API tools faq
paste
Guest User

Untitled

a guest
Jun 25th, 2018
146
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.98 KB | None | 0 0
raw download clone embed print report
  1. #include <stdio.h>
  2. #include <openssl/rsa.h>
  3. #include <openssl/pem.h>
  4. #include <openssl/rand.h>
  5. #include <openssl/aes.h>
  6. #include <openssl/err.h>
  7.  
  8. #include <Windows.h>
  9.  
  10. #pragma warning(disable:4996)
  11.  
  12. RSA *__cdecl sub_402480(void *a1, int a2)
  13. {
  14. BIO *v3; // [esp+0h] [ebp-Ch]
  15. EVP_PKEY *v4; // [esp+4h] [ebp-8h]
  16. RSA *v5; // [esp+8h] [ebp-4h]
  17.  
  18. v5 = 0;
  19. v3 = BIO_new_mem_buf(a1, a2);
  20. if (!v3)
  21. return 0;
  22. v4 = PEM_read_bio_PUBKEY(v3, 0, 0, 0);
  23. if (v4)
  24. {
  25. v5 = EVP_PKEY_get1_RSA(v4);
  26. if (v5)
  27. RSA_up_ref(v5);
  28. EVP_PKEY_free(v4);
  29. }
  30. BIO_free_all(v3);
  31. return v5;
  32. }
  33.  
  34. int __cdecl sub_4022C0(RSA *a1, void **a2)
  35. {
  36. BIO_METHOD *v2; // eax
  37. int result; // eax
  38. long v4; // [esp+0h] [ebp-Ch]
  39. BIO *v5; // [esp+8h] [ebp-4h]
  40.  
  41. v2 = BIO_s_mem();
  42. v5 = BIO_new(v2);
  43. if (!v5)
  44. return 0;
  45. if (PEM_write_bio_RSAPrivateKey(v5, a1, 0, 0, 0, 0, 0) == 1)
  46. {
  47. v4 = BIO_ctrl(v5, 10, 0, 0);
  48. *a2 = malloc(v4 + 1);
  49. if (BIO_read(v5, *a2, v4) > 0)
  50. {
  51. *((BYTE *)*a2 + v4) = 0;
  52. BIO_free_all(v5);
  53. result = v4;
  54. }
  55. else
  56. {
  57. BIO_free_all(v5);
  58. result = 0;
  59. }
  60. }
  61. else
  62. {
  63. BIO_free_all(v5);
  64. result = 0;
  65. }
  66. return result;
  67. }
  68.  
  69. signed int __cdecl sub_402220(int a1, char *a2, unsigned int a3, RSA *a4, char *a5)
  70. {
  71. int v6; // [esp+8h] [ebp-10h]
  72. int v7; // [esp+Ch] [ebp-Ch]
  73. unsigned int v8; // [esp+10h] [ebp-8h]
  74. signed int i; // [esp+14h] [ebp-4h]
  75.  
  76. v6 = 0;
  77. v8 = a1 / 8 - 11;
  78. for (i = 0; i < (signed int)(a3 / v8 + 1); ++i)
  79. {
  80. v7 = RSA_public_encrypt(v8, a2, a5, a4, 1);
  81. if (v7 == -1)
  82. return -1;
  83. v6 += v7;
  84. a2 += v8;
  85. a5 += v7;
  86. }
  87. return v6;
  88. }
  89.  
  90. signed int __cdecl decrypt_sub_402220(int a1, char *a2, unsigned int a3, RSA *a4, char *a5)
  91. {
  92. int v6; // [esp+8h] [ebp-10h]
  93. int v7; // [esp+Ch] [ebp-Ch]
  94. unsigned int v8; // [esp+10h] [ebp-8h]
  95. signed int i; // [esp+14h] [ebp-4h]
  96.  
  97. v6 = 0;
  98. v8 = a1 / 8;// - 11;
  99. for (i = 0; i < (signed int)(a3 / v8 + 1); ++i)
  100. {
  101. v7 = RSA_private_decrypt(v8, a2, a5, a4, 1);
  102. if (v7 == -1) {
  103. //char msg[1024] = { 0, };
  104. //ERR_error_string_n(ERR_get_error(), msg, sizeof(msg));
  105. //printf("error msg : %s\n", msg);
  106. ERR_print_errors_fp(stdout);
  107. return -1;
  108. }
  109. v6 += v7;
  110. a2 += v8;
  111. a5 += v7;
  112. }
  113. return v6;
  114. }
  115. int main() {
  116. DWORD nArr[] = {
  117. 0x6b4d5bef, 0xd9edcf34, 0xccfdc933, 0x89be6cd7,
  118. 0x1a7188b6, 0x1c8e7831, 0xb0712ea8, 0x939ce8af,
  119. 0xa4227db1, 0xae8f27b8, 0xba0bbc0e, 0x72ce9455,
  120. 0x2f4dd94b, 0x59cd4619, 0x57be1d23, 0xeca5e90e,
  121. 0xd693d977, 0xe1afbd26, 0x95a16915, 0x0257e45e,
  122. 0x1ab1f331, 0x5d70dd04, 0xec0ea18d, 0x6c430f2d,
  123. 0xe3a7595a, 0xdde2dfd4, 0x04f4f245, 0x02e4612a,
  124. 0x9ebb7435, 0x1a4d9b68, 0x0d7d1638, 0x0ae484a8,
  125. 0x5bb4884e, 0x74ba18b7, 0xdc048bc9, 0x17af05de,
  126. 0x0a7113c0, 0xfc8dff5f, 0x97d4dd8b, 0xb646f780,
  127. 0x9f579fd2, 0x6bd856db, 0xdcae9588, 0x2422327f,
  128. 0x0df2ac66, 0x3b8ca2ad, 0x239cea78, 0x438537ea,
  129. 0x1ca83afe, 0xdc3c81e2, 0x8be891a3, 0x9496bfa4,
  130. 0x77cf60be, 0xf5f757e6, 0xfaded181, 0xed07a72d,
  131. 0x23910b1f, 0xdf519f2e, 0xc96bf5fe, 0xa4dd65c1,
  132. 0xb2e2f40e, 0x2e3c426a, 0x35580644, 0xd6b5b5d2
  133. };
  134.  
  135. DWORD dArr[] = {
  136. 0x4e4488cb, 0x6e67f444, 0x52f516a0, 0xdaa3513b,
  137. 0x3b8f8f39, 0x77122b56, 0xc0d9c800, 0xbcfe3f38,
  138. 0x974b097a, 0x418c4c98, 0x47057b94, 0x8be271fb,
  139. 0x7596a524, 0xf4a9e43a, 0x7ed7f2ea, 0x5bdce42c,
  140. 0x18c034e3, 0x22ac12ec, 0xc8661bb7, 0x81e97b05,
  141. 0x528ae07f, 0xb5980d77, 0x7884f62e, 0xf99f9034,
  142. 0xf150600f, 0xd9ef01a5, 0x922455fa, 0xe1afd460,
  143. 0x138f3693, 0x1051daef, 0xcb1cecf4, 0x2387b3fa,
  144. 0x3d230588, 0xf87c107a, 0x3d585d30, 0x651f593f,
  145. 0xb1a0b7d5, 0xfdb3ff94, 0xba8de907, 0xced9fa55,
  146. 0xbf8fbfe1, 0xf29039e7, 0x931f0e5a, 0x6d6c21aa,
  147. 0xb3f71d99, 0xd25dc1c8, 0x6d1346fa, 0x8258cff1,
  148. 0xbdc57ca9, 0xe8285696, 0x07f06117, 0xb8647fc3,
  149. 0xa534eb29, 0xa3fa3a99, 0xa73f3656, 0x9e051a1e,
  150. 0x17b6076a, 0x3f8bbf74, 0x30f2a3ff, 0x6de8ee81,
  151. 0x21eca2b4, 0x74282c47, 0x2390042d, 0x8f23ce8c
  152. };
  153.  
  154. DWORD pArr[] = {
  155. 0xd8ea3c77, 0x33463880, 0x42671717, 0x153bb329,
  156. 0x79c09a51, 0x0e97183a, 0xfacf9753, 0x695a0d83,
  157. 0x7b62de4c, 0x312f496f, 0x05a7d953, 0xc95e5430,
  158. 0xa4d6ce54, 0x24d512e4, 0xd035c8e4, 0xeb1733ab,
  159. 0x1d4b3cb1, 0x6358ad88, 0x31f18071, 0x23680b9a,
  160. 0x4a158e46, 0x92e6c4ad, 0x6aff2d84, 0x141d201d,
  161. 0xbffc6786, 0x7432f45c, 0xe2be7283, 0xf0d711d7,
  162. 0xc945e7dd, 0xb6727390, 0x1fb91dc8, 0xf7a25485
  163. };
  164.  
  165. DWORD qArr[] = {
  166. 0x1cfc5249, 0x010ba84d, 0x8e27102c, 0xac8dbfd5,
  167. 0x4759978e, 0x5b5c1ef5, 0x945aeb54, 0x0ec57c56,
  168. 0x45cf112d, 0x1b0d6b64, 0xc9dba95d, 0xd79c952c,
  169. 0xda15133f, 0xc5f95cdc, 0xc94467de, 0xf7c35f1f,
  170. 0x94284d70, 0xca54f33c, 0xb716bf11, 0x9c11a03b,
  171. 0xd4cc142b, 0xba260423, 0xcc4802c2, 0x61b696c1,
  172. 0x39b261bc, 0x22c968ff, 0x46fffeca, 0x3f8590c1,
  173. 0x381eba79, 0x4b605f71, 0xbd189501, 0xddf6a22a
  174. };
  175.  
  176. DWORD dmp1Arr[] = {
  177. 0x909c284f, 0xccd97b00, 0x819a0f64, 0x637d221b,
  178. 0x512b118b, 0x5f0f657c, 0x51dfba37, 0xf0e6b3ad,
  179. 0xfcec9432, 0x20ca30f4, 0x591a90e2, 0x30e98d75,
  180. 0xc339dee3, 0x6de361ed, 0x8ace85ed, 0x9cba2272,
  181. 0xbe322876, 0x423b1e5a, 0x214baaf6, 0x6cf007bc,
  182. 0xdc0e5ed9, 0x61ef2dc8, 0x9caa1e58, 0x0d68c013,
  183. 0x2aa84504, 0x4d774d93, 0xec7ef702, 0xf5e4b68f,
  184. 0x862e9a93, 0x79a1a260, 0x6a7b6930, 0xa516e303
  185. };
  186.  
  187. DWORD dmq1Arr[] = {
  188. 0x68a836db, 0x00b27033, 0xb41a0ac8, 0xc85e7fe3,
  189. 0x84e66509, 0x3ce814a3, 0x0d91f238, 0x09d8fd8f,
  190. 0xd934b61e, 0x1208f242, 0xdbe7c63e, 0xe5130e1d,
  191. 0xe6b8b77f, 0x83fb933d, 0x862d9a94, 0xfa823f6a,
  192. 0x62c588f5, 0xdc38a228, 0x7a0f2a0b, 0x12b66ad2,
  193. 0xe332b81d, 0x7c195817, 0xdd85572c, 0xebcf0f2b,
  194. 0x2676ebd2, 0x1730f0aa, 0x84aaa9dc, 0x2a590b2b,
  195. 0x2569d1a6, 0x879594f6, 0xd365b8ab, 0x93f9c171
  196. };
  197.  
  198. DWORD iqmpArr[] = {
  199. 0xc674a964, 0x66d72e6c, 0x610fc67e, 0xb2a3ad1e,
  200. 0x45d5dcbd, 0x6d22a368, 0x84dbbe2b, 0x6fd7e0f1,
  201. 0x632b6cfd, 0x077ac68e, 0x7990f71d, 0x5f52dd8b,
  202. 0xd1022eec, 0x9ea6face, 0xa1d2c1c9, 0x72485e41,
  203. 0x3abd7aa2, 0x547aa62e, 0x0928f550, 0x75b6fe3f,
  204. 0x7baca735, 0xd9e6fddd, 0x3d4d2d5f, 0x213c66f4,
  205. 0x64edb958, 0xace65637, 0x64886dbc, 0xfb021b58,
  206. 0x8201e740, 0xe33c3f5f, 0x95615cce, 0x724ac78c
  207. };
  208.  
  209. RSA *rsa = RSA_generate_key(2048, 3, NULL, NULL);
  210. //RSA_print_fp(stdout, rsa, 0);
  211.  
  212. rsa->pad = 0;
  213. rsa->version = 0;
  214. rsa->engine = 0;
  215.  
  216. rsa->n = (BIGNUM *)malloc(sizeof(BIGNUM));
  217. rsa->n->top = 0x40;
  218. rsa->n->dmax = 0x80;
  219. rsa->n->neg = 0x00;
  220. rsa->n->flags = 0x01;
  221. rsa->n->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->n->dmax);
  222. for (int i = 0; i < sizeof(nArr) / sizeof(DWORD); i++)
  223. rsa->n->d[i] = nArr[i];
  224.  
  225. rsa->e = (BIGNUM *)malloc(sizeof(BIGNUM));
  226. rsa->e->top = 0x01;
  227. rsa->e->dmax = 0x01;
  228. rsa->e->neg = 0x00;
  229. rsa->e->flags = 0x01;
  230. rsa->e->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->e->dmax);
  231. rsa->e->d[0] = 0x03;
  232.  
  233. rsa->d = (BIGNUM *)malloc(sizeof(BIGNUM));
  234. rsa->d->top = 0x40;
  235. rsa->d->dmax = 0x40;
  236. rsa->d->neg = 0x00;
  237. rsa->d->flags = 0x01;
  238. rsa->d->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->d->dmax);
  239. for (int i = 0; i < rsa->d->top; i++)
  240. rsa->d->d[i] = dArr[i];
  241.  
  242. rsa->p = (BIGNUM *)malloc(sizeof(BIGNUM));
  243. rsa->p->top = 0x20;
  244. rsa->p->dmax = 0x20;
  245. rsa->p->neg = 0x00;
  246. rsa->p->flags = 0x01;
  247. rsa->p->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->p->dmax);
  248. for (int i = 0; i < rsa->p->top; i++)
  249. rsa->p->d[i] = pArr[i];
  250.  
  251. rsa->q = (BIGNUM *)malloc(sizeof(BIGNUM));
  252. rsa->q->top = 0x20;
  253. rsa->q->dmax = 0x20;
  254. rsa->q->neg = 0x00;
  255. rsa->q->flags = 0x01;
  256. rsa->q->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->q->dmax);
  257. for (int i = 0; i < rsa->p->top; i++)
  258. rsa->q->d[i] = qArr[i];
  259.  
  260. rsa->dmp1 = (BIGNUM *)malloc(sizeof(BIGNUM));
  261. rsa->dmp1->top = 0x20;
  262. rsa->dmp1->dmax = 0x21;
  263. rsa->dmp1->neg = 0x00;
  264. rsa->dmp1->flags = 0x01;
  265. rsa->dmp1->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->dmp1->dmax);
  266. for (int i = 0; i < rsa->p->top; i++)
  267. rsa->dmp1->d[i] = dmp1Arr[i];
  268.  
  269. rsa->dmq1 = (BIGNUM *)malloc(sizeof(BIGNUM));
  270. rsa->dmq1->top = 0x20;
  271. rsa->dmq1->dmax = 0x21;
  272. rsa->dmq1->neg = 0x00;
  273. rsa->dmq1->flags = 0x01;
  274. rsa->dmq1->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->dmq1->dmax);
  275. for (int i = 0; i < rsa->p->top; i++)
  276. rsa->dmq1->d[i] = dmq1Arr[i];
  277.  
  278. rsa->iqmp = (BIGNUM *)malloc(sizeof(BIGNUM));
  279. rsa->iqmp->top = 0x20;
  280. rsa->iqmp->dmax = 0x20;
  281. rsa->iqmp->neg = 0x00;
  282. rsa->iqmp->flags = 0x01;
  283. rsa->iqmp->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->iqmp->dmax);
  284. for (int i = 0; i < rsa->p->top; i++)
  285. rsa->iqmp->d[i] = iqmpArr[i];
  286.  
  287. rsa->ex_data.sk = 0x00;
  288. rsa->ex_data.dummy = 0xd1b19274;
  289. rsa->references = 0x01;
  290. rsa->flags = 0x06;
  291. rsa->_method_mod_n = 0;
  292. rsa->_method_mod_p = 0;
  293. rsa->_method_mod_q = 0;
  294. rsa->bignum_data = 0;
  295. rsa->blinding = 0;
  296. rsa->mt_blinding = 0;
  297.  
  298. if (!RSA_check_key(rsa))
  299. puts("Shit...");
  300.  
  301. BYTE enc[256] = {
  302. 0xB0, 0x12, 0x69, 0xC5, 0xB1, 0x83, 0x43, 0x2A, 0x12, 0xBE, 0xF6, 0x12, 0x57, 0x5C, 0x28, 0xB5, 0x7C, 0xA5, 0x97, 0x31, 0x52, 0x9E, 0xC4, 0x28, 0xC1, 0xAA, 0xB3, 0x1F, 0x9D, 0x48, 0x20, 0x54, 0xA8, 0xAC, 0x68, 0x63, 0xF4, 0x57, 0x8A, 0x16, 0x71, 0xBD, 0x88, 0x7C, 0x7E, 0x3A, 0x6B, 0xEA, 0xCB, 0x26, 0x05, 0xE2, 0x53, 0xC2, 0x20, 0x59, 0x3E, 0xD9, 0xD0, 0x0A, 0x4B, 0x9D, 0x4C, 0x01, 0x5D, 0x5E, 0xD9, 0x3E, 0xDF, 0x89, 0xC2, 0x89, 0x81, 0xEC, 0x4E, 0x7C, 0x7B, 0x30, 0xF2, 0x0E, 0x10, 0x10, 0x45, 0x00, 0x26, 0x08, 0xDD, 0x68, 0xB2, 0x88, 0xFC, 0x0F, 0x43, 0x67, 0x5C, 0xFE, 0x67, 0x95, 0xD1, 0x58, 0xAE, 0xD4, 0x70, 0x7E, 0xC2, 0xC2, 0x60, 0xD1, 0x9C, 0x98, 0x18, 0x11, 0x28, 0x47, 0x77, 0xA7, 0x90, 0x0B, 0xBA, 0xAA, 0x9E, 0x44, 0x62, 0x6D, 0x91, 0xDC, 0x87, 0xC6, 0x6A, 0xF6, 0x71, 0x3C, 0xB2, 0xA3, 0xD0, 0x99, 0x46, 0xF1, 0xB4, 0x69, 0x23, 0x71, 0x34, 0x7F, 0x5E, 0xC3, 0xDA, 0xFC, 0xE0, 0xA2, 0x1B, 0x95, 0xA5, 0x00, 0xFE, 0xF1, 0x35, 0x84, 0xAF, 0x07, 0x44, 0x67, 0x25, 0x0A, 0x68, 0x15, 0x86, 0x98, 0xCD, 0x46, 0x10, 0xE7, 0xF1, 0x7A, 0xDC, 0x63, 0x88, 0xE6, 0x59, 0x55, 0x02, 0xE1, 0x84, 0x53, 0xC9, 0x3D, 0x66, 0x6B, 0xB9, 0x0F, 0xB5, 0xDC, 0x11, 0x56, 0x06, 0xB7, 0xB6, 0xB4, 0xA9, 0x52, 0x12, 0x51, 0xB1, 0x3C, 0x39, 0xEB, 0xC4, 0xDD, 0x86, 0xF5, 0xF2, 0x4D, 0x80, 0x6B, 0x1B, 0x48, 0x6E, 0xD0, 0xED, 0xE8, 0x2C, 0x33, 0xE8, 0xC4, 0xAF, 0xD7, 0x48, 0x4C, 0x56, 0xA7, 0x90, 0x33, 0xB9, 0x44, 0xD1, 0x2E, 0x84, 0x57, 0x13, 0x19, 0xD9, 0x85, 0x4B, 0xFA, 0xD5, 0xB8, 0xB5, 0x13, 0x95, 0xB2, 0x9F, 0x4D, 0x0B, 0x7E, 0x33, 0xDD
  303. };
  304.  
  305. char *mem = (char *)malloc(2048);
  306. char *ptr = mem;
  307. int l = i2d_RSAPublicKey(rsa, &mem);
  308. mem = ptr;
  309. RSA *PubRSA = d2i_RSAPublicKey(&rsa, &mem, l);
  310. mem = ptr;
  311.  
  312. l = i2d_RSAPrivateKey(rsa, &mem);
  313. mem = ptr;
  314. RSA *PriRSA = d2i_RSAPrivateKey(&rsa, &mem, l);
  315. if (PriRSA == NULL)
  316. puts("PriRSA is null");
  317.  
  318. BYTE dec[sizeof(enc)] = { 0, };
  319. decrypt_sub_402220(2048, enc, 256, PriRSA, dec);
  320. for (int i = 0; i < sizeof(dec); i += 16) {
  321. for(int k = i; k < i + 16 && k < sizeof(dec); k++)
  322. printf("%02X ", dec[k] & 0xff);
  323. puts("");
  324. }
  325.  
  326. char aeskey[32];
  327. char dbuf[2048] = { 0, };
  328. BYTE target[256] = {
  329. 0xB3, 0xEE, 0x9B, 0x5B, 0xC0, 0xF8, 0x1F, 0xFD, 0x0D, 0x82, 0x80, 0x32, 0x33, 0xC8, 0x9B, 0xC0, 0x82, 0xB5, 0x5B, 0xB4, 0xE2, 0x30, 0x8C, 0xCF, 0xC1, 0x2B, 0x1B, 0x76, 0x8F, 0xDC, 0xF8, 0x8C
  330. };
  331. BYTE iv[256 / 8 + 1] = { 0, };
  332. AES_KEY dkey;
  333. memcpy(aeskey, dec, 0x20);
  334.  
  335. AES_set_decrypt_key(aeskey, 256, &dkey);
  336. AES_cbc_encrypt(target, dbuf, 16 * ((23 >> 4) + 1), &dkey, iv, AES_DECRYPT);
  337.  
  338. printf("%s\n", dbuf);
  339.  
  340. free(rsa);
  341.  
  342. scanf("%s", mem);
  343.  
  344. return 0;
  345. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!