edit", ES_LEFT, 30, 40, 150, 10

Control "Generate", IDGEN, "Button", BS_Pushbutton, 200, 11, 40, 15

Control "exit", IDclose, "Button", BS_Pushbutton, 200, 36, 41, 14

; END

[06 / 22-12: 59: 35] Preliminary analysis of encryption algorithm of Asprotect

The role of several functions of Asprotect is not small. A change in the case that I have seen before I have seen it is really worth learning.

The principles used are as follows: 1) The program can choose several functions provided using Asprotect as needed when programming. For example: setRegistrationKey (...), getRegistrationinformation (...), gethardwareid (...)

These functions are used in the exportTable in the exporttable, which can use the function of the exportTable to identify the functions of these functions in the EXPORTTABLE identification program to use the exportTable identification program. The housing after the shell code can call these functions to communicate with the program like the callback function. For example, see the following code: 0041333E loc_41333E:; CODE XREF: sub_413253 B0j 0041333E mov eax, ds: 4155CCh 00413343 cmp dword ptr [eax 0Ch], 0 00413347 jz short loc_413360 00413349 mov eax, ds: 41555Ch 0041334E mov eax, [eax ] 00413350 call @ System @@ LStrToPChar $ qqrv; System __linkproc__ LStrToPChar (void) 00413355 push eax 00413356 mov eax, ds: 4155CCh 0041335B mov eax, [eax 0Ch] 0041335E call eax 00413360 00413360 loc_413360:; CODE XREF: sub_413253 F4j 00413360 mov eax, ds: 4155CCh 00413365 cmp dword ptr [eax 30h], 0; eax is an internal structure pointer 00413369 jz short loc_413389 0041336B push 41105Ch 00413370 mov eax, ds: 4155CCh 00413375 mov eax, [eax 30h] 00413378 call EAX; here will call getDecryptproc (...) 0041337f MOV EAX, DS: 4155CCH2) The program can also join the two macro definitions provided by Asprotect while programming, which will actually play a special sign. The role is a bit similar to "block start" and "block end". The code in "These blocks" will be encrypted when the Asprotect will be encrypted when the shell is placed. The addition of these code blocks, decrypts the cryptographic algorithm used. It is not very clear that the algorithm is used, and the initial analysis may be used here to use Twofish. Because some features are found:

Initialization part following constant settings: 0040C4AE mov dword ptr [ebx 48h], 67452301h 0040C4B5 mov dword ptr [ebx 4Ch], 0EFCDAB89h 0040C4BC mov dword ptr [ebx 50h], 98BADCFEh 0040C4C3 mov dword ptr [ebx 54h], 10325476h 0040C4CA mov dword ptr [ebx 58h], 0C3D2E1F0h 0040C4D1 mov dword ptr [ebx 5Ch], 76543210h 0040C4D8 mov dword ptr [ebx 60h], 0FEDCBA98h 0040C4DF mov dword ptr [ebx 64h], 89ABCDEFh 0040C4E6 mov dword ptr [ EBX 68H], 1234567H 0040C4ED MOV DWORD PTR [EBX 6CH], 3C2D1E0FH

The calculation part has a large number of computments similar to the MD5 algorithm. Since the code is too long, not listed.

3) In Asprotect we see it provides the registration_keys encryption. Asprotect can encrypt your "registration_information" to form "registeration_key", (in the help you can use your own "add-sink algorithm", but regkey must have at least 173 characters to have security). This "regkey" will be saved in a registry file (.reg) file. When the shell code is running, "regkey" will be decrypted to get "reginfo", of course, this is divided into two ways: one way, the program is programmed, and the callback function it provides for the callback function set, then When the housing code is run, the function will call "regkey" to solve "reginfo". If the program does not use this function, the shell code will extract the key value from the corresponding key name in the registry as "regkey" to solve "RegInfo" reginfo ". Preliminary analysis may use the RSA algorithm. Decrypt the part of the code: 0040B4D4 loc_40B4D4:; CODE XREF: license 156j 0040B4D4; license 15Fj 0040B4D4 lea edi, [ebp lpInterBlock] 0040B4DA inc edi 0040B4DB mov esi, edi 0040B4DD push esi 0040B4DE lea eax, [ebp lpInterStruct 8] 0040B4E5 PUSH EAX 0040B4E5 Lea Eax, [EBP LPINTERSTRUCT 88H] 0040B4EB PUSH EAX 0040B4EC PUSH ESI 0040B4ED Call Decrypt_Engine; CRIPER TEXT to Plain Text ...

From the entrance parameters of the DECRYPT_ENGINE function, there are four: 1) Encrypted Data address pointers .... Decryption by each piece) ...... M 2) may be RSA.N 3) may be RSA.e 4) Used to output decryption data address pointer ....

There are still a few questions that have not been obtained yet: 1) I haven't seen the TEA algorithm yet, but at least this algorithm is mentioned in the CASPR, I don't know where this algorithm is used for?

2) In my understanding of Asprotect, it will use the macro definition to define "Code Block". I imagine that "Code block" will be "remembered" with "RegInfo", but actually discovered these. "Code block" is not "excavated", but uses an algorithm (possibly twofish) to decrypt, don't know where this key is saved? I don't know if it is saved in "Regkey". I think about this. ^ _ ^

I think we can see Asprotect as a "soft lock". The data in the "Lock" includes the key of the code block for decryption and KEY for decrypting "reginfo", namely "RegKey" in the form of the string we have seen. Asprotect will extract data in "Lock" for decryption when the housing code is running.

If a program is divided into "registration version" and "trial version", it is encrypted using the Asprotect housing internal function combination. Its registration version will provide "RegKey" as the "key" of the unlocking "key" in the form of a .reg registry file, then can we break the door without "key"? Since the regkey contains the "code block" that is extracted in the decryption program, then in the case where there is no regkey, we lack this key, so the "code block" in the program cannot be Correctly decrypt. If you take a shell in this case, then the data in the encrypted code block is still useless data, so the shelling software has become a broken shell version. Therefore, in the case where there is no key, it seems that it seems that it is not optimistic.

[06 / 22-13: 00: 07] HASH algorithm and its application

--------------- What is the important feature of Hash Hash Hash Function The main HASH algorithm has the application of the Hash algorithm for the application conclusion of the application ---------- -----

Hash, generally translated "hash", and directly translated to "hash", is the input of any length (called preview, pre-image), through the hash algorithm, converted into a fixed length output, The output is the hash value. This conversion is a compressed mapping, that is, the space of the hash value is usually much smaller than the input space, and the different inputs may have the same output, and it is impossible to uniquely determine the input value from the hash value.

Mathematical expression is: h = h (m), where H () - One-way hash function, M - any length of clear text, H-fixed length hash value.

The Hash algorithm applied in the information security field also needs to meet other key features:

The first is of course an unidirectional (one-WAY), which can obtain a hash value from the premature, and it is impossible to construct a preset in the calculation, so that the hash result is equal to a particular hash value. That is, the corresponding M = H-1 (h) of the configuration is not feasible. In this way, the hash value can be aware of the only characterization input value, so the cryptographic HASH is also called "Message Digest", which is required to "message" "Summary". However, information about "message" is not available in "Summary" itself.

The second is a Collision-Resistant, ie, the same premature in which two scales cannot be produced. Given M. M 'cannot be found, satisfying H (m) = h (m'), which is weak anti-impact; it is difficult to find a pair of M and M ', so that H (M) = H (m '), this is a strong conflict. "Strengthening conflictism" is mainly to prevent so-called "Birthday Attack", in a 10-person group, you can find the same probability of people with your birthday is 2.4%, and in the same group, There are 2 probability of 2 years of life is 11.7%. Similarly, when the preset space is large, the algorithm must have enough strength to ensure that people who cannot easily find "the same birthday".

The third is that the mapping distribution uniformity and differential distribution uniformity, the bits of 0, and the total number of bits should be substantially equal; the changes in the in the input, more than half of the hashing results Bit changes, this is called an "avalanche effect"; to achieve a change in 1 bit of the result in the hash result, then at least half of the BIT must change. It is necessary to make the information of each bit in the input, and each bit of the output is evenly reflected in each bit of the output; each bit in the output is the result of the input of information as possible in the input. Damgard and Merkle define the so-called "compression function", which is input to a fixed length, transforms the output of a shorter fixed length, which has a great impact on the design of the Hash function in cryptography. The HASH function is designed to be based on the result of the packet and the result of the "compression" input through a particular compression function, until the entire message is compressed, and the final output is the hash value of the entire message. Although there is still a lack of strict proof, most industry researchers agree that if the compression function is safe, the message has been safer in the above-described form of any length will be safe. This is the so-called Damgard / Merkle structure:

In the figure below, any length of the message is separated into a packet that conforms to the compression function input, and the last packet may need to add a specific padding byte at the end, which will be processed sequentially, except for the first message packet. The primary set value is used as the input of the compression function, and the current packet will output together with the previous grouping compression function as the input of this compression, and its output will be entered as part of the next packet compression function until the last one The output of the compression function will be used as the result of the entire message hashing.

MD5 and SHA1 can be said to be the most widely used haveh algorithm, while they are designed in MD4.

1) MD4 MD4 (RFC 1320) is MIT's Ronald L. Rivest designed in 1990, MD is the abbreviation of Message Digest. It is suitable for implementation on a 32-bit word long processor - it is implemented based on bit operation of 32-bit operands. Its security is not based on mathematical hypothesis as RSA, although Den Boer, Bosselaers and Dobbertin quickly use two rounds of 3 rounds in 3 rounds of transformation, prove it as expected, But its entire algorithm is not truly crack, and Rivest has also been improved.

Here are some examples of some MD4 hashing results:

MD4 ( "") = 31d6cfe0d16ae931b73c59d7e0c089c0 MD4 ( "a") = bde52cb31de33e46245e05fbdbd6fb24 MD4 ( "abc") = a448017aaf21d8525fc10ae87aa6729d MD4 ( "message digest") = d9130a8164549fe818874806e1c7014b MD4 ( "abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9 MD4 ( "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 043f8582f241db351ce627e153e7f0e4 MD4 ( "12345678901234567890123456789012345678901234567890123456789012345678901234567890") = e33b4ddc9c38f2199c3e7b164fcc05362) MD5 MD5 (RFC 1321) is an improved version of Rivest in the 1991 MD4. It is still in 512-bit packets, and its output is the cascade of 4 32-bit words, the same as MD4. Its improvements made than MD4 are:

1) Added the fourth round 2) Each step has a unique addition constant; 3) G function in the second wheel ((x ∧ Y) ∨ (x ∧ z) ∨ (Y ∧ z)) becomes ( (X ∧ z) ∨ (Y ∧ ~ z)) to reduce its symmetry; 4) Each step has joined the result of the previous step to speed up the "avalanche effect"; 5) change the second round and the third round The order of the input sub-packet is accessed, and the form of similarity is reduced; 6) Approximately optimizes the loop left shift amount of each round, in order to speed up the "avalanche effect", each wheel is different. Although the MD5 is complicated than MD4, and the speed is more slow, it is more secure, and it is better in anti-analysis and anti-contrast.

The message is first removed into several 512-bit packets, where the last 512-bit packet is "Message Tail Fill byte (100 ... 0) 64 Bit Message Length" to ensure that the packet is different for different lengths. . The 64-bit message length restriction results in the MD5 secure input length must be less than 264bit, as the length information greater than 64 bits will be ignored. And 4 32-bit register words are initialized to A = 0x01234567, B = 0x89abcDef, C = 0xFedCBA98, D = 0x76543210, which will always participate in calculation and form the final hash result.

Then, each 512-bit message packet enters the primary cycle of the algorithm in the form of 16 32-bit words, and the 512-bit message packet determines the number of cycles. The main circulation has 4 rounds, and nonlinear functions are used each round.

F (x, y, z) = (x ∧ Y) ∨ (~ x ∧ z) g (x, y, z) = (x ∧ z) ∨ (Y ∧ ~ z) h (x, y, z) = X ⊕ Y ⊕ zi (x, y, z) = x ⊕ (Y ∨ ~ z) This 4-wheel transform is the following operations for the 16 32-bit words of the 512-bit message packet entry into the main loop: will be A, 3 of B, C, D, the results of F, G, H, and I calculate the results and the fourth addition, plus 32-bit words and a 32-bit word addition Constant, and circulate the resulting value to the left, and finally add the resulting results plus one of A, B, C, D, and send it to the ABCD, thereby completing a cycle. The addition constant used is defined by such a table t [i], where i is 1 ... 64, t [i] is a sinusoidal absolute value of I. The integer part of the integer part of the secondary, so that this is to pass the strings and power Function to further eliminate linearity in transformation.

When all 512-bit groups are completed, the cascading of the ABCD will be output as the MD5 hash. Here are some examples of some MD5 hash results:

MD5 ( "") = d41d8cd98f00b204e9800998ecf8427e MD5 ( "a") = 0cc175b9c0f1b6a831c399e269772661 MD5 ( "abc") = 900150983cd24fb0d6963f7d28e17f72 MD5 ( "message digest") = f96b697d7cb7938d525a2f31aaf161d0 MD5 ( "abcdefghijklmnopqrstuvwxyz") = c3fcd3d76192e4007dfb496cca67e13b MD5 ( "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = d174ab98d277d9f5a5611c2c9f419d9f MD5 ( "12345678901234567890123456789012345678901234567890123456789012345678901234567890") = 57edf4a22be3c955ac49da2e2107b67a RFC documents may be obtained with reference to the corresponding C source code and a detailed description of the algorithm MD4, MD5 algorithm.

3) SHA1 and other SHA1 is designed by NIST NSA to use with DSA, access http://www.itl.nist.gov/fipspubs can get its detailed specification - [/ url] "FIPS PUB 180-1 Secure Hash Standard. It has an input of less than 264, generating a hash value of 160 bit, so resistance is better. The SHA-1 is designed based on the same principle as MD4 and imitates the algorithm. Because it will generate a hash value of 160 bit, it has 5 32-bit register characters, message packets, and filling mode as MD5, but the main loop is also 4 rounds, but 20 operations per round, nonlinearity The operation, shift, and addition operations are similar to MD5, but nonlinear functions, addition constants, and cyclic left shift operations have some differences, and can refer to these details. Here is some examples of SHA1 hashing results:

SHA1 ( "abc") = a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d SHA1 ( "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1 a number of other well-known Hash algorithms as well as MD2, N-Hash, RIPE-MD, HAVAL and so on. These mentioned above belong to the "pure" Hash algorithm. There is also another type of HASH algorithm, one is a one-way richel algorithm based on a symmetric grouping algorithm. The typical example is based on the so-called DAVIES-MEYER algorithm based on the DES, and there are two Davies-Meyer algorithms that have been improved by IDEA. It is currently considered a safe algorithm. Another category is based on model computing / discrete logarithm, that is, based on public key algorithms, but because of its operation overhead, there is a lack of good application prospects. Most of the algorithms that have not been analyzed and differential attacks, most of them have already fallen in the laboratory, so if the current popular Hash algorithm can fully comply with the unidirerative and conflict resistance in the cryptographic sense, it guarantees only the exhaustion It is the only way to damage the Hash operation security characteristics. In order to fight weak anti-conflictivity, we may have to be in the same number of inputs with the number of spaces, that is, try 2 ^ 128 or 2 ^ 160 different inputs, currently a high-end PC may need 10 ^ 25 The year can complete this daunting work, even the highest parallel system, this is not a thing in thousands of years. Because "Birthday Attack" effectively reduces space that needs to be exhausted, it is reduced to approximately 1.2 * 2 ^ 64 or 1.2 * 2 ^ 80, so the strong conflict is the key to determining the security of the Hash algorithm.

In NIST new Advanced Encryption Standard (AES), a key having a length of 128, 192, 256 bit is used, so the SHA256, SHA384, SHA512 is designed, which will provide better security.

The application of the Hash algorithm in information security is mainly reflected in the following three aspects:

1) File verification We are more familiar with the calibration algorithm with parity CRC check, these two calibration does not have the ability to tamper with data, they can detect and correct channel error in data transmission to some extent, But it is not possible to prevent malicious damage to the data.

The "Digital Fingerprint" characteristic of the MD5 hash algorithm makes it a most widely used file integrity checkout (Checksum) algorithm, and many UNIX systems provide commands that provide calculation MD5 checksum. It is often used in 2 cases:

The first is the verification after the file transfer, calculates the MD5 Checksum, with the MD5 Checksum comparison of the source file, consistent with the MD5 Checksum, can guarantee each symbol of 2 files from statistics. It is also identical. This can verify that there is an error in the file transmission, but more importantly, it can ensure that the file is not malicious during transmission. A typical application is an FTP service, and the user can guarantee the correctness of multiple breakpoints, especially those downloaded from the mirror site.

A better solution is the so-called code signature, the provider of the file provides a value for the file hash value with its own code signing key while providing the file, and his code signing certificate. The recipient of the file can not only verify the integrity of the document, but also decide whether to accept the file in accordance with its own level of trust of the certificate issuer and certificate owner. The browser uses this mode when downloading the running plugin and Java applet.

The second is to use the digital fingerprint for saving the binary file system to detect if the file system is modified without allowing. Many system management / system security software provides the function of this file system integrity assessment. After the system is initially installed, establish the basic checksum database of the file system, because the hash checksum is small, they It can be convenient to storage media that is small in a small capacity. Thereafter, the checksum of the file system can be calculated regularly or as needed, once it is discovered, it is discovered that there is no match, indicating that the file has been illegally modified, or is infected by a viral, or is replaced by Trojans. TripWire provides a typical example of such applications. A more perfect way is to use "Mac". "MAC" is a noun closely related to Hash, which is the message authentication code (MESSAGE Authority Code). It is a HASH value associated with the key, and the key must be checked to verify the HASH value. The digital fingerprint of the file system may be saved on an invisible medium, only providing differentiality of the key. And if the digital fingerprint of the file may need to be modified, only the owner of the key can calculate a new hash value, and attempt to destroy the file integrity can not succeed.

2) Digital signature hash algorithms are also an important part of the modern cryptographic system. Since the asymmetric algorithm is slow, in the digital signature protocol, the one-way hash function plays an important role.

In this signature agreement, both parties must negotiate the Hash function and signature algorithm supported by both parties.

The signature party first calculates its hash value, and then a short hash value result - such as MD5 is 16 bytes, and SHA1 is 20 bytes, and digital signature operations are performed with a non-symmetric algorithm. When the other party verifies the signature, the data file is first calculated, and then verify the digital signature with an asymmetric algorithm.

For the Hash value, also known as "Digital Summary", digital signatures, can be considered equivalent to digital signing with the file itself. And there are other advantages in such an agreement:

First, the data file itself can be saved separately with its hash value, and the signature verification can also be performed from the existence of the data file itself.

Furthermore, in some cases, the signature key may be the same as the decryption key, that is, if a data file is signed, the decryption operation is the same as the decryption operation of it, this is quite dangerous, malicious The destroyer may give a document trying to deceive you to decrypt it, act as a file that requires your signature to send it to you. Therefore, when digital signatures for any data files, only the Hash value is signed safely.

3) The authentication agreement as follows is also known as "Challenge - Authentication Mode: In the transmission channel, it can be listened, but it is not tampered with it, this is a simple and safe way.

When the authentication of authentication is needed, it will send the random string ("Challenge") to the party, and the authenticator will return the random string and its own authentication port. After returning the authenticator, authentication The received Hash value is compared to the result of Hash operation with the random string and the other party's authentication port word ("certification), if the same, the other party can have the password, That is, through authentication.

A typical example of this application in the POP3 protocol:

S: OK POP3 server ready <1896.697170952@dbc.mtview.ca.us> C: APOP mrose c4c9334bac560ecc979e58001b3e22fb S: OK maildrop has 1 message (369 octets) In the above paragraph POP3 protocol session, both symmetric shared secret The key (authentication portrait) is tanstaaf, the challenge issued by the server is <1896.697170952@dbc.mtview.ca.us>, the client's response to challenge is MD5 ("<1896.697170952@dbc.mtview.ca.us> tanstaaf" ) = C4C9334BAC560ECC979E58001B3E22FB, this correct response makes it certified. The hash algorithm has been used in a large number of computer science. With the development of modern cryptography, the one-way hash function has become an important structural module in the field of information security. We have a reason to study its design theory and application.

(Jinnuo Panzer)

Author: unknown Source: www.netxeyes.org

转载请注明原文地址:https://www.9cbs.com/read-7564.html

New Post(0)