win95 pwl文件password.txt

Win95 PWL文件password加密算法

// ================= CRYPT.CPP  1997.8.16 ================ 
#include <stdio.h> 
#include <ctype.h> 
#include <string.h> 
/* The WFWG3.11/Win95's PWL file crypt algorithm demonstration: 
     codes extracted from \Win95\System\MSPWL32.DLL 
   You may use SoftICE to trace it or W32DASM to disassemble it, 
     the offset address of each routine is listed below(You may 
   find the corresponding codes in W32DASM's ALF file according to the 
   offset value)  */ 
typedef unsigned char BYTE; 
inline void SwapByte(BYTE& c1,BYTE& c2) 
{ 
     BYTE temp; 
     temp = c1; 
     c1 = c2; 
     c2 = temp; 
} 
// generate a 32 bit key according to the password(capital) 
// translate from MSPWL32.DLL's codes beginning at 7FCB1972h 
unsigned long GenerateKey(char *pw) 
{ 
     int i, len; 
     unsigned long sum = 0; 
     len = strlen(pw); 
     for(i = 0; i <= len; i++) 
     { 
         sum += toupper(pw[i]); 
         sum = (sum << 0x7) | (sum >> 0x19); 
         // same as rol sum,7 
     } 
     return sum; 
} 
// translate from MSPWL32.DLL's codes beginning at 7FCB1000h 
void GenerateStream(BYTE *stream,unsigned long key) 
{ 
    BYTE keychar[4]; 
    int i,j,shift=0; 
    BYTE index=0; 
    *((unsigned long*)keychar) = key; 
    for(i = 0; i < 256; i++) 
        stream[i] = (BYTE)i; 
    for(i = 0; i < 256; i++) 
    { 
        index += keychar[shift] + stream[i]; 
        SwapByte(stream[i],stream[index]); 
        shift = (shift+1) % 4; 
    } 
} 
// translate from MSPWL32.DLL's codes beginning at 7FCB1088h 
void GenerateXorString(BYTE *src,BYTE *dest) 
{ 
     BYTE j=0,index; 
     int i; 
     for(i = 1; i <= 255; i++) 
     { 
         j += src[i]; 
         SwapByte(src[i],src[j]); 
         index = src[i] + src[j]; 
         dest[i-1] = src[index]; 
     } 
} 
int main(int argc,char *argv[]) 
{ 
    unsigned long key; 
    BYTE table[256]; 
    BYTE xorstr[256]; 
    int i,len; 
    if (argc < 3) 
    { 
        printf("Usage:   Crypt username password\n"); 
        printf("Author:  Raner,DCS,Tsinghua Univ\n"); 
        printf("Comment: This program is used to demonstrate the Win95 
PWL file crypt\n"); 
        printf("         method. You may compare the crypted username 
string with the\n"); 
        printf("         string beginning at offset 0x208 of PWL file. 
\n"); 
        return 1; 
    } 
    key = GenerateKey(argv[2]); 
    printf("\n32 Bits Key:\n  0x%08lX\n",key); 
    GenerateStream(table,key); 
    GenerateXorString(table,xorstr); 
    printf("\nXor String:"); 
    for(i = 0; i < 54; i++) 
    { 
          if ( i % 16 == 0) printf("\n  "); 
          printf("%02X,",xorstr[i]); 
    } 
    printf("......\n"); 
    len = strlen(argv[1]); 
    for(i = 0; i < len; i++) 
       xorstr[i] ^= (BYTE)toupper(argv[1][i]); 
    printf("\nCrypted UserName:\n  "); 
    for(i = 0; i < 20; i++) 
       printf("%02X%c",xorstr[i], i == 19 ? '\n' : ','); 
    /* You may debug username.pwl & d 308 to verify its correctness. 
       Crypted username(20 bytes) is saved at offset 0x208 of *.pwl */ 
    return 0; 
}