有一段解密代码，一个加密字节进去，一个解密字节出来。大家看看是怎么解密的？

yikuaitie 2017-06-11 08:58:05

1.跟踪到解密的地方后看不出是怎么加密解密的，可以肯定是逐个字节解密，跟上下文无关。代码附后；
2.部分明文/密文对照：0x30/0x90 0x31/0x98 0x32/0x91 0x33/0x99 0x35/0x9A 0xBA/0XD5 0XCD/0X6E;
3.如果看不出如何解密的，能否请教高手把汇编代码适当修改，我直接放到自己的C++程序中调用。汇编代码就两个函数，一个主函数，一个被调用的子函数，没有其他东西。谢谢！
解密过程的汇编代码，一个加密字节进，一个解密字节出：
.text:00402264 ; ***************主函数**********
.text:00402264 sub_402264 proc near
.text:00402264
.text:00402264 var_20 = dword ptr -20h
.text:00402264 arg_0 = byte ptr 8
.text:00402264 arg_4 = dword ptr 0Ch
.text:00402264
.text:00402264 push ebp
.text:00402265 mov ebp, esp
.text:00402267 add esp, 0FFFFFFE0h
.text:0040226A push ebx
.text:0040226B push esi
.text:0040226C push edi
.text:0040226D mov ecx, [ebp+arg_4]
.text:00402270 mov bl, [ebp+arg_0]
.text:00402273 xor edi, edi
.text:00402275 mov esi, ecx
.text:00402277 mov eax, esi
.text:00402279 cdq
.text:0040227A xor eax, edx
.text:0040227C sub eax, edx
.text:0040227E add eax, eax
.text:00402280 mov ecx, eax
.text:00402282 lea esi, [ebp+var_20]
.text:00402285 test ecx, ecx
.text:00402287 jle short loc_4022AC
.text:00402287
.text:00402289
.text:00402289 loc_402289:
.text:00402289 mov eax, ecx
.text:0040228B push ecx
.text:0040228C cdq
.text:0040228D mov ecx, 7
.text:00402292 inc edi
.text:00402293 idiv ecx
.text:00402295 pop ecx
.text:00402296 inc edx
.text:00402297 mov [esi], edx
.text:00402299 mov eax, ecx
.text:0040229B cdq
.text:0040229C mov ecx, 7
.text:004022A1 add esi, 4
.text:004022A4 idiv ecx
.text:004022A6 mov ecx, eax
.text:004022A8 test ecx, ecx
.text:004022AA jg short loc_402289
.text:004022AA
.text:004022AC
.text:004022AC loc_4022AC:
.text:004022AC lea esi, [edi-1]
.text:004022AF lea edi, [ebp+esi*4+var_20]
.text:004022B3 test esi, esi
.text:004022B5 jl short loc_4022CD
.text:004022B5
.text:004022B7
.text:004022B7 loc_4022B7:
.text:004022B7 mov eax, [edi]
.text:004022B9 push eax
.text:004022BA push ebx
.text:004022BB call sub_4023E4
.text:004022BB
.text:004022C0 add esp, 8
.text:004022C3 mov ebx, eax
.text:004022C5 dec esi
.text:004022C6 add edi, 0FFFFFFFCh
.text:004022C9 test esi, esi
.text:004022CB jge short loc_4022B7
.text:004022CB
.text:004022CD
.text:004022CD loc_4022CD:
.text:004022CD mov eax, ebx
.text:004022CF pop edi
.text:004022D0 pop esi
.text:004022D1 pop ebx
.text:004022D2 mov esp, ebp
.text:004022D4 pop ebp
.text:004022D5 retn
.text:004022D5
.text:004022D5 sub_402264 endp
.text:004023E4 ; *************** 子函数 ***************************************
.text:004023E4 sub_4023E4 proc near
.text:004023E4
.text:004023E4 var_20 = word ptr -20h
.text:004023E4 var_10 = dword ptr -10h
.text:004023E4 var_2 = word ptr -2
.text:004023E4 arg_0 = byte ptr 8
.text:004023E4 arg_4 = dword ptr 0Ch
.text:004023E4
.text:004023E4 push ebp
.text:004023E5 mov ebp, esp
.text:004023E7 add esp, 0FFFFFFE0h
.text:004023EA xor edx, edx
.text:004023EC xor eax, eax
.text:004023EE push ebx
.text:004023EF push esi
.text:004023F0 lea ebx, [ebp+var_10]
.text:004023F3 mov ecx, [ebp+arg_4]
.text:004023F6 mov dl, [ebp+arg_0]
.text:004023F6
.text:004023F9
.text:004023F9 loc_4023F9:
.text:004023F9 movzx esi, dx
.text:004023FC and esi, 80000001h
.text:00402402 jns short loc_402409
.text:00402402
.text:00402404 dec esi
.text:00402405 or esi, 0FFFFFFFEh
.text:00402408 inc esi
.text:00402408
.text:00402409
.text:00402409 loc_402409:
.text:00402409 mov [ebx], si
.text:0040240C movzx edx, dx
.text:0040240F sar edx, 1
.text:00402411 jns short loc_402416
.text:00402411
.text:00402413 adc edx, 0
.text:00402413
.text:00402416
.text:00402416 loc_402416:
.text:00402416 inc eax
.text:00402417 add ebx, 2
.text:0040241A cmp eax, 8
.text:0040241D jl short loc_4023F9
.text:0040241D
.text:0040241F xor eax, eax
.text:00402421 lea edx, [ebp+var_10]
.text:00402421
.text:00402424
.text:00402424 loc_402424:
.text:00402424 mov bx, [edx]
.text:00402427 mov [ebp+var_20], bx
.text:0040242B mov ebx, 7
.text:00402430 sub ebx, eax
.text:00402432 inc eax
.text:00402433 mov si, word ptr [ebp+ebx*2+var_10]
.text:00402438 mov [edx], si
.text:0040243B add edx, 2
.text:0040243E mov si, [ebp+var_20]
.text:00402442 cmp eax, 4
.text:00402445 mov word ptr [ebp+ebx*2+var_10], si
.text:0040244A jl short loc_402424
.text:0040244A
.text:0040244C mov eax, 8
.text:00402451 lea ebx, [ebp-12h]
.text:00402454 sub eax, ecx
.text:00402456 lea edx, [ebp-2]
.text:00402459 mov ecx, eax
.text:0040245B mov eax, 7
.text:0040245B
.text:00402460
.text:00402460 loc_402460:
.text:00402460 mov si, [edx]
.text:00402463 mov [ebx], si
.text:00402466 dec eax
.text:00402467 add ebx, 0FFFFFFFEh
.text:0040246A add edx, 0FFFFFFFEh
.text:0040246D test eax, eax
.text:0040246F jge short loc_402460
.text:0040246F
.text:00402471 mov eax, 7
.text:00402476 sub eax, ecx
.text:00402478 lea edx, [ebp+eax*2+var_10]
.text:0040247C test eax, eax
.text:0040247E jl short loc_402493
.text:0040247E
.text:00402480
.text:00402480 loc_402480:
.text:00402480 mov bx, [edx]
.text:00402483 lea esi, [ecx+eax]
.text:00402486 dec eax
.text:00402487 add edx, 0FFFFFFFEh
.text:0040248A mov word ptr [ebp+esi*2+var_10], bx
.text:0040248F test eax, eax
.text:00402491 jge short loc_402480
.text:00402491
.text:00402493
.text:00402493 loc_402493:
.text:00402493 xor eax, eax
.text:00402495 lea edx, [ebp+var_10]
.text:00402498 cmp ecx, eax
.text:0040249A jle short loc_4024B1
.text:0040249A
.text:0040249C
.text:0040249C loc_40249C:
.text:0040249C lea ebx, [eax+8]
.text:0040249F inc eax
.text:004024A0 sub ebx, ecx
.text:004024A2 mov bx, [ebp+ebx*2+var_20]
.text:004024A7 mov [edx], bx
.text:004024AA add edx, 2
.text:004024AD cmp ecx, eax
.text:004024AF jg short loc_40249C
.text:004024AF
.text:004024B1
.text:004024B1 loc_4024B1:
.text:004024B1 xor eax, eax
.text:004024B3 lea edx, [ebp+var_10]
.text:004024B3
.text:004024B6
.text:004024B6 loc_4024B6:
.text:004024B6 mov cx, [edx]
.text:004024B9 inc eax
.text:004024BA mov [ebp+var_20], cx
.text:004024BE mov cx, [edx+2]
.text:004024C2 mov [edx], cx
.text:004024C5 mov cx, [ebp+var_20]
.text:004024C9 mov [edx+2], cx
.text:004024CD add edx, 4
.text:004024D0 cmp eax, 4
.text:004024D3 jl short loc_4024B6
.text:004024D3
.text:004024D5 mov dx, [ebp+var_2]
.text:004024D9 mov eax, 6
.text:004024DE lea ecx, [ebp-4]
.text:004024DE
.text:004024E1
.text:004024E1 loc_4024E1:
.text:004024E1 add edx, edx
.text:004024E3 dec eax
.text:004024E4 add dx, [ecx]
.text:004024E7 add ecx, 0FFFFFFFEh
.text:004024EA test eax, eax
.text:004024EC jge short loc_4024E1
.text:004024EC
.text:004024EE mov eax, edx
.text:004024F0 pop esi
.text:004024F1 pop ebx
.text:004024F2 mov esp, ebp
.text:004024F4 pop ebp
.text:004024F5 retn
.text:004024F5
.text:004024F5 sub_4023E4 endp

...全文