google pagerank checksum算法_Asp.Net安全和加密
日期:2008-08-04 浏览次数:20624 次
原来网上早就有了checksum的相关破解,下面试checksum的汇编代码和vb版的破解。
目前我所用的就是vb版的checksum代码。
checksum的汇编代码:
GOOGLECHECK proc near
var_8 = dword ptr -8
var_4 = dword ptr -4
url_offset = dword ptr 8
url_length = dword ptr 0Ch
magic_dword = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+url_length]
cmp eax, 0Ch
push ebx
push esi
mov esi, [ebp+magic_dword] ; = 0xE6359A60
push edi
mov edi, 9E3779B9h ; derived from the golden number, hi TEA ;)
mov ebx, edi
mov [ebp+var_4], eax
jb jump_1
push 0Ch
pop ecx
xor edx, edx
div ecx
mov ecx, [ebp+url_offset]
mov [ebp+var_8], eax
loop_1:
movzx eax, byte ptr [ecx+7]
movzx edx, byte ptr [ecx+6]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+5]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+4]
add edx, edi
shl eax, 8
lea edi, [edx+eax]
movzx eax, byte ptr [ecx+0Bh]
movzx edx, byte ptr [ecx+0Ah]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+9]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+8]
add edx, esi
shl eax, 8
lea esi, [edx+eax]
movzx edx, byte ptr [ecx+3]
movzx eax, byte ptr [ecx+2]
shl edx, 8
add edx, eax
movzx eax, byte ptr [ecx+1]
shl edx, 8
add edx, eax
movzx eax, byte ptr [ecx]
shl edx, 8
add edx, eax
sub edx, edi
sub edx, esi
mov eax, esi
shr eax, 0Dh
add edx, ebx
xor edx, eax
sub edi, edx
sub edi, esi
mov eax, edx
shl eax, 8
xor edi, eax
sub esi, edi
sub esi, edx
mov eax, edi
shr eax, 0Dh
xor esi, eax
sub edx, edi
sub edx, esi
mov eax, esi
shr eax, 0Ch
xor edx, eax
sub edi, edx
sub edi, esi
mov eax, edx
shl eax, 10h
xor edi, eax
sub esi, edi
sub [ebp+var_4], 0Ch
sub esi, edx
mov eax, edi
shr eax, 5
xor esi, eax
sub edx, edi
mov eax, esi
shr eax, 3
sub edx, esi
xor edx, eax
mov ebx, edx
sub edi, ebx
sub edi, esi
mov eax, ebx
shl eax, 0Ah
xor edi, eax
sub esi, edi
mov eax, edi
sub esi, ebx
shr eax, 0Fh
xor esi, eax
add ecx, 0Ch
dec [ebp+var_8]
jnz loop_1
jmp short jump_2
jump_1:
mov ecx, [ebp+url_offset]
jump_2:
add esi, [ebp+url_length]
mov eax, [ebp+var_4]
dec eax
cmp eax, 0Ah ; switch 11 cases
ja defaultswitch ; default
jmp ds:off_100307EA[eax*4] ; switch jump
switch_10:
movzx eax, byte ptr [ecx+0Ah] ; case 0xA
shl eax, 18h
add esi, eax
switch_9:
movzx eax, byte ptr [ecx+9] ; case 0x9
shl eax, 10h
add esi, eax
switch_8:
movzx eax, byte ptr [ecx+8] ; case 0x8
shl eax, 8
add esi, eax
switch_7:
movzx eax, byte ptr [ecx+7] ; case 0x7
movzx edx, byte ptr [ecx+6]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+5]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+4]
shl eax, 8
add edx, edi
lea edi, [edx+eax]
jmp short switch_3 ; case 0x3
switch_6:
movzx eax, byte ptr [ecx+6] ; case 0x6
shl eax, 10h
add edi, eax
switch_5:
movzx eax, byte ptr [ecx+5] ; case 0x5
shl eax, 8
add edi, eax
switch_4:
movzx eax, byte ptr [ecx+4] ; case 0x4
add edi, eax
switch_3:
movzx eax, byte ptr [ecx+3] ; case 0x3
movzx edx, byte ptr [ecx+2]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+1]
movzx ecx, byte ptr [ecx]
shl eax, 8
add ea
目前我所用的就是vb版的checksum代码。
checksum的汇编代码:
GOOGLECHECK proc near
var_8 = dword ptr -8
var_4 = dword ptr -4
url_offset = dword ptr 8
url_length = dword ptr 0Ch
magic_dword = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+url_length]
cmp eax, 0Ch
push ebx
push esi
mov esi, [ebp+magic_dword] ; = 0xE6359A60
push edi
mov edi, 9E3779B9h ; derived from the golden number, hi TEA ;)
mov ebx, edi
mov [ebp+var_4], eax
jb jump_1
push 0Ch
pop ecx
xor edx, edx
div ecx
mov ecx, [ebp+url_offset]
mov [ebp+var_8], eax
loop_1:
movzx eax, byte ptr [ecx+7]
movzx edx, byte ptr [ecx+6]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+5]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+4]
add edx, edi
shl eax, 8
lea edi, [edx+eax]
movzx eax, byte ptr [ecx+0Bh]
movzx edx, byte ptr [ecx+0Ah]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+9]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+8]
add edx, esi
shl eax, 8
lea esi, [edx+eax]
movzx edx, byte ptr [ecx+3]
movzx eax, byte ptr [ecx+2]
shl edx, 8
add edx, eax
movzx eax, byte ptr [ecx+1]
shl edx, 8
add edx, eax
movzx eax, byte ptr [ecx]
shl edx, 8
add edx, eax
sub edx, edi
sub edx, esi
mov eax, esi
shr eax, 0Dh
add edx, ebx
xor edx, eax
sub edi, edx
sub edi, esi
mov eax, edx
shl eax, 8
xor edi, eax
sub esi, edi
sub esi, edx
mov eax, edi
shr eax, 0Dh
xor esi, eax
sub edx, edi
sub edx, esi
mov eax, esi
shr eax, 0Ch
xor edx, eax
sub edi, edx
sub edi, esi
mov eax, edx
shl eax, 10h
xor edi, eax
sub esi, edi
sub [ebp+var_4], 0Ch
sub esi, edx
mov eax, edi
shr eax, 5
xor esi, eax
sub edx, edi
mov eax, esi
shr eax, 3
sub edx, esi
xor edx, eax
mov ebx, edx
sub edi, ebx
sub edi, esi
mov eax, ebx
shl eax, 0Ah
xor edi, eax
sub esi, edi
mov eax, edi
sub esi, ebx
shr eax, 0Fh
xor esi, eax
add ecx, 0Ch
dec [ebp+var_8]
jnz loop_1
jmp short jump_2
jump_1:
mov ecx, [ebp+url_offset]
jump_2:
add esi, [ebp+url_length]
mov eax, [ebp+var_4]
dec eax
cmp eax, 0Ah ; switch 11 cases
ja defaultswitch ; default
jmp ds:off_100307EA[eax*4] ; switch jump
switch_10:
movzx eax, byte ptr [ecx+0Ah] ; case 0xA
shl eax, 18h
add esi, eax
switch_9:
movzx eax, byte ptr [ecx+9] ; case 0x9
shl eax, 10h
add esi, eax
switch_8:
movzx eax, byte ptr [ecx+8] ; case 0x8
shl eax, 8
add esi, eax
switch_7:
movzx eax, byte ptr [ecx+7] ; case 0x7
movzx edx, byte ptr [ecx+6]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+5]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+4]
shl eax, 8
add edx, edi
lea edi, [edx+eax]
jmp short switch_3 ; case 0x3
switch_6:
movzx eax, byte ptr [ecx+6] ; case 0x6
shl eax, 10h
add edi, eax
switch_5:
movzx eax, byte ptr [ecx+5] ; case 0x5
shl eax, 8
add edi, eax
switch_4:
movzx eax, byte ptr [ecx+4] ; case 0x4
add edi, eax
switch_3:
movzx eax, byte ptr [ecx+3] ; case 0x3
movzx edx, byte ptr [ecx+2]
shl eax, 8
add eax, edx
movzx edx, byte ptr [ecx+1]
movzx ecx, byte ptr [ecx]
shl eax, 8
add ea
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
