• 标 题:Api32 keygen: learn how to use RSA (4千字)
  • 作 者:ArchFire/ATA
  • 时 间:2002-12-15 5:48:18
  • 链 接:http://bbs.pediy.com

;**************** Api32 V2.5 KeyMaker for fun.asm *******************
;by: ArchFire/ATA @2002-12-14
;*
;*
;* in this case, we will learn RSA algorithm.
;*
;* as we know that Vitaly Evseenko, the author of Apis32, once been a RCEer. So he shows how to use RAS in his little proggy
;* oh, well, it's not so hard, so just find what's happening....
;* you'd better have look on PEDiy's BBS Seletion III for more help, thx goes to those who have witten the good tutors :)
;*
;* IN RSA:
;* 1. Find two prime number: p, q. the larger the better
;* 2. n=p*q, f=(p-1)*(q-1)
;* 3. Select a random number e, which is satisfied: GCD(f, e)=1. Often, we choose 7, 13, 65537....
;* 4. Find d, where: (d*e) mod f=1
;* 5. Encipher proc: C=(M^e) mod n
;*    Decipher proc: M=(C^d) mod n
;*
;* In Apis32:
;* C=((M^7) mod 8899) mod 0bb=(M^7) mod 0bb, 'cause 8899 mod 0bb=0
;* n=0bb=11*0b, f=10*0a=0a0, e=7, d=17
;* so, Decipher proc: M=(C^17) mod 0bb
;* Learn and enjoy!
;*
;********************************************************************

.386
.model flat,stdcall
option casemap:none
include hd.h
DlgProc proto :DWORD,:DWORD,:DWORD,:DWORD
DeRSA proto :DWORD, :DWORD


        .const
BUFF_SIZE      equ    32

ID_MAKE        equ    1002
ID_ABOUT        equ    1003
ID_CLOSE        equ    1004
IDC_NAME    equ    1010
IDC_CODE        equ    1011
OURICON        equ    1020
DLG_MAIN        equ    1000

        .data
szC        db      BUFF_SIZE dup (0)
szM        db      BUFF_SIZE dup (0)
szTemp          db      BUFF_SIZE dup (0)
szFormat    db    "%02X", 0
MsgTitle        db    "ATAKeyGen", 0
MsgContend      db    "Apis32 2.50 KeyGen for fun", 0dh, 0ah, 0dh, 0ah
                db      "    by ArchFire/ATA", 0

szInputError    db      "Input 8 chars please...", 0


        .data?
hInstance  HANDLE ?

        .code
    .RADIX 16
start:
    invoke    GetModuleHandle, NULL
    mov      hInstance,eax
    invoke    DialogBoxParam,hInstance,DLG_MAIN,NULL,offset DlgProc,0
    invoke    ExitProcess,NULL

DlgProc    proc    uses ebx edi esi, \
        hWnd:DWORD,wMsg:DWORD,wParam:DWORD,lParam:DWORD

        LOCAL Ps :PAINTSTRUCT

        mov    eax,wMsg

    .if    eax == WM_CLOSE
        invoke    EndDialog,hWnd,NULL

        .elseif eax==WM_INITDIALOG
        invoke LoadIconA, hInstance, OURICON            ;note: use "hInstance" instead of "hWnd"; if "dword ptr OURICON" -> PUSH WORD OURICON, wrong result
        test eax, eax
        je initerror
        push edi
        mov edi, eax
        invoke SendMessageA, hWnd, WM_SETICON, ICON_BIG, eax
        invoke SendMessageA, hWnd, WM_SETICON, ICON_SMALL, edi
        pop edi
        initerror:
        nop

    .elseif eax == WM_PAINT
                invoke BeginPaint,hWnd,ADDR Ps
                invoke FrameWindow,hWnd,0,1,1
                invoke FrameWindow,hWnd,1,1,0
                invoke EndPaint,hWnd,ADDR Ps
                xor eax, eax

    .elseif    eax == WM_COMMAND
          mov eax,wParam
          .IF lParam!=0
            .if ax==ID_MAKE
                invoke RtlZeroMemory, addr szC, BUFF_SIZE
                invoke RtlZeroMemory, addr szM, BUFF_SIZE
                invoke GetDlgItemText,hWnd,IDC_NAME,addr szM, BUFF_SIZE
                .if eax < 8
                    invoke SetDlgItemText,hWnd,IDC_NAME,addr szInputError

                .else
                    lea esi, szC
                    lea edi, szM
                    invoke DeRSA, edi, esi
              .endif
              invoke SetDlgItemText,hWnd,IDC_CODE,addr szC

            .elseif ax==ID_CLOSE
                invoke    EndDialog,hWnd,NULL
            .elseif ax==ID_ABOUT
                invoke MessageBox, hWnd, Addr MsgContend, Addr MsgTitle, MB_OK
            .endif

          .ENDIF
        .else
        mov eax,FALSE
        ret
          .endif
        mov eax,TRUE
        ret
DlgProc    ENDP


DeRSA proc szName:DWORD, szCode:DWORD
   
    mov esi, szName
    push ebp
    xor ebp, ebp
    push 0bb
    pop ebx
    ;
@loop2:
    mov edi, 16                ;hmmm, when edi=17h, we get a wrong result
    movzx eax, byte ptr [esi+ebp]
    mov ecx, eax
@loop1:
    imul ecx
    cmp eax, ebx
    jl @next2
    idiv ebx
    mov eax, edx
@next2:
    dec edi
    jnz @loop1

    add ebp, 50
    xor ax, bp
    sub ebp, 50

    mov [esi+ebp], al
    inc ebp
    cmp ebp, 8
    jl @loop2

    pop ebp

    mov edi, szCode
    xor ebx, ebx
p_loop:
    xor eax, eax
    lodsb
    invoke wsprintf, addr szTemp, addr szFormat, eax
    cmp bl, 4
    jnz @f
    mov al, '-'
    stosb
@@:
    mov ax, word ptr [szTemp+0]
    stosw
    inc ebx
    cmp ebx, 08
    jl p_loop
    ret
   

DeRSA endp

end start