C ++ XOR加密 [英] C++ XOR encryption
问题描述
在阅读了几篇关于加密和运行PE密码的白皮书后,我决定写我自己的。它很简单,只是为了教育目的。
以下是GitHub repo: https:// github .com / Jyang772 / XOR_Crypter
我有两个问题。
- 首先,为什么我必须不断更改我的文件权限才能启动
每个输出的.exe(由Builder.exe创建的文件而不是编译器)?它创建一个共享的文件。我必须右键单击它,并选择与没人共享。这与文件访问和安全权限有关吗?我使用CreateFile()和Readfile来读取和写入输入和输出文件。
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v = vs.85).aspx
>
- 第二,我似乎无法使用XOR加密。看起来很漂亮
直接我做了什么。字节大小相同。在我调查时,我有Builder和Stub每个输出一个文件数据未加密的文件。他们是一样的。然后我试着用数据加密。毫无疑问,数据是用密码加密的,但是它稍后被存根解密时显示为空白。我很困惑。
这是我的XOR实现:
fs =字节大小
Rsize =字节大小
应该相同。
构建器:
char cipher [] =penguin;
for(int i = 0; i
FB [i] ^ = cipher [i%strlen(cipher)]; // Simple Xor chiper
}
存根:
char cipher [] =penguin;
for(int i = 0; i< Rsize; i ++)
{
RData [i] ^ = cipher [i%strlen(cipher)];
}
如果我在Builder和Stub中注释掉加密函数, crypted文件运行良好。噢,除非有权限错误。
我也试图包括一个选项菜单,用户可以选择使用的加密方法。也许我可能做错了什么? Builder.exe向 FB 缓冲区的末尾添加一个包含用户选择的字节。 Stub.exe读取并确定使用哪种加密方法来解密数据。
首先,使用XOR加密,你的加密和解密函数应该是相同的: p>
void xor_crypt(const char * key,int key_len,char * data,int data_len)
{
(int i = 0; i
}
您应该能够在XOR Crypter程序以及您的存根程序。
这不是一个非常C ++的风格;通常你会使用 std :: string 或 std :: vector 。例如:
void xor_crypt(const std :: string& key,std :: vector< char> data)
{
for(size_t i = 0; i!= data.size(); i ++)
data [i] ^ = key [i%key.size()];
}
然后在调用这个函数的程序中声明:
std :: string key =penguin
,您会以这样的方式读取档案:
std :: vector< char> file_data; //用当前的程序,使这个全局。
fs = GetFileSize(efile,NULL);
file_data.resize(fs); //设置向量长度等于文件大小
//注意:如果你有C ++ 11支持,用file_data.data()替换&(file_data [0])
ReadFile efile,(LPVOID)(&(file_data [0])),fs,& bt,NULL);
if(fs!= bt)
//读取文件错误:在这里报告。然后,您只需使用 xor_crypt(key,file_data); code>。要将XOR加密的数据写入您的资源,我相信你会调用你现有的函数: // replace& ;(file_data [0])file_data.data()if C ++ 11
WriteToResources(output,1,(BYTE *)&(file_data [0]),file_data.size());
我怀疑真正的问题是你使用的Windows API。 LoadResource 是否提供可变数据,或者是否需要复制它?我不知道Windows API,但我不会惊讶,如果 LoadResource 给你一个只读副本。
如果您确实需要自己复制以修改资源,那么在您的Stub程序中恢复XOR加密的资源应该如下所示:
std :: vector< char> RData;
void Resource(int id)
{
size_t Rsize;
HRSRC hResource = FindResource(NULL,MAKEINTRESOURCE(1),RT_RCDATA);
HGLOBAL temp = LoadResource(NULL,hResource);
Rsize = SizeofResource(NULL,hResource);
RData.resize(RSize);
memcpy((void *)&(RData [0]),temp,RSize); //用RData.data()替换& RData [0] if C ++ 11
}
$ b b
并且在您的Stub中的解密应该只是 xor_crypt(key,RData); 。
我有一个最后的想法。我在Stub程序中看到的最大的错误是:
switch(RData [strlen(RData)-1] )
一旦你对数据进行XOR加密,一些字节将变为零。 strlen()函数不会返回 RData 中最后一个字节的索引。并且,有一个不同的,更微妙的错误:这返回字符串的最后一个字节,而不是资源的最后一个字节。我不能真正看到这条线是如何正确的;相反,我怀疑你的程序是工作时加密被禁用,尽管自己,通过落到默认开关的情况下。
如果你真的打算基于资源有效载荷的最后一个字节区分不同类型的数据,那么你真的应该使用Windows API返回的大小来找到该字节。
如果你按照上面的建议切换到使用 vector< char> ,那么你可以发现 RData.back()。否则,如果继续使用 char * ,那么该字节将是 RData [RSize - 1] 。
After reading several white papers on cryptography and runtime PE crypters, I decided to write my own. It's very simple and only for educational purposes.
Here is the GitHub repo: https://github.com/Jyang772/XOR_Crypter
I have two questions.
- First, why do I have to keep changing my file permissions to start
every outputted .exe (File created by Builder.exe not the compiler)? It creates a file that is
Shared. I have to right click it and select share with Nobody. Does this have something to do with the File Access and Security Rights? I am using CreateFile() and Readfile to read and write the input and output files.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
- Second, I can't seem to get XOR encryption to work. It seems pretty
straight forward for what I have done. The byte sizes are the same. While I was investigating, I had the Builder and the Stub each output a file with the file data unencrypted. They are the same. Then I tried with the data encrypted. There is no doubt the data is encrypted with the cipher, however it shows up blank when it is decrypted by the stub later on. I'm confused.
Here is my XOR implementation:
fs = byte size
Rsize = byte size
Should be the same.
Builder:
char cipher[] ="penguin";
for (int i = 0; i < fs; i++)
{
FB[i] ^= cipher[i % strlen(cipher)]; // Simple Xor chiper
}
Stub:
char cipher[] = "penguin";
for (int i = 0; i < Rsize; i++)
{
RData[i] ^= cipher[i % strlen(cipher)];
}
If I were to comment out the encryption function in the Builder and Stub, the crypted file runs fine. Uhh, except with the permissions error.
I'm also trying to include a options menu where the user can select the encryption method used. Perhaps I might have done something wrong there? The Builder.exe adds one byte containing the user's choice to the end of FB buffer. Stub.exe reads that and determines which encryption method is used to decrypt the data.
解决方案 First off, with XOR "encryption", your "encrypt" and "decrypt" functions should be the same:
void xor_crypt(const char *key, int key_len, char *data, int data_len)
{
for (int i = 0; i < data_len; i++)
data[i] ^= key[ i % key_len ];
}
You should be able to use this same function in both the "XOR Crypter" program as well as your "Stub" program.
It's not a very C++ style; ordinarily you'd use std::string or std::vector. For example:
void xor_crypt(const std::string &key, std::vector<char> data)
{
for (size_t i = 0; i != data.size(); i++)
data[i] ^= key[ i % key.size() ];
}
Then in the program that calls this, you'd declare:
std::string key = "penguin";
and you'd read your file in like so:
std::vector<char> file_data; // With your current program, make this a global.
fs = GetFileSize(efile, NULL);
file_data.resize(fs); // set vector length equal to file size
// Note: Replace &( file_data[0] ) with file_data.data() if you have C++11 support
ReadFile(efile, (LPVOID)( &( file_data[0] )), fs, &bt, NULL);
if (fs != bt)
// error reading file: report it here.
Then you would simply encrypt with xor_crypt( key, file_data );. To write the XOR-crypted data to your resource, I believe you'd call your existing function with:
// replace &( file_data[0] ) with file_data.data() if C++11
WriteToResources(output, 1, (BYTE *)&( file_data[0] ), file_data.size() );
I suspect the real issue is with the Windows APIs you're using. Does LoadResource give you mutable data, or are you required to copy it? I don't know the Windows API, but I wouldn't be surprised if LoadResource gives you a read-only copy.
If you do need to make your own copy in order to modify the resource, then in your "Stub" program recovering the XOR-crypted resource should look something like this:
std::vector<char> RData;
void Resource(int id)
{
size_t Rsize;
HRSRC hResource = FindResource(NULL, MAKEINTRESOURCE(1), RT_RCDATA);
HGLOBAL temp = LoadResource(NULL, hResource);
Rsize = SizeofResource(NULL, hResource);
RData.resize(RSize);
memcpy( (void*)&(RData[0]), temp, RSize ); // replace &RData[0] with RData.data() if C++11
}
and the decryption in your "Stub" should just be xor_crypt( key, RData );.
I have one last thought. The biggest bug I see in your "Stub" program is this line:
switch (RData[strlen(RData)-1])
Once you've XOR-crypted your data, some of the bytes will become zero. The strlen() function will not return the index of the last byte in your RData as a result. And, there's a different, more subtle error: This returns the last byte of the string, not the last byte of the resource. I can't really see how this line was ever correct; rather, I suspect your program was working when encryption was disabled in spite of itself, by falling through to the default of the switch-case.
If you really intend to distinguish between different types of data based on the last byte of the resource payload, then you really should just use the size returned by the Windows API to find that byte.
If you switch to using vector<char> as I suggest above, then you can find that with RData.back(). Otherwise, if you continue using char *, then that byte would be RData[RSize - 1].
这篇关于C ++ XOR加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
