处理加密问题 [英] working on an encryption problem

问题描述

似乎我没有将其从char转换为字节数组，这正在处理资源，并且lpbuff包含pe资源文件，任何帮助都将非常有用，我是想扩展我的IT专家保卫网络的知识，请对此提供帮助

It appears i''m not converting this from a char to a byte array this is working off of a resource and lpbuff contains a pe resource file any help would be great i''m an it sec guy looking to expand my knowledge to defend networks please help me with this

char* TEXXOR2(char* lpBuf)
{
 int f = strlen(lpBuf);
 for (int i = 1;i<f;i++)
 {
     lpBuf[i] = int(char(lpBuf[i]) ^ 1230 % 15 * (36+1337 )*(22-1));
 }
 return lpBuf;
}

摆脱了Windows和GUI标记，因为问题不关乎

Got rid of the Windows and GUI tags as the question isn''t about either

推荐答案

乍一看，我不确定你在做什么到这里为止(我还是不敢说老实)，如:-

-char(lpBuf[i])是完全多余的-它已经是char
-您要对字符的值大于255(0xFF)进行异或运算
-转换为int也是多余的，因为您立即转换回char

然后我有一个想法:正如您所说的，您没有经验.您是否使用依赖于模数下幂运算的加密方法(如RSA)?如果是的话，您可能会认为^(按位XOR运算符)实际上是许多其他语言中的幂运算.

At first glance I wasn''t sure what you''re up to here (I''m still not to be honest) as:-

- char(lpBuf[i]) is completely redundant - it''s already a char
- you''re XORing your character with a value more than than 255 (0xFF)
- the cast to int is also redundant as you immediately cast back to a char

Then I had a thought: As you say you''re inexperienced. Are you using a crypto method (like RSA) which relies on exponentiation under modulus? If you are then you might think that ^ (the bitwise XOR operator) is actually exponentiation the way it is in a lot of other languages.

unsigned char initial_value = static_cast<unsigned char>( lpBuf[i] );
unsigned char value = initial_value;

for( int n = 2; n < 1230; ++n )
{
    val *= initial_val;
}

unsigned mod_denominator = 15 * (36 + 1337) * (22 - 1);
    lpBuf[i] = static_cast<char>( val % mod_denominator );

我可能仍然会出错，请确保您彻底测试了您在我身上留下的所有代码，并了解其工作原理.

即使那不是您想要的，也请帮自己一个忙或八个忙:

-描述您要实现的算法.如果这确实像RSA，那么我花了一些时间来弄清您的能力
-最好还是使用加密算法的标准实现.除非您是专家，否则不要自己做，然后为什么要在别人已经做过并对其进行审查的同时浪费时间去做?
-分解复杂的大表情-将它们全部放在一行上没有意义.我也将循环移动到另一个函数中，因为不清楚发生了什么，我在这里不打扰，但可能应该这样做
-了解运算符的含义(您可能已经和我吠叫了错误的树)，并了解了运算符的优先级(阅读代码时我没有的方式)
-尽量减少演员.出现编译器警告是有原因的！如果必须使用强制类型转换，请使用C ++样式强制类型转换，而不要使用函数样式或C样式强制类型转换，因为它们会像大拇指一样突出
-将无符号数字用于任何作用于字节流或逻辑操作的内容
-不要使用指针，请使用std::vector
-永远不要使用魔术数字.如果您调用了1230指数(如果我没错)或bit_mask(如果我错了)，那将无济于事.大概在最后的常量集合是四个数字，因为它们在算法的上下文中具有某种意义，因此请使用其含义来命名它们.也不要发表评论，称他们为"
"
希望对您有所帮助，

灰

编辑以改善整个XORing.继续前进，除了我死去的自我之外，这里什么也看不到:-)还修复了其他一些问题.

I might have still got this wrong... make sure you THOROUGHLY test any code you nick off me and understand why it works.

Even if that''s what not you want then do yourself a favour or eight:

- Describe the algorithm you''re trying to implement. If this is really something like RSA then it took me a while to work out what you''re up to
- Better still use a standard implementation of a crypto algorithm. Don''t do it yourself unless you''re an expert and then why waste time doing it when other people have already done it and it''s been reviewed?
- Break up complicated big expressions - there''s no point in keeping it all on one line. I''d also move the loop into a different function as it''s not clear what what''s going on, I didn''t bother here but probably should have done
- Know what the operators mean (you might already and I''m barking up the wrong tree) and understand operator precedence (the way I didn''t when reading the code)
- Minimise casts. Compiler warnings are there for a reason! If you have to use casts use C++ style casts and NOT function style casts or C-style casts as they stick out like sore thumbs
- Use unsigned numbers for anyhing that acts on a stream of bytes or logical operations
- Don''t use pointers, use std::vector
- Don''t used magic numbers, EVER. Had you called 1230 exponent (if I''m right) or bit_mask (if I''m wrong) it would have helped no end. And presumably that collection of constants at the end is four numbers because they mean something in the context of the algorithm so name them with their meaning. Don''t comment it either, call them what they are

I hope this lot helps,

Ash

Edit to improve the whole XORing a bit. Move along, nothing to see here apart from my dead ego :-) Fixed a few other bollocks up as well.

除了Aescleal的好建议外，我想给你以下提示:

在我看来，您似乎正在尝试实施简单的XOR加密方案，可能是您从其他人那里继承来的.现在，您正在尝试解密多个PE资源，但是加密无法正确运行.那是你的情况吗?


以下是一些无法正常工作的可能原因:

-循环"for(int i ...)"最有可能从0开始，而不是从1
开始
-在表达式中

In addition to the good advice of Aescleal I would like to give you the following hints:

It looks to me as if you are trying to implement a simple XOR encryption scheme, possibly something you have inherited from someone else. And now you are trying to decrypt several PE resources, but the encryption doesn''t run correctly. Is that the situation you are in?


Here are a couple of possible reasons for things not working:

- The loop "for (int i..." should most likely start at 0, not at 1

- In the expression

lpBuf[i] ^ 1230 % 15 * (36+1337 )*(22-1)

我本来希望是依赖于循环变量"i"的某些组件.按照现在编写的方式，您正在对字符串的每个字节进行XOR运算并与相同的参数相乘.可能是您将原始算法中的"i"误认为是"1"吗?

-似乎您正在将其应用于二进制资源，而不是文本字符串.如果是这样，则不可能通过strlen确定长度，因为在二进制数据中的任何地方都可能出现0字节.您将不得不确定需要用另一种方式解密的缓冲区的长度.

char和BYTE之间缺少强制转换很可能不是问题.

希望这些都可以帮助您.

I would have expected to be some component that depends on the loop variable "i". In the way it is written now, you are XORing and multiplying with the same arguments on every byte of the string. Could it be that you have mistaken the "i" in the original algorithm for a "1"?

- It looks like you are applying this to a binary resource, meaning not a text string. If that is so, then determining the length by strlen is no possible, because a 0-byte can occur anywhere in binary data. You would have to determine the length of the buffer that needs decryption in another way.

The lack of casting between char and BYTE is most likely not the problem.

Hope that any of these get you going.

这篇关于处理加密问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！