Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdio.h>
- #include <openssl/rsa.h>
- #include <openssl/pem.h>
- #include <openssl/rand.h>
- #include <openssl/aes.h>
- #include <openssl/err.h>
- #include <Windows.h>
- #pragma warning(disable:4996)
- RSA *__cdecl sub_402480(void *a1, int a2)
- {
- BIO *v3; // [esp+0h] [ebp-Ch]
- EVP_PKEY *v4; // [esp+4h] [ebp-8h]
- RSA *v5; // [esp+8h] [ebp-4h]
- v5 = 0;
- v3 = BIO_new_mem_buf(a1, a2);
- if (!v3)
- return 0;
- v4 = PEM_read_bio_PUBKEY(v3, 0, 0, 0);
- if (v4)
- {
- v5 = EVP_PKEY_get1_RSA(v4);
- if (v5)
- RSA_up_ref(v5);
- EVP_PKEY_free(v4);
- }
- BIO_free_all(v3);
- return v5;
- }
- int __cdecl sub_4022C0(RSA *a1, void **a2)
- {
- BIO_METHOD *v2; // eax
- int result; // eax
- long v4; // [esp+0h] [ebp-Ch]
- BIO *v5; // [esp+8h] [ebp-4h]
- v2 = BIO_s_mem();
- v5 = BIO_new(v2);
- if (!v5)
- return 0;
- if (PEM_write_bio_RSAPrivateKey(v5, a1, 0, 0, 0, 0, 0) == 1)
- {
- v4 = BIO_ctrl(v5, 10, 0, 0);
- *a2 = malloc(v4 + 1);
- if (BIO_read(v5, *a2, v4) > 0)
- {
- *((BYTE *)*a2 + v4) = 0;
- BIO_free_all(v5);
- result = v4;
- }
- else
- {
- BIO_free_all(v5);
- result = 0;
- }
- }
- else
- {
- BIO_free_all(v5);
- result = 0;
- }
- return result;
- }
- signed int __cdecl sub_402220(int a1, char *a2, unsigned int a3, RSA *a4, char *a5)
- {
- int v6; // [esp+8h] [ebp-10h]
- int v7; // [esp+Ch] [ebp-Ch]
- unsigned int v8; // [esp+10h] [ebp-8h]
- signed int i; // [esp+14h] [ebp-4h]
- v6 = 0;
- v8 = a1 / 8 - 11;
- for (i = 0; i < (signed int)(a3 / v8 + 1); ++i)
- {
- v7 = RSA_public_encrypt(v8, a2, a5, a4, 1);
- if (v7 == -1)
- return -1;
- v6 += v7;
- a2 += v8;
- a5 += v7;
- }
- return v6;
- }
- signed int __cdecl decrypt_sub_402220(int a1, char *a2, unsigned int a3, RSA *a4, char *a5)
- {
- int v6; // [esp+8h] [ebp-10h]
- int v7; // [esp+Ch] [ebp-Ch]
- unsigned int v8; // [esp+10h] [ebp-8h]
- signed int i; // [esp+14h] [ebp-4h]
- v6 = 0;
- v8 = a1 / 8;// - 11;
- for (i = 0; i < (signed int)(a3 / v8 + 1); ++i)
- {
- v7 = RSA_private_decrypt(v8, a2, a5, a4, 1);
- if (v7 == -1) {
- //char msg[1024] = { 0, };
- //ERR_error_string_n(ERR_get_error(), msg, sizeof(msg));
- //printf("error msg : %s\n", msg);
- ERR_print_errors_fp(stdout);
- return -1;
- }
- v6 += v7;
- a2 += v8;
- a5 += v7;
- }
- return v6;
- }
- int main() {
- DWORD nArr[] = {
- 0x6b4d5bef, 0xd9edcf34, 0xccfdc933, 0x89be6cd7,
- 0x1a7188b6, 0x1c8e7831, 0xb0712ea8, 0x939ce8af,
- 0xa4227db1, 0xae8f27b8, 0xba0bbc0e, 0x72ce9455,
- 0x2f4dd94b, 0x59cd4619, 0x57be1d23, 0xeca5e90e,
- 0xd693d977, 0xe1afbd26, 0x95a16915, 0x0257e45e,
- 0x1ab1f331, 0x5d70dd04, 0xec0ea18d, 0x6c430f2d,
- 0xe3a7595a, 0xdde2dfd4, 0x04f4f245, 0x02e4612a,
- 0x9ebb7435, 0x1a4d9b68, 0x0d7d1638, 0x0ae484a8,
- 0x5bb4884e, 0x74ba18b7, 0xdc048bc9, 0x17af05de,
- 0x0a7113c0, 0xfc8dff5f, 0x97d4dd8b, 0xb646f780,
- 0x9f579fd2, 0x6bd856db, 0xdcae9588, 0x2422327f,
- 0x0df2ac66, 0x3b8ca2ad, 0x239cea78, 0x438537ea,
- 0x1ca83afe, 0xdc3c81e2, 0x8be891a3, 0x9496bfa4,
- 0x77cf60be, 0xf5f757e6, 0xfaded181, 0xed07a72d,
- 0x23910b1f, 0xdf519f2e, 0xc96bf5fe, 0xa4dd65c1,
- 0xb2e2f40e, 0x2e3c426a, 0x35580644, 0xd6b5b5d2
- };
- DWORD dArr[] = {
- 0x4e4488cb, 0x6e67f444, 0x52f516a0, 0xdaa3513b,
- 0x3b8f8f39, 0x77122b56, 0xc0d9c800, 0xbcfe3f38,
- 0x974b097a, 0x418c4c98, 0x47057b94, 0x8be271fb,
- 0x7596a524, 0xf4a9e43a, 0x7ed7f2ea, 0x5bdce42c,
- 0x18c034e3, 0x22ac12ec, 0xc8661bb7, 0x81e97b05,
- 0x528ae07f, 0xb5980d77, 0x7884f62e, 0xf99f9034,
- 0xf150600f, 0xd9ef01a5, 0x922455fa, 0xe1afd460,
- 0x138f3693, 0x1051daef, 0xcb1cecf4, 0x2387b3fa,
- 0x3d230588, 0xf87c107a, 0x3d585d30, 0x651f593f,
- 0xb1a0b7d5, 0xfdb3ff94, 0xba8de907, 0xced9fa55,
- 0xbf8fbfe1, 0xf29039e7, 0x931f0e5a, 0x6d6c21aa,
- 0xb3f71d99, 0xd25dc1c8, 0x6d1346fa, 0x8258cff1,
- 0xbdc57ca9, 0xe8285696, 0x07f06117, 0xb8647fc3,
- 0xa534eb29, 0xa3fa3a99, 0xa73f3656, 0x9e051a1e,
- 0x17b6076a, 0x3f8bbf74, 0x30f2a3ff, 0x6de8ee81,
- 0x21eca2b4, 0x74282c47, 0x2390042d, 0x8f23ce8c
- };
- DWORD pArr[] = {
- 0xd8ea3c77, 0x33463880, 0x42671717, 0x153bb329,
- 0x79c09a51, 0x0e97183a, 0xfacf9753, 0x695a0d83,
- 0x7b62de4c, 0x312f496f, 0x05a7d953, 0xc95e5430,
- 0xa4d6ce54, 0x24d512e4, 0xd035c8e4, 0xeb1733ab,
- 0x1d4b3cb1, 0x6358ad88, 0x31f18071, 0x23680b9a,
- 0x4a158e46, 0x92e6c4ad, 0x6aff2d84, 0x141d201d,
- 0xbffc6786, 0x7432f45c, 0xe2be7283, 0xf0d711d7,
- 0xc945e7dd, 0xb6727390, 0x1fb91dc8, 0xf7a25485
- };
- DWORD qArr[] = {
- 0x1cfc5249, 0x010ba84d, 0x8e27102c, 0xac8dbfd5,
- 0x4759978e, 0x5b5c1ef5, 0x945aeb54, 0x0ec57c56,
- 0x45cf112d, 0x1b0d6b64, 0xc9dba95d, 0xd79c952c,
- 0xda15133f, 0xc5f95cdc, 0xc94467de, 0xf7c35f1f,
- 0x94284d70, 0xca54f33c, 0xb716bf11, 0x9c11a03b,
- 0xd4cc142b, 0xba260423, 0xcc4802c2, 0x61b696c1,
- 0x39b261bc, 0x22c968ff, 0x46fffeca, 0x3f8590c1,
- 0x381eba79, 0x4b605f71, 0xbd189501, 0xddf6a22a
- };
- DWORD dmp1Arr[] = {
- 0x909c284f, 0xccd97b00, 0x819a0f64, 0x637d221b,
- 0x512b118b, 0x5f0f657c, 0x51dfba37, 0xf0e6b3ad,
- 0xfcec9432, 0x20ca30f4, 0x591a90e2, 0x30e98d75,
- 0xc339dee3, 0x6de361ed, 0x8ace85ed, 0x9cba2272,
- 0xbe322876, 0x423b1e5a, 0x214baaf6, 0x6cf007bc,
- 0xdc0e5ed9, 0x61ef2dc8, 0x9caa1e58, 0x0d68c013,
- 0x2aa84504, 0x4d774d93, 0xec7ef702, 0xf5e4b68f,
- 0x862e9a93, 0x79a1a260, 0x6a7b6930, 0xa516e303
- };
- DWORD dmq1Arr[] = {
- 0x68a836db, 0x00b27033, 0xb41a0ac8, 0xc85e7fe3,
- 0x84e66509, 0x3ce814a3, 0x0d91f238, 0x09d8fd8f,
- 0xd934b61e, 0x1208f242, 0xdbe7c63e, 0xe5130e1d,
- 0xe6b8b77f, 0x83fb933d, 0x862d9a94, 0xfa823f6a,
- 0x62c588f5, 0xdc38a228, 0x7a0f2a0b, 0x12b66ad2,
- 0xe332b81d, 0x7c195817, 0xdd85572c, 0xebcf0f2b,
- 0x2676ebd2, 0x1730f0aa, 0x84aaa9dc, 0x2a590b2b,
- 0x2569d1a6, 0x879594f6, 0xd365b8ab, 0x93f9c171
- };
- DWORD iqmpArr[] = {
- 0xc674a964, 0x66d72e6c, 0x610fc67e, 0xb2a3ad1e,
- 0x45d5dcbd, 0x6d22a368, 0x84dbbe2b, 0x6fd7e0f1,
- 0x632b6cfd, 0x077ac68e, 0x7990f71d, 0x5f52dd8b,
- 0xd1022eec, 0x9ea6face, 0xa1d2c1c9, 0x72485e41,
- 0x3abd7aa2, 0x547aa62e, 0x0928f550, 0x75b6fe3f,
- 0x7baca735, 0xd9e6fddd, 0x3d4d2d5f, 0x213c66f4,
- 0x64edb958, 0xace65637, 0x64886dbc, 0xfb021b58,
- 0x8201e740, 0xe33c3f5f, 0x95615cce, 0x724ac78c
- };
- RSA *rsa = RSA_generate_key(2048, 3, NULL, NULL);
- //RSA_print_fp(stdout, rsa, 0);
- rsa->pad = 0;
- rsa->version = 0;
- rsa->engine = 0;
- rsa->n = (BIGNUM *)malloc(sizeof(BIGNUM));
- rsa->n->top = 0x40;
- rsa->n->dmax = 0x80;
- rsa->n->neg = 0x00;
- rsa->n->flags = 0x01;
- rsa->n->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->n->dmax);
- for (int i = 0; i < sizeof(nArr) / sizeof(DWORD); i++)
- rsa->n->d[i] = nArr[i];
- rsa->e = (BIGNUM *)malloc(sizeof(BIGNUM));
- rsa->e->top = 0x01;
- rsa->e->dmax = 0x01;
- rsa->e->neg = 0x00;
- rsa->e->flags = 0x01;
- rsa->e->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->e->dmax);
- rsa->e->d[0] = 0x03;
- rsa->d = (BIGNUM *)malloc(sizeof(BIGNUM));
- rsa->d->top = 0x40;
- rsa->d->dmax = 0x40;
- rsa->d->neg = 0x00;
- rsa->d->flags = 0x01;
- rsa->d->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->d->dmax);
- for (int i = 0; i < rsa->d->top; i++)
- rsa->d->d[i] = dArr[i];
- rsa->p = (BIGNUM *)malloc(sizeof(BIGNUM));
- rsa->p->top = 0x20;
- rsa->p->dmax = 0x20;
- rsa->p->neg = 0x00;
- rsa->p->flags = 0x01;
- rsa->p->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->p->dmax);
- for (int i = 0; i < rsa->p->top; i++)
- rsa->p->d[i] = pArr[i];
- rsa->q = (BIGNUM *)malloc(sizeof(BIGNUM));
- rsa->q->top = 0x20;
- rsa->q->dmax = 0x20;
- rsa->q->neg = 0x00;
- rsa->q->flags = 0x01;
- rsa->q->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->q->dmax);
- for (int i = 0; i < rsa->p->top; i++)
- rsa->q->d[i] = qArr[i];
- rsa->dmp1 = (BIGNUM *)malloc(sizeof(BIGNUM));
- rsa->dmp1->top = 0x20;
- rsa->dmp1->dmax = 0x21;
- rsa->dmp1->neg = 0x00;
- rsa->dmp1->flags = 0x01;
- rsa->dmp1->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->dmp1->dmax);
- for (int i = 0; i < rsa->p->top; i++)
- rsa->dmp1->d[i] = dmp1Arr[i];
- rsa->dmq1 = (BIGNUM *)malloc(sizeof(BIGNUM));
- rsa->dmq1->top = 0x20;
- rsa->dmq1->dmax = 0x21;
- rsa->dmq1->neg = 0x00;
- rsa->dmq1->flags = 0x01;
- rsa->dmq1->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->dmq1->dmax);
- for (int i = 0; i < rsa->p->top; i++)
- rsa->dmq1->d[i] = dmq1Arr[i];
- rsa->iqmp = (BIGNUM *)malloc(sizeof(BIGNUM));
- rsa->iqmp->top = 0x20;
- rsa->iqmp->dmax = 0x20;
- rsa->iqmp->neg = 0x00;
- rsa->iqmp->flags = 0x01;
- rsa->iqmp->d = (unsigned int *)malloc(sizeof(unsigned int) * rsa->iqmp->dmax);
- for (int i = 0; i < rsa->p->top; i++)
- rsa->iqmp->d[i] = iqmpArr[i];
- rsa->ex_data.sk = 0x00;
- rsa->ex_data.dummy = 0xd1b19274;
- rsa->references = 0x01;
- rsa->flags = 0x06;
- rsa->_method_mod_n = 0;
- rsa->_method_mod_p = 0;
- rsa->_method_mod_q = 0;
- rsa->bignum_data = 0;
- rsa->blinding = 0;
- rsa->mt_blinding = 0;
- if (!RSA_check_key(rsa))
- puts("Shit...");
- BYTE enc[256] = {
- 0xB0, 0x12, 0x69, 0xC5, 0xB1, 0x83, 0x43, 0x2A, 0x12, 0xBE, 0xF6, 0x12, 0x57, 0x5C, 0x28, 0xB5, 0x7C, 0xA5, 0x97, 0x31, 0x52, 0x9E, 0xC4, 0x28, 0xC1, 0xAA, 0xB3, 0x1F, 0x9D, 0x48, 0x20, 0x54, 0xA8, 0xAC, 0x68, 0x63, 0xF4, 0x57, 0x8A, 0x16, 0x71, 0xBD, 0x88, 0x7C, 0x7E, 0x3A, 0x6B, 0xEA, 0xCB, 0x26, 0x05, 0xE2, 0x53, 0xC2, 0x20, 0x59, 0x3E, 0xD9, 0xD0, 0x0A, 0x4B, 0x9D, 0x4C, 0x01, 0x5D, 0x5E, 0xD9, 0x3E, 0xDF, 0x89, 0xC2, 0x89, 0x81, 0xEC, 0x4E, 0x7C, 0x7B, 0x30, 0xF2, 0x0E, 0x10, 0x10, 0x45, 0x00, 0x26, 0x08, 0xDD, 0x68, 0xB2, 0x88, 0xFC, 0x0F, 0x43, 0x67, 0x5C, 0xFE, 0x67, 0x95, 0xD1, 0x58, 0xAE, 0xD4, 0x70, 0x7E, 0xC2, 0xC2, 0x60, 0xD1, 0x9C, 0x98, 0x18, 0x11, 0x28, 0x47, 0x77, 0xA7, 0x90, 0x0B, 0xBA, 0xAA, 0x9E, 0x44, 0x62, 0x6D, 0x91, 0xDC, 0x87, 0xC6, 0x6A, 0xF6, 0x71, 0x3C, 0xB2, 0xA3, 0xD0, 0x99, 0x46, 0xF1, 0xB4, 0x69, 0x23, 0x71, 0x34, 0x7F, 0x5E, 0xC3, 0xDA, 0xFC, 0xE0, 0xA2, 0x1B, 0x95, 0xA5, 0x00, 0xFE, 0xF1, 0x35, 0x84, 0xAF, 0x07, 0x44, 0x67, 0x25, 0x0A, 0x68, 0x15, 0x86, 0x98, 0xCD, 0x46, 0x10, 0xE7, 0xF1, 0x7A, 0xDC, 0x63, 0x88, 0xE6, 0x59, 0x55, 0x02, 0xE1, 0x84, 0x53, 0xC9, 0x3D, 0x66, 0x6B, 0xB9, 0x0F, 0xB5, 0xDC, 0x11, 0x56, 0x06, 0xB7, 0xB6, 0xB4, 0xA9, 0x52, 0x12, 0x51, 0xB1, 0x3C, 0x39, 0xEB, 0xC4, 0xDD, 0x86, 0xF5, 0xF2, 0x4D, 0x80, 0x6B, 0x1B, 0x48, 0x6E, 0xD0, 0xED, 0xE8, 0x2C, 0x33, 0xE8, 0xC4, 0xAF, 0xD7, 0x48, 0x4C, 0x56, 0xA7, 0x90, 0x33, 0xB9, 0x44, 0xD1, 0x2E, 0x84, 0x57, 0x13, 0x19, 0xD9, 0x85, 0x4B, 0xFA, 0xD5, 0xB8, 0xB5, 0x13, 0x95, 0xB2, 0x9F, 0x4D, 0x0B, 0x7E, 0x33, 0xDD
- };
- char *mem = (char *)malloc(2048);
- char *ptr = mem;
- int l = i2d_RSAPublicKey(rsa, &mem);
- mem = ptr;
- RSA *PubRSA = d2i_RSAPublicKey(&rsa, &mem, l);
- mem = ptr;
- l = i2d_RSAPrivateKey(rsa, &mem);
- mem = ptr;
- RSA *PriRSA = d2i_RSAPrivateKey(&rsa, &mem, l);
- if (PriRSA == NULL)
- puts("PriRSA is null");
- BYTE dec[sizeof(enc)] = { 0, };
- decrypt_sub_402220(2048, enc, 256, PriRSA, dec);
- for (int i = 0; i < sizeof(dec); i += 16) {
- for(int k = i; k < i + 16 && k < sizeof(dec); k++)
- printf("%02X ", dec[k] & 0xff);
- puts("");
- }
- char aeskey[32];
- char dbuf[2048] = { 0, };
- BYTE target[256] = {
- 0xB3, 0xEE, 0x9B, 0x5B, 0xC0, 0xF8, 0x1F, 0xFD, 0x0D, 0x82, 0x80, 0x32, 0x33, 0xC8, 0x9B, 0xC0, 0x82, 0xB5, 0x5B, 0xB4, 0xE2, 0x30, 0x8C, 0xCF, 0xC1, 0x2B, 0x1B, 0x76, 0x8F, 0xDC, 0xF8, 0x8C
- };
- BYTE iv[256 / 8 + 1] = { 0, };
- AES_KEY dkey;
- memcpy(aeskey, dec, 0x20);
- AES_set_decrypt_key(aeskey, 256, &dkey);
- AES_cbc_encrypt(target, dbuf, 16 * ((23 >> 4) + 1), &dkey, iv, AES_DECRYPT);
- printf("%s\n", dbuf);
- free(rsa);
- scanf("%s", mem);
- return 0;
- }
Add Comment
Please, Sign In to add comment