Api32 V2.5

标题:Api32 keygen: learn how to use RSA (4千字)
发信人:ArchFire/ATA
时间:2002-12-15 5:48:18
详细信息:

;**************** Api32 V2.5 KeyMaker for fun.asm *******************
;by: ArchFire/ATA @2002-12-14
;*
;*
;* in this case, we will learn RSA algorithm.
;*
;* as we know that Vitaly Evseenko, the author of Apis32, once been a RCEer. So he shows how to use RAS in his little proggy
;* oh, well, it's not so hard, so just find what's happening....
;* you'd better have look on PEDiy's BBS Seletion III for more help, thx goes to those who have witten the good tutors :)
;*
;* IN RSA:
;* 1. Find two prime number: p, q. the larger the better
;* 2. n=p*q, f=(p-1)*(q-1)
;* 3. Select a random number e, which is satisfied: GCD(f, e)=1. Often, we choose 7, 13, 65537....
;* 4. Find d, where: (d*e) mod f=1
;* 5. Encipher proc: C=(M^e) mod n
;* Decipher proc: M=(C^d) mod n
;*
;* In Apis32:
;* C=((M^7) mod 8899) mod 0bb=(M^7) mod 0bb, 'cause 8899 mod 0bb=0
;* n=0bb=11*0b, f=10*0a=0a0, e=7, d=17
;* so, Decipher proc: M=(C^17) mod 0bb
;* Learn and enjoy!
;*
;********************************************************************

.386
.model flat,stdcall
option casemap:none
include hd.h
DlgProc proto :DWORD,:DWORD,:DWORD,:DWORD
DeRSA proto :DWORD, :DWORD

.const
BUFF_SIZE equ 32

ID_MAKE equ   1002
ID_ABOUT equ 1003
ID_CLOSE equ   1004
IDC_NAME   equ   1010
IDC_CODE equ   1011
OURICON       equ   1020
DLG_MAIN equ 1000

.data
szC       db BUFF_SIZE dup (0)
szM       db BUFF_SIZE dup (0)
szTemp db BUFF_SIZE dup (0)
szFormat   db   "%02X", 0
MsgTitle db   "�ATA�KeyGen", 0
MsgContend db   "Apis32 2.50 KeyGen for fun", 0dh, 0ah, 0dh, 0ah
db " by ArchFire/ATA", 0

szInputError   db "Input 8 chars please...", 0

.data?
hInstance HANDLE ?

.code
  .RADIX 16
start:
invoke GetModuleHandle, NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset DlgProc,0
invoke ExitProcess,NULL

DlgProc proc uses ebx edi esi, \
hWnd:DWORD,wMsg:DWORD,wParam:DWORD,lParam:DWORD

LOCAL Ps :PAINTSTRUCT

mov eax,wMsg

  .if eax == WM_CLOSE
      invoke EndDialog,hWnd,NULL

.elseif eax==WM_INITDIALOG
      invoke LoadIconA, hInstance, OURICON           ;note: use "hInstance" instead of "hWnd"; if "dword ptr OURICON" -> PUSH WORD OURICON, wrong result
      test eax, eax
      je initerror
      push edi
      mov edi, eax
      invoke SendMessageA, hWnd, WM_SETICON, ICON_BIG, eax
      invoke SendMessageA, hWnd, WM_SETICON, ICON_SMALL, edi
      pop edi
      initerror:
      nop

  .elseif eax == WM_PAINT
invoke BeginPaint,hWnd,ADDR Ps
invoke FrameWindow,hWnd,0,1,1
invoke FrameWindow,hWnd,1,1,0
invoke EndPaint,hWnd,ADDR Ps
xor eax, eax

  .elseif eax == WM_COMMAND
mov eax,wParam
.IF lParam!=0
.if ax==ID_MAKE
invoke RtlZeroMemory, addr szC, BUFF_SIZE
invoke RtlZeroMemory, addr szM, BUFF_SIZE
invoke GetDlgItemText,hWnd,IDC_NAME,addr szM, BUFF_SIZE
.if eax < 8
  invoke SetDlgItemText,hWnd,IDC_NAME,addr szInputError

.else
  lea esi, szC
  lea edi, szM
  invoke DeRSA, edi, esi
.endif
invoke SetDlgItemText,hWnd,IDC_CODE,addr szC

.elseif ax==ID_CLOSE
  invoke EndDialog,hWnd,NULL
.elseif ax==ID_ABOUT
invoke MessageBox, hWnd, Addr MsgContend, Addr MsgTitle, MB_OK
.endif

.ENDIF
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
DlgProc ENDP

DeRSA proc szName:DWORD, szCode:DWORD

mov esi, szName
push ebp
xor ebp, ebp
push 0bb
pop ebx
;
@loop2:
mov edi, 16               ;hmmm, when edi=17h, we get a wrong result
movzx eax, byte ptr [esi+ebp]
mov ecx, eax
@loop1:
imul ecx
cmp eax, ebx
jl @next2
idiv ebx
mov eax, edx
@next2:
dec edi
jnz @loop1

add ebp, 50
xor ax, bp
sub ebp, 50

mov [esi+ebp], al
inc ebp
cmp ebp, 8
jl @loop2

pop ebp

mov edi, szCode
xor ebx, ebx
p_loop:
xor eax, eax
lodsb
invoke wsprintf, addr szTemp, addr szFormat, eax
cmp bl, 4
jnz @f
mov al, '-'
stosb
@@:
mov ax, word ptr [szTemp+0]
stosw
inc ebx
cmp ebx, 08
jl p_loop
ret

DeRSA endp

end start