传奇2的数据传输
7000端口
send 'mri152'
recv 收到的的是1串《5454564564》之类的数字形字符串
以下通用声明断
.data?
szReadBuffer3 db 35 dup (?)
szReadBuffer4 db 72 dup (?)
szReadBuffer6 db 256 dup (?)
szReadBuffer7 db 256 dup (?)
jjj dd ?
wpname2 db 256 dup (?)
wpname db 256 dup (?)
wpr20 db 256 dup (?)
szBuffer2 db 256 dup (?)
myebp4 dd 256 dup (?)
myebp1 db 256 dup (?)
myadd db 256 dup (?)
myadd2 dd ?
sss3 dd ?
.data
r2jf1b db 0,0
r2jf1a db 0,0
r2jf14 dd 0,0
r2jf19 db 0,0
r2jf18 dd 0,0
r2jz8 dw 2710h,0
r2jf8 dd 0,0
r2jf4 dd 0,0
r2jz4 db 4,0
kg2 dd 1,0
kg3 dd 0,0
jjj2 dd ?
jjj5 dd 007df667h,0
jjjjj dd 99990099h,0
wpyh2 dd 0h,0
sss2 db 'Fi[jpHGGdiZlhW\kH>xpGo@kH>x!',0 ;'Fi?>kV_JmGBzGo<kHnxmGo<k!',0
.const
dubis db '0123456789ABCDEF',0
kh1 db '<'
kh2 db '>'
wpyh1 db '#',0
wpyh3 db '<L<J>I@C<<<<<<<<',0
wpyhp db '/',0
wpyhh db '!',0
xuanz db '<D5D78D62DC874A7C0A8B94A3803CD746A4FD83C69A773A17508A1BA2452D>',0
xuanj db '#3<<<<<BL<<<<<<<<<',0
;#<<<<<=D><<<<<<<<I_@jHOXqG_DlJNtnH_PkIo@lH>xrIODuHO@tI\!
wp2s db '%s%s',0
wpyong db '%s%s%s',0
wpyong2 db '%s%x%s%s%s',0
szcy db '密码验证成功',0
wp1x db '%x',0
以下是解密在加密代码
_repne1 proc _hSocket
inc kg2
.if kg2 == 2
mov jjj2,0 ;dui chen luan ma
mov esi,offset szReadBuffer3
mov jjj,esi
mov esi,offset szReadBuffer2
@@:
mov al,[esi]
movzx eax,al
mov edi,offset dubis
mov ecx,17
repne scasb
xor eax,eax
mov al,16
sub eax,ecx
shl eax,04
mov ecx,jjj
mov [ecx],al
inc esi
mov al,[esi]
movzx eax,al
mov edi,offset dubis
mov ecx,17
repne scasb
xor eax,eax
mov al,16
sub eax,ecx
mov ecx,jjj
or [ecx],al
inc jjj
inc esi
inc jjj2
.if jjj2 == 34
jmp @F
.endif
jmp @B
@@:
;__________________________________________________________________________
;以上字符成乱
mov jjj2,0
mov esi,offset szReadBuffer3
xor ebx,ebx
mov edi,jjj5
@@:
.if jjj2 == 34
jmp @F
.endif
mov bl,[esi]
mov edx,ebx
movzx ecx,di
shr ecx,08
xor dl,cl
mov [esi],dl
mov edx,esi
xor eax,eax
mov al,bl
add di,ax
imul ax,di,0ce6dh
add ax,58bfh
mov edi,eax
inc esi
inc jjj2
jmp @B
@@:
mov al,2fh
mov [esi],al
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
mov jjj2,0
mov esi,offset szReadBuffer3
xor ebx,ebx
mov edi,jjj5
@@:
.if jjj2 == 35
jmp @F
.endif
mov bl,[esi]
mov edx,ebx
movzx ecx,di
shr ecx,08
xor dl,cl
mov [esi],dl
movzx eax,dl
add di,ax
imul ax,di,0ce6dh
add ax,58bfh
mov edi,eax
inc esi
inc jjj2
jmp @B
@@:
mov jjj2,0
mov esi,offset szReadBuffer4
mov al,60
mov [esi],al
inc esi
mov jjj,esi
mov esi,offset szReadBuffer3
@@:
mov al,[esi]
movzx eax,al
shr al,04
mov edi,offset dubis
add edi,eax
mov ecx,jjj
mov al,[edi]
mov [ecx],al
mov al,[esi]
movzx eax,al
and al,0fh
mov edi,offset dubis
add edi,eax
inc jjj
mov ecx,jjj
mov al,[edi]
mov [ecx],al
inc jjj
inc esi
inc jjj2
.if jjj2 == 35
jmp @F
.endif
jmp @B
@@:
mov al,62
mov [esi + 71],al
mov al,0
mov [esi + 72],al
invoke send,_hSocket,addr szReadBuffer4,72,0
mov kg2,0
.elseif kg2 == 1
add kg3,4
mov esi,kg3
invoke send,[esi],addr mir152,8,0
.endif
ret
_repne1 endp
szReadBuffer4就是的到的答暗了
send szReadBuffer4
recv
pass
验证成功
[1] [2] [3] 下一页
