{"id":625,"date":"2018-10-15T22:33:43","date_gmt":"2018-10-15T14:33:43","guid":{"rendered":"https:\/\/flandre-scarlet.moe\/blog\/?p=625"},"modified":"2019-05-14T00:58:37","modified_gmt":"2019-05-13T16:58:37","slug":"crackme-%e5%8f%8d%e6%b1%87%e7%bc%96%e7%bb%83%e4%b9%a0%e4%b9%8b-053","status":"publish","type":"post","link":"https:\/\/flandre-scarlet.moe\/blog\/625\/","title":{"rendered":"CrackMe \u53cd\u6c47\u7f16\u7ec3\u4e60\u4e4b 053"},"content":{"rendered":"

\u4f5c\u4e3a\u7ec3\u624b\u7684 160 \u4e2a CrackMe \u7cfb\u5217\u6574\u7406\u5206\u6790
\n<\/p>\n

CrackMe \u6765\u6e90\uff1a\u3010\u53cd\u6c47\u7f16\u7ec3\u4e60\u3011160\u4e2aCrackME\u7d22\u5f15\u76ee\u5f551~160\u5efa\u8bae\u6536\u85cf\u5907\u7528<\/a><\/p>\n

\u7b2c\u4e8c\u7248\u7684 CrackMe\uff0c\u6709\u4e86 052<\/a> \u4f5c\u94fa\u57ab\u540e\uff0c053 \u5c31\u7a0d\u5fae\u8f7b\u677e\u70b9\u4e86(\u5e76\u4e0d)\u3002053 \u7684\u8fc7\u7a0b\u548c\u524d\u4e00\u4e2a\u7c7b\u4f3c\uff0c\u540c\u6837\u5148\u53d6\u7528\u6237\u540d\u3001\u4ea7\u54c1 ID \u7b49\u751f\u6210\u4e00\u4e2a\u5b57\u7b26\u4e32\u5e76\u8ba1\u7b97\u6563\u5217; \u53d6\u5e8f\u5217\u53f7\u8fdb\u884c\u8ba1\u7b97\u540e\u4e24\u8005\u8fdb\u884c\u5bf9\u6bd4\uff0c\u76f8\u540c\u5219\u901a\u8fc7\u3002<\/p>\n

\u6563\u5217\u8fd9\u91cc\u5c31\u76f4\u63a5\u8df3\u8fc7\u4e0d\u8bf4\u4e86\uff0c\u8fd9\u6b21\u4e0d\u662f MD5\uff0c\u4f46\u662f\u770b\u770b\u751f\u6210\u7684\u7ed3\u679c\u662f 128 \u4f4d\u7684\u4f3c\u4e4e\u53c8\u4e0d\u662f SHA-1 \u4e4b\u7c7b\u7684\uff0c\u53ef\u80fd\u662f\u4fee\u6539\u4e86\u7684 MD5\u3002<\/p>\n

\u76f4\u63a5\u770b\u5e8f\u5217\u53f7\u7684\u5904\u7406\uff0c\u770b\u770b\u80fd\u5426\u627e\u5230\u7b97\u6cd5\u7684\u9006(\u5e94\u8be5\u8981\u80fd)\u3002\u8ba1\u7b97\u7684\u51fd\u6570\u4f4d\u4e8e 0x00401AD0\uff0c\u5176\u4e2d 0x00401AB0 \u8fd9\u4e2a\u5c0f\u51fd\u6570\u7684\u4f5c\u7528\u662f\u8ba1\u7b97 32 \u4f4d\u6574\u6570\u6bd4\u7279\u4f4d\u4e3a 1 \u7684 \u6570\u91cf\u3002\u8fd9\u91cc\u76f4\u63a5\u8d34\u4e0a\u7a0d\u4f5c\u6574\u7406\u540e\u7684 c \u4ee3\u7801\u3002<\/p>\n

\r\nunsigned char countb(DWORD dw)\r\n{\r\n    int count = 0;\r\n    while (dw)\r\n    {\r\n        ++count;\r\n        dw &= dw - 1;\r\n    }\r\n    return count;\r\n}\r\n\r\nvoid func_401AD0(int *key, DWORD *addr1, DWORD *addr2)\r\n{\r\n    int k0 = 0, k1 = 0;\r\n    for (int i = 0; i < 32; ++i)\r\n    {\r\n        unsigned char c1 = countb(*addr1 & key[0]);\r\n        unsigned char c2 = countb(*addr2 & key[1]);\r\n        ++addr1;\r\n        ++addr2;\r\n        k0 = (c1 ^ c2) & 1 ^ 2 * k0;\r\n    }\r\n\r\n    for (int i = 0; i < 32; ++i)\r\n    {\r\n        unsigned char c1 = count_bits(*addr1 & key[0]);\r\n        unsigned char c2 = count_bits(*addr2 & key[1]);\r\n        ++addr1;\r\n        ++addr2;\r\n        k1 = (c1 ^ c2) & 1 ^ 2 * k1;\r\n    }\r\n\r\n    key[0] = k0;\r\n    key[1] = k1;\r\n}\r\n<\/pre>\n
\u8fd9\u6b21\u7684\u7b97\u6cd5\u5e76\u4e0d\u76f4\u89c2\uff0c\u9996\u5148\u662f\u4e00\u5bf9 key \u5206\u522b\u548c\u56fa\u5b9a\u6570\u503c\uff08addr1\u3001addr2\uff09\u4f5c\u4e0e\u8fd0\u7b97\uff0c\u4e24\u8005\u7684\u7ed3\u679c\u8ba1\u7b97\u975e\u96f6\u4f4d\u7684\u6570\u91cf\u540e\u518d\u5f02\u6216\u3002\u6574\u4f53\u6765\u770b\u5c31\u662f\u8ba1\u7b97\u7ed3\u679c(\u4e24\u4e2a dword)\u7684 64 \u4e2a bit \u5206\u522b\u7531 key \u548c 64 \u4e2a\u56fa\u5b9a\u7684 dword \u8ba1\u7b97\u540e\u586b\u5145\uff0c\u6bcf\u6b21\u7ed3\u679c\u586b\u5145\u4e00\u4e2a\u4f4d\uff0c\u4e92\u4e0d\u5e72\u6270\u3002<\/p>\n
\u4e00\u5f00\u59cb\u6211\u76ef\u7740\u770b\u4e86\u597d\u4e45\u90fd\u6ca1\u4e2a\u60f3\u6cd5\u2026\u2026\u540e\u6765\u611f\u89c9\u8fd9 64 \u4e2a\u4f4d\u72ec\u7acb\u8ba1\u7b97\u548c\u77e9\u9635\u6709\u70b9\u7c7b\u4f3c\u3002\u53ef\u4ee5\u8fd9\u6837\u770b countb(d1 & d2)\uff1a
\n\u4f8b\u5982 d1 = 0x12345678\uff0cd2 = 0x9abcdef0\uff0c\u90a3\u4e48<\/p>\n
d1  00010010001101000101011001111000\r\n&\r\nd2  10011010101111001101111011110000\r\n--------------------------------------\r\n    00010010001101000101011001110000<\/pre>\n
<\/br>
\n\u6ce8\u610f\u5230 & \u8fd0\u7b97\u7b49\u4ef7\u4e8e\u6a21 2 \u4e58\uff0c\u540c\u6837 ^ \u8fd0\u7b97\u7b49\u4ef7\u4e8e\u6a21 2 \u52a0\uff0c\u89c1\u6a21 2 \u8fd0\u7b97<\/a>\u3002\u800c countb \u5219\u5c06\u7ed3\u679c\u4e2d\u7684\u6240\u6709 1 \u548c 0 \u76f8\u52a0\u3002<\/p>\n
\u7136\u540e\u5c31\u6709 countb(d1 & d2) = \u2211(i=0,31){d1:i * d2:i}\uff0c\u5176\u4e2d d1:i \u8868\u793a d1 \u7684\u7b2c i \u4f4d\u3002
\n\u6240\u4ee5<\/p>\n
k1:m = \u2211(i=0,31){key0:i * addr1[m]:i} + \r\n       \u2211(i=0,31){key1:i * addr2[m]:i}<\/pre>\n<\/p>\n
\u5982\u679c\u628a key0,key1 \u770b\u4f5c\u4e00\u4e2a 64 \u4f4d\u6574\u6570\uff0c\u90a3\u4e48\u6839\u636e\u4e0a\u9762\u7684\u516c\u5f0f\u53ef\u4ee5\u8fd9\u6837\u5b89\u6392\u4e00\u4e2a\u77e9\u9635\uff1a<\/p>\n
x = [ x0:31, x0:30, ..., x0:0, x1:31, ..., x1:0 ]\r\nA = \u250c                                             \u2510\r\n    \u2502 addr1[0]:31, addr1[1]:31, ..., addr1[63]:31 \u2502\r\n    \u2502 addr1[0]:30, addr1[1]:30, ..., addr1[63]:30 \u2502\r\n    \u2502     .                                .      \u2502\r\n    \u2502     .                                .      \u2502\r\n    \u2502 addr1[0]:1 ,        ...,       addr1[63]:1  \u2502\r\n    \u2502 addr1[0]:0 ,        ...,       addr1[63]:0  \u2502\r\n    \u2502 addr2[0]:31,        ...,       addr2[63]:31 \u2502\r\n    \u2502     .      ,        ...,             .      \u2502\r\n    \u2502 addr2[0]:0 ,        ...,       addr2[63]:0  \u2502\r\n    \u2514                                             \u2518\r\nb = [ key0:31, key0:30, ..., key0:0, key1:31, ..., key1:0 ]\r\n<\/pre>\n
\u56e0\u4e3a key \u662f\u6700\u540e\u7684\u8ba1\u7b97\u7ed3\u679c\uff0c\u6240\u4ee5\u8fd9\u6837\u5b89\u6392\u8ba1\u7b97\u5f0f\uff1ax * A = b\uff0c<\/br>x0\uff0cx1 \u5373\u4ee3\u7801\u4e2d\u521d\u59cb\u7684 key[0]\uff0ckey[1]\u3002\u6839\u636e\u77e9\u9635\u7684\u4e58\u6cd5\u516c\u5f0f\uff0c\u8fd9\u6837 x \u5bf9\u5e94\u4f4d\u7f6e\u4e0a\u7684\u6bd4\u7279\u4fbf\u80fd\u4e0e addr \u4e0a\u5bf9\u5e94\u7684\u6bd4\u7279\u76f8\u4e58\u3002<\/p>\n
\u6700\u540e\u7167\u7740\u987a\u5e8f\uff08\u5148 key[1]key[2]\uff0c\u518d key[0]key[1]\uff09\u89e3\u51fa\u77e9\u9635\u7684\u89e3\u540e\u5373\u5f97\u5230\u521d\u59cb\u7684\u5e8f\u5217\u53f7\u3002\u77e9\u9635\u8fd0\u7b97\u627e\u4e00\u4e2a\u5408\u9002\u7684\u6570\u5b66\u5e93\u5c31\u597d\u4e86\u3002<\/p>\n
\r\n#include <array>\r\n#include "NTL\/ZZ.h"              \/\/ \u7528\u4e86 NTL \u5e93\r\n#include "NTL\/vec_GF2.h"\r\n#include "NTL\/mat_GF2.h"\r\n\r\nusing namespace NTL;\r\n\r\nconst std::array<const unsigned char, 256> addr_0x41c2c0 = {\r\n    0x35, 0xEF, 0xCF, 0x0B, 0x6B, 0xDE, 0x9F, 0x17, 0x98, 0xE7, 0xE7, 0xC5, 0xAC, 0x79, 0x7F, 0x5E,\r\n    0x59, 0xF3, 0xFE, 0xBC, 0xB7, 0xC6, 0xFD, 0xF9, 0x6A, 0xAD, 0xFB, 0x73, 0xD6, 0xBC, 0x3F, 0x2F,\r\n    0xD5, 0x5A, 0xF7, 0xE7, 0xAF, 0x95, 0xEE, 0x4F, 0x5E, 0x2B, 0xDD, 0x9F, 0x76, 0xCD, 0x74, 0xFF,\r\n    0xB9, 0x76, 0xBA, 0xBF, 0xE8, 0xBA, 0xE9, 0x7E, 0xD1, 0x75, 0xD3, 0xFD, 0x4E, 0x97, 0x4D, 0xF7,\r\n    0xA7, 0xCB, 0xA6, 0x7B, 0x99, 0x0E, 0x9B, 0x6E, 0x32, 0x1D, 0x36, 0xDD, 0x60, 0x1A, 0x6C, 0x3A,\r\n    0xC0, 0x34, 0xD8, 0x74, 0x81, 0x69, 0xB0, 0xE9, 0x06, 0xF3, 0x60, 0x53, 0x0C, 0xE6, 0xC1, 0xA6,\r\n    0x1D, 0xEC, 0x83, 0xCD, 0x3F, 0xF8, 0x07, 0x1B, 0x7E, 0xF0, 0x0F, 0x36, 0xFD, 0xE0, 0x1F, 0x6C,\r\n    0xFA, 0xC1, 0x3F, 0xD8, 0xF0, 0xA3, 0x7F, 0x30, 0xE1, 0x47, 0xFF, 0x60, 0xC2, 0x8F, 0xFE, 0xC1,\r\n    0x80, 0x3F, 0xFD, 0x03, 0x02, 0xFE, 0xF4, 0x0F, 0x01, 0x7F, 0xFA, 0x07, 0x04, 0xFC, 0xE9, 0x1F,\r\n    0x08, 0xF8, 0xD3, 0x3F, 0x10, 0xF0, 0xA7, 0x7F, 0x47, 0xE0, 0x9F, 0x7E, 0x8E, 0xC0, 0x3F, 0xFD,\r\n    0x21, 0xE0, 0x4F, 0xFF, 0x32, 0x42, 0xFF, 0xF4, 0x19, 0xA1, 0x7F, 0x7A, 0xC3, 0x48, 0xFD, 0xD3,\r\n    0x83, 0xB1, 0xFA, 0x27, 0x06, 0x63, 0xF5, 0x4F, 0x0D, 0xC6, 0xEA, 0x9F, 0x61, 0xA4, 0xFE, 0x69,\r\n    0x1E, 0xAC, 0xD5, 0xBF, 0x39, 0x78, 0xAB, 0xFF, 0x76, 0xD0, 0x56, 0x7F, 0xED, 0xA0, 0xAD, 0xFE,\r\n    0xDE, 0x61, 0x5B, 0x7D, 0xBC, 0xC3, 0xB6, 0xFA, 0x7D, 0xA7, 0x6D, 0x75, 0xFA, 0x4E, 0xDB, 0xEA,\r\n    0x80, 0x8F, 0xB5, 0x2D, 0x00, 0x1F, 0x6B, 0x5B, 0x01, 0x3E, 0xD6, 0xB6, 0xF1, 0xBD, 0xB6, 0x55,\r\n    0xE3, 0x7B, 0x6D, 0xAB, 0xC2, 0xD7, 0xDA, 0xD6, 0x08, 0x98, 0x58, 0x5B, 0x06, 0x5C, 0xAC, 0xED,\r\n};\r\n\r\nconst std::array<const unsigned char, 256> addr_0x41c3c0 = {\r\n    0x49, 0x13, 0x4D, 0x9B, 0x92, 0x26, 0x9A, 0x36, 0xA4, 0x89, 0xA6, 0xCD, 0x48, 0x9A, 0x68, 0xDA,\r\n    0x90, 0x34, 0xD1, 0xB4, 0x21, 0x69, 0xA2, 0x69, 0x43, 0xD2, 0x44, 0xD3, 0x24, 0x4D, 0x34, 0x6D,\r\n    0x86, 0xA4, 0x89, 0xA6, 0x0D, 0x49, 0x13, 0x4D, 0x1A, 0x92, 0x26, 0x9A, 0x6B, 0x48, 0x9A, 0x68,\r\n    0x35, 0x24, 0x4D, 0x34, 0xD7, 0x90, 0x34, 0xD1, 0xAE, 0x21, 0x69, 0xA2, 0xBA, 0x86, 0xA4, 0x89,\r\n    0x5D, 0x43, 0xD2, 0x44, 0x75, 0x0D, 0x49, 0x13, 0xEA, 0x1A, 0x92, 0x26, 0xD5, 0x35, 0x24, 0x4D,\r\n    0xAA, 0x6B, 0x48, 0x9A, 0x54, 0xD7, 0x90, 0x34, 0xA9, 0xAE, 0x21, 0x69, 0x52, 0x5D, 0x43, 0xD2,\r\n    0xA5, 0xBA, 0x86, 0xA4, 0x4B, 0x75, 0x0D, 0x49, 0x96, 0xEA, 0x1A, 0x92, 0x2C, 0xD5, 0x35, 0x24,\r\n    0x58, 0xAA, 0x6B, 0x48, 0xB1, 0x54, 0xD7, 0x90, 0x62, 0xA9, 0xAE, 0x21, 0xC4, 0x52, 0x5D, 0x43,\r\n    0x89, 0xA5, 0xBA, 0x86, 0x24, 0x96, 0xEA, 0x1A, 0x12, 0x4B, 0x75, 0x0D, 0x48, 0x2C, 0xD5, 0x35,\r\n    0x90, 0x58, 0xAA, 0x6B, 0x20, 0xB1, 0x54, 0xD7, 0x81, 0xC4, 0x52, 0x5D, 0x02, 0x89, 0xA5, 0xBA,\r\n    0x40, 0x62, 0xA9, 0xAE, 0x0A, 0x24, 0x96, 0xEA, 0x05, 0x12, 0x4B, 0x75, 0x2A, 0x90, 0x58, 0xAA,\r\n    0x55, 0x20, 0xB1, 0x54, 0xAA, 0x40, 0x62, 0xA9, 0x54, 0x81, 0xC4, 0x52, 0x15, 0x48, 0x2C, 0xD5,\r\n    0xA9, 0x02, 0x89, 0xA5, 0x53, 0x05, 0x12, 0x4B, 0xA7, 0x0A, 0x24, 0x96, 0x4E, 0x15, 0x48, 0x2C,\r\n    0x9D, 0x2A, 0x90, 0x58, 0x3A, 0x55, 0x20, 0xB1, 0x75, 0xAA, 0x40, 0x62, 0xEA, 0x54, 0x81, 0xC4,\r\n    0xAB, 0x4E, 0x15, 0x48, 0x56, 0x9D, 0x2A, 0x90, 0xAC, 0x3A, 0x55, 0x20, 0xD5, 0xA9, 0x02, 0x89,\r\n    0xAA, 0x53, 0x05, 0x12, 0x55, 0xA7, 0x0A, 0x24, 0xB3, 0xEA, 0x54, 0x81, 0x59, 0x75, 0xAA, 0x40,\r\n};\r\n\r\nconst std::array<const unsigned char, 256> addr_0x41c4c0 = {\r\n    0xF5, 0xE7, 0x10, 0xAE, 0xB6, 0xFF, 0x87, 0x70, 0x6D, 0xFF, 0x0F, 0xE1, 0xDF, 0xDE, 0x1F, 0x42,\r\n    0xBF, 0xBD, 0x3F, 0x84, 0xEF, 0xEF, 0x21, 0xDC, 0xDB, 0xFF, 0x43, 0x38, 0x7B, 0x5B, 0x7F, 0x88,\r\n    0xF3, 0x96, 0xFE, 0x90, 0x82, 0x57, 0xF4, 0x07, 0x04, 0xAF, 0xE8, 0x0F, 0xE3, 0x0D, 0xFD, 0xA1,\r\n    0xC3, 0x3B, 0xFA, 0xC3, 0x4F, 0xF0, 0x8A, 0xFE, 0x9B, 0xC0, 0x15, 0x7D, 0x27, 0x78, 0x45, 0x7F,\r\n    0x09, 0x5E, 0xD1, 0x1F, 0x13, 0xBC, 0xA2, 0x3F, 0x36, 0x81, 0x2B, 0xFA, 0x68, 0x22, 0x57, 0x74,\r\n    0x45, 0x5A, 0xCA, 0x15, 0x93, 0x86, 0x72, 0xC5, 0xA5, 0xA9, 0x5C, 0x51, 0x4B, 0x53, 0xB9, 0xA2,\r\n    0x22, 0x2D, 0xE5, 0x0A, 0xD0, 0x44, 0xAE, 0xE8, 0x5F, 0x84, 0xA5, 0xDC, 0xBB, 0x28, 0x4B, 0x39,\r\n    0x77, 0x51, 0x96, 0x72, 0x8B, 0xB4, 0x94, 0x2B, 0x16, 0x69, 0x29, 0x57, 0x2D, 0xD2, 0x52, 0xAE,\r\n    0xEF, 0xA2, 0x2C, 0xE5, 0xDB, 0x65, 0x59, 0x4A, 0xB7, 0xCB, 0xB2, 0x94, 0x6A, 0xB7, 0x65, 0xA9,\r\n    0xA5, 0xBD, 0x96, 0x25, 0x4A, 0x7B, 0x2D, 0x4B, 0x95, 0xF6, 0x5A, 0x96, 0x2F, 0xCD, 0xB5, 0xAC,\r\n    0x5B, 0xBA, 0x6B, 0xD9, 0xB3, 0x54, 0xD7, 0x32, 0xD0, 0x4E, 0xCB, 0xD2, 0x67, 0xA9, 0xAE, 0x65,\r\n    0xCE, 0x52, 0x5D, 0xCB, 0x30, 0x0B, 0x75, 0x2D, 0x98, 0x85, 0xBA, 0x16, 0x60, 0x16, 0xEA, 0x5A,\r\n    0xC0, 0x2C, 0xD4, 0xB5, 0x0E, 0xD3, 0x50, 0x57, 0x1D, 0xA6, 0xA1, 0xAE, 0x3E, 0x6C, 0x43, 0xDD,\r\n    0x79, 0xF8, 0x86, 0x3A, 0xF2, 0xF0, 0x0D, 0x75, 0xE5, 0xE1, 0x1B, 0xEA, 0xCF, 0xE3, 0x37, 0x54,\r\n    0x85, 0x79, 0xA8, 0xEB, 0x74, 0x7E, 0xBF, 0x21, 0xE8, 0xFC, 0x7E, 0x43, 0x9E, 0xC7, 0x6F, 0xA8,\r\n    0x38, 0xAF, 0xDF, 0xD0, 0xD1, 0xF9, 0xFD, 0x86, 0xA7, 0xD3, 0xFB, 0x8D, 0x4A, 0x87, 0xF7, 0x9B\r\n};\r\n\r\nconst std::array<const unsigned char, 256> addr_0x41c5c0 = {\r\n    0xDF, 0x8E, 0xCF, 0xDF, 0xFE, 0x76, 0x7C, 0xFE, 0xFC, 0xED, 0xF8, 0xFC, 0xF9, 0xDB, 0xF1, 0xF9,\r\n    0xF2, 0xB7, 0xE3, 0xF3, 0xBF, 0x1D, 0x9F, 0xBF, 0x7F, 0x3B, 0x3E, 0x7F, 0xE5, 0x6F, 0xC7, 0xE7,\r\n    0xCB, 0xDF, 0x8E, 0xCF, 0x5F, 0xFE, 0x76, 0x7C, 0xBE, 0xFC, 0xED, 0xF8, 0x97, 0xBF, 0x1D, 0x9F,\r\n    0x2F, 0x7F, 0x3B, 0x3E, 0xE0, 0xCB, 0xDF, 0x8E, 0xC1, 0x97, 0xBF, 0x1D, 0xF0, 0xE5, 0x6F, 0xC7,\r\n    0x7C, 0xF9, 0xDB, 0xF1, 0xF8, 0xF2, 0xB7, 0xE3, 0x82, 0x2F, 0x7F, 0x3B, 0x05, 0x5F, 0xFE, 0x76,\r\n    0x56, 0xC1, 0x97, 0xBF, 0x55, 0xF0, 0xE5, 0x6F, 0x15, 0x7C, 0xF9, 0xDB, 0x2A, 0xF8, 0xF2, 0xB7,\r\n    0xAB, 0xE0, 0xCB, 0xDF, 0x0A, 0xBE, 0xFC, 0xED, 0x61, 0x15, 0x7C, 0xF9, 0xC3, 0x2A, 0xF8, 0xF2,\r\n    0x86, 0x55, 0xF0, 0xE5, 0xAC, 0x82, 0x2F, 0x7F, 0x58, 0x05, 0x5F, 0xFE, 0xB0, 0x0A, 0xBE, 0xFC,\r\n    0x0C, 0xAB, 0xE0, 0xCB, 0x19, 0x56, 0xC1, 0x97, 0x32, 0xAC, 0x82, 0x2F, 0x65, 0x58, 0x05, 0x5F,\r\n    0x97, 0x61, 0x15, 0x7C, 0x2E, 0xC3, 0x2A, 0xF8, 0x5C, 0x86, 0x55, 0xF0, 0xB9, 0x0C, 0xAB, 0xE0,\r\n    0x73, 0x19, 0x56, 0xC1, 0xE7, 0x32, 0xAC, 0x82, 0xCB, 0xB0, 0x0A, 0xBE, 0xCE, 0x65, 0x58, 0x05,\r\n    0x9C, 0xCB, 0xB0, 0x0A, 0x72, 0x2E, 0xC3, 0x2A, 0x39, 0x97, 0x61, 0x15, 0xE4, 0x5C, 0x86, 0x55,\r\n    0xC8, 0xB9, 0x0C, 0xAB, 0x23, 0xE7, 0x32, 0xAC, 0x46, 0xCE, 0x65, 0x58, 0x8D, 0x9C, 0xCB, 0xB0,\r\n    0x1B, 0x39, 0x97, 0x61, 0x36, 0x72, 0x2E, 0xC3, 0x6C, 0xE4, 0x5C, 0x86, 0xD9, 0xC8, 0xB9, 0x0C,\r\n    0x91, 0x73, 0x19, 0x56, 0xCB, 0x46, 0xCE, 0x65, 0x96, 0x8D, 0x9C, 0xCB, 0xB2, 0x91, 0x73, 0x19,\r\n    0x65, 0x23, 0xE7, 0x32, 0x2C, 0x1B, 0x39, 0x97, 0x59, 0x36, 0x72, 0x2E, 0xB3, 0x6C, 0xE4, 0x5C\r\n};\r\n\r\nvoid fill_mat(mat_GF2& dst, unsigned long* t1, unsigned long* t2)\r\n{\r\n    for (int i = 0; i < 64; ++i)\r\n    {\r\n        auto tmp = t1[i];\r\n        for (int k = 0; k < 32; ++k)\r\n        {\r\n            dst[k][i] = !!(tmp & 0x80000000);\r\n            tmp <<= 1;\r\n        }\r\n\r\n        tmp = t2[i];\r\n        for (int k = 32; k < 64; ++k)\r\n        {\r\n            dst[k][i] = !!(tmp & 0x80000000);\r\n            tmp <<= 1;\r\n        }\r\n    }\r\n}\r\n\r\nunsigned long long vec_2_int(vec_GF2& src, int from, int to)\r\n{\r\n    unsigned long long ret = 0;\r\n    for (int i = from; i < to; ++i)\r\n    {\r\n        ret = (ret << 1) | (unsigned long long)to_int(rep(src[i]));\r\n    }\r\n    return ret;\r\n}\r\n\r\n\r\nint collapse(int argc, char** argv)\r\n{\r\n    \/\/ key \u662f\u7528\u6237\u540d\u7ecf\u8fc7 hash \u8ba1\u7b97\u5f97\u5230\u7684\u524d\u4e09\u4e2a\uff0c\u8fd9\u91cc\u66ff\u6362\u6389\r\n    unsigned int key[3] = { 0x83bb467a, 0x82023fba, 0xadd52abe };\r\n    unsigned int answer[3] = { 0,0,0 };\r\n\r\n    GF2     d;\r\n    vec_GF2 x, vec_key;\r\n    mat_GF2 m1, m2;\r\n\r\n    m1.SetDims(64, 64);\r\n    m2.SetDims(64, 64);\r\n    x.SetLength(64);\r\n    vec_key.SetLength(64);\r\n\r\n    fill_mat(m1, (unsigned long*)addr_0x41c4c0.data(), (unsigned long*)addr_0x41c5c0.data());\r\n\r\n    for (int i = 0; i < 32; ++i)\r\n    {\r\n        vec_key[i] = !!((key[1] << i) & 0x80000000);\r\n        vec_key[i + 32] = !!((key[2] << i) & 0x80000000);\r\n    }\r\n\r\n    solve(d, x, m1, vec_key);    \/\/ \u8ba1\u7b97 x * A = b \u4e2d\u7684 x\uff0c m1 = A\uff0cvec_key = b\r\n    answer[2] = vec_2_int(x, 32, 64, 31);\r\n\r\n    for (int i = 0; i < 32; ++i)\r\n    {\r\n        vec_key[i] = !!((key[0] << i) & 0x80000000);\r\n        vec_key[i + 32] = x[i];\r\n    }\r\n\r\n    fill_mat(m2, (unsigned long*)addr_0x41c2c0.data(), (unsigned long*)addr_0x41c3c0.data());\r\n\r\n    solve(d, x, m2, vec_key);\r\n    answer[1] = vec_2_int(x, 32, 64, 31);\r\n    answer[0] = vec_2_int(x, 0, 32, 31);\r\n\r\n    return 0;\r\n}\r\n<\/pre>\n
\u6709\u70b9\u6ca1\u641e\u660e\u767d\u7684\u662f\uff0c\u5f53\u6211\u628a\u77e9\u9635\u4e2d\u7684 bit \u987a\u5e8f\u6362\u8fc7\u6765\uff0c\u5373\u4f4e\u4f4d\u5728\u524d\u65f6\u8ba1\u7b97\u7ed3\u679c\u4f1a\u51fa\u9519\uff0c\u5b8c\u5168\u53d8\u6210\u4e86\u522b\u7684\u503c\uff0c\u4e5f\u4e0d\u662f\u6b63\u786e\u7ed3\u679c\u7684\u9006\u5e8f\uff0c\u7167\u7406\u8bf4\u5e94\u8be5\u90fd\u6ca1\u4ec0\u4e48\u5dee\u522b\u624d\u5bf9\u2026\u2026<\/p>\n
\"final\"<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4f5c\u4e3a\u7ec3\u624b\u7684 160 \u4e2a CrackMe \u7cfb\u5217\u6574\u7406\u5206\u6790… <\/p>\n
\u9605\u8bfb\u66f4\u591a<\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[32,33],"class_list":["post-625","post","type-post","status-publish","format-standard","hentry","category-reverse-engineering","tag-crackme","tag-33"],"_links":{"self":[{"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/posts\/625","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/comments?post=625"}],"version-history":[{"count":0,"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/posts\/625\/revisions"}],"wp:attachment":[{"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/media?parent=625"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/categories?post=625"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/tags?post=625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}