会python真的可以为所欲为0(回)
332天前
这里还有人吗1(回)
517天前这里还有人吗0(回)
517天前
每天面对着电脑屏幕,敲打键盘。我所面对的并不只是代码,而是一种生活方式。0(回)
741天前到处都是羊,不想上班0(回)
821天前
鸽子
0(回)
826天前#include <stdio.h> |
#include <string.h> |
|
unsigned char dos_string[128]; |
unsigned char delete_file[128]; |
#define DWORD unsigned long |
#define WORD unsigned int |
#define BYTE unsigned char |
|
#define USGC unsigned char |
#define USGI unsigned |
#define USGL unsigned long |
|
#define MAXDIGHACK 8 |
#define GOOD_CRC32_RESIDUAL 0xdebb20e3L |
|
USGL crctable[256]; // global accessible // |
USGI crc2find; // crc 2 find // |
|
BYTE sig[] = {0x50,0x4b,0x03,0x04}; |
BYTE error_sig[] ={'e','r','r','o','r','s','!'}; |
|
unsigned long crc32(USGL oldcrc, char newchar); |
void generatetable(); |
unsigned char decrypt_byte(); |
void update_password(char *password); |
void update_keys(unsigned long *key,char val); |
|
int maxdighack = MAXDIGHACK; |
|
|
|
//unsigned char preamble[10]; |
//unsigned char postamble[10]; |
|
int ffflag=0; |
int main(int argc, char *argv[]) |
{ |
unsigned char passcode[25]; |
unsigned char buffer[25]; |
unsigned char lookfile[25]; |
unsigned char inbuff[25]; |
unsigned char zipname[25]; |
FILE *zipfile; |
int end,i,j,skip,len; |
|
printf("\nZipcrack V0.1b - (c)1991 by Mycal Johnson - mycal@netacsys.com\n\n"); |
|
if(argc==1) |
{ |
printf("\n Usage: 'zipcrack zipfile crackfile'"); |
printf("\n zipfile = filename.zip "); |
printf("\n crackfile = file in the zipfile to crack\n\n"); |
exit(2); |
} |
|
i=strlen(argv[1]); |
if(i>8) |
{ |
printf("\n Filename must be 8 characters or less, do not incude .zip extention \n\n"); |
exit(2); |
} |
strcpy(zipname,argv[1]); |
strcat(zipname,".zip"); |
i=strlen(argv[2]); |
if(i>12) |
{ |
printf("\n Filename to hack cannot be more than 12 characters including extention\n\n"); |
exit(2); |
} |
strcpy(lookfile,argv[2]); |
|
strupr(lookfile); |
strupr(zipname); |
// |
// make unzip try string |
// |
strcpy(dos_string,"unzip "); |
strcat(dos_string,argv[1]); |
strcat(dos_string," "); |
strcat(dos_string,lookfile); |
strcat(dos_string," -s"); |
|
strcpy(delete_file,"del "); |
strcat(delete_file,lookfile); |
// |
// check to see if target already exists |
// |
if((zipfile = fopen(lookfile,"r+b")) != NULL) |
{ |
close(zipfile); |
printf("\nWarning %s already exists on disk.",lookfile); |
printf("\n Delete this file and try again."); |
exit(1); |
} |
|
|
if ((zipfile = fopen(zipname,"r+b")) == NULL ) |
{ |
printf("fopen failed. Cannot find/open %s.\n",zipname); |
exit(2); |
} |
|
i = 0; |
end=0; |
// |
// Here we search for file to hack on inside the zip file. First we |
// look for the local file sig then we check to see if its our file. |
// |
while(!end) |
{ |
if(fread(buffer, sizeof(char),1,zipfile)) |
{ |
if(buffer[0] == sig[i]) |
i = i + 1; |
else |
i = 0; |
if (i == 4) |
{ // sig is 4 digits |
len=strlen(lookfile); |
skip = 26; |
if(fseek(zipfile, (long)skip, SEEK_CUR)!=0) |
{ |
printf("fseek fail\n"); |
exit(1); |
} |
if(fread(inbuff, sizeof(char),len,zipfile)) |
{ |
if(!memcmp(lookfile,inbuff,len)) |
end=1; |
else |
i=0; |
} |
else |
{ |
printf("read failed\n"); |
exit(1); |
} |
} |
} |
else |
end = 2; // end of file |
} |
// |
// We couldn't find the file to hack if end = 2; |
// |
if(end == 2) { |
printf("File to hack not in found in Zipfile.\n"); |
exit(2); |
} |
// |
// Read encryption header |
// |
if(!fread(buffer, sizeof(char),12,zipfile)) |
{ |
printf("Cannot read from Zipfile. fread fail\n"); |
exit(2); |
} |
|
skip = -(len+16+12); // - len of filename + crc offset + encript headder |
if(fseek(zipfile, (long)skip, SEEK_CUR)!=0) |
{ |
printf("fseek fail\n"); |
exit(1); |
} |
if(fread(inbuff, sizeof(char),4,zipfile)) |
{ |
printf(" crc from file = %x : %x \n",((inbuff[3]<<8)|inbuff[2]), |
((inbuff[1]<<8)|inbuff[0])); |
crc2find = ((inbuff[3]<<8)|inbuff[2]); |
} |
else |
{ |
printf("fread2 fail"); |
exit(2); |
} |
close(zipfile); |
|
buffer[12]=0; |
|
if(crackzip(passcode,buffer)) |
{ // buffer contains encription header // |
// returns hacked key in passcode // |
printf("\nWe hack success!\n\nKey is '%s'\n\n",passcode); |
printf("Thanx to your pal mycal@netacsys.com\n"); |
exit(0); |
} |
else |
{ |
printf("\nBummer, I couldn't hack it.\n"); |
exit(1); |
} |
return 0; |
} |
|
|
int crackzip(char *passcode, char *buffer) |
{ |
unsigned long key[3]; |
unsigned char hackbuff[19]; |
unsigned char password[50]; |
unsigned char dos_try[128]; |
unsigned int i,end, result,slen; |
|
generatetable(); // generate 32-bit crc table // |
// |
// Set password to 'a' and the rest nil, set up end flag |
// |
end = 0; |
for(i=0;i<50;i++) // init password to nil // |
password[i]=0; |
strcpy(password,"a"); |
// |
// this is where the main hack loop is, we loop here tell we crack the |
// password or forever, whichever is first. |
// |
while(!end){ |
memcpy(hackbuff,buffer,15); // reset buffer to origin |
key[0] = 305419896L; // reset key to start |
key[1] = 591751049L; |
key[2] = 878082192L; |
// |
// initilize key with password |
// |
slen = strlen(password); |
for(i=0; i<slen;i++) |
update_keys(key,password[i]); |
// |
// try the decript |
// |
if(!decript_head(hackbuff,key)) |
{ |
// |
// no CRC match, get next password to try, try again |
// |
update_password(password); |
if(strlen(password)>maxdighack) |
{ |
return(0); |
end=2; |
} |
} |
else |
{ |
// |
// We have a CRC match, so lets try to unzip the file |
// |
printf(" -- possible password is %s. Trying it now... \n",password); |
strcpy(dos_try,dos_string); |
strcat(dos_try,password); |
strcat(dos_try," > zipcrack.err"); |
result=system(dos_try); |
if(!chk_4_errors()) |
{ |
// we hack success! |
strcpy(passcode,password); |
return(1); |
} |
printf("...failed\n"); |
system(delete_file); |
update_password(password); |
if(strlen(password)>maxdighack){ |
return(0); |
end=2; |
} |
} |
}// end while // |
} |
|
|
|
////////////////////////////////////////////////////////////////////////// |
// |
// chk_4_errors() - search the zipcrack.err file for the error_sig - |
// "error!". If found return 1 else return 0 |
// |
///////////////////////////////////////////////////////////////////////// |
int chk_4_errors() |
{ |
FILE *errfile; |
int end; |
int i; |
char buffer[10]; |
|
if ((errfile = fopen("zipcrack.err","r+b")) == NULL ) |
{ |
printf("\nCannot find zipcrack.err file."); |
printf("\nCannot continue.\n"); |
exit(1); |
} |
|
i=0; |
end=0; |
while(!end) |
{ |
if(fread(buffer, sizeof(char),1,errfile)) |
{ |
if(buffer[0] == error_sig[i]) |
i = i + 1; |
else |
i = 0; |
if (i == 7) |
{ // sig is 4 digits |
close(errfile); |
return(1); |
} |
} |
else |
end=1; |
} |
close(errfile); |
return(0); |
} |
|
////////////////////////////////////////////////////////////////////////// |
// update_password(password) - we get the next password to try here. |
// This is the routine you would modify to make a dictionary or |
// other than sequential hack. Also you can modify the range |
// of char's to try here. |
/////////////////////////////////////////////////////////////////////// |
void update_password(char *password) |
{ |
int g,i,len,err; |
char newlen[12]; |
|
err=0; |
|
len = strlen(password); |
i = len-1; |
g = 0; |
|
while(!err){ |
password[i] = password[i] + 1; // inc to next char in series |
if(password[i] > 'z') { |
password[i] = 'a'; |
i = i - 1; |
g = g + 1; |
if(g==2) |
printf("password = %s \015",password); |
}else |
err = 1; |
|
if(i<0) { // we need to increase the length by one |
// strcpy(newlen,preamble); // I was thinking about a pre and |
// postamble in case you knew the |
// first or las couple of letters |
// of the password |
strcpy(newlen,"a"); // new start of string // |
strcat(newlen,password); |
strcpy(password,newlen); |
err = 1; |
} |
} |
} |
|
//////////////////////////////////////////////////////////////////////////// |
// decript_head(buffer,key) - this is where the actual work takes place, |
// We decript the buffer with the key generated with our password and |
// check if we have a CRC match, if we do return with a 1. |
//////////////////////////////////////////////////////////////////////////// |
int decript_head(unsigned char *buffer,unsigned long *key) |
{ |
int i; |
unsigned int crc1; |
char c; |
|
for(i = 0; i<12 ; i++) |
{ |
c = buffer[i] ^ decrypt_byte(key); /* buffer xor decrypt_byte */ |
update_keys(key,c); |
buffer[i] = c; |
} |
crc1 = ((buffer[11]<<8)|(buffer[10])); |
|
/* crc1 = ~crc1; */ |
if(crc1 == crc2find) |
{ |
printf("Yippi Ki-aye M*&!#R F*^@#R "); |
return(1); |
} |
return(0); |
} |
|
|
void update_keys(unsigned long *key,char val) |
{ |
key[0] = crc32(key[0],val); |
key[1] = key[1] + (key[0] & 0x000000ff); |
key[1] = key[1] * 134775813 + 1; |
key[2] = crc32(key[2],(key[1] >> 24)); |
} |
|
|
unsigned char decrypt_byte(unsigned long *key) |
{ |
unsigned short temp; |
|
temp = key[2] | 2; |
return((temp*(temp^1))>>8); |
} |
|
|
// |
// cRc routine |
// |
unsigned long crc32(USGL oldcrc, char newchar) |
{ |
int i,index; |
USGL Crc; |
|
Crc = oldcrc; |
|
index = ((Crc ^ newchar) & 0x000000ffL); |
Crc = ((Crc >> 8) & 0x00ffffffL) ^ crctable[index]; |
|
return Crc; /* return a 1's complement */ |
} |
|
|
|
|
|
|
void generatetable() /* generate the crc look-up table */ |
{ |
union |
{ USGI i; |
struct |
{ |
USGI i1 :1; /* MSC low order bit */ |
USGI i2 :1; |
USGI i3 :1; |
USGI i4 :1; |
USGI i5 :1; |
USGI i6 :1; |
USGI i7 :1; |
USGI i8 :1; /* MSC high order bit */ |
USGI :8; /* unused bits */ |
}bit; |
}iUn; |
|
union |
{ USGL entry; |
struct |
{ |
USGI b1 :1; /* MSC low order bit */ |
USGI b2 :1; |
USGI b3 :1; |
USGI b4 :1; |
USGI b5 :1; |
USGI b6 :1; |
USGI b7 :1; |
USGI b8 :1; |
USGI b9 :1; |
USGI b10:1; |
USGI b11:1; |
USGI b12:1; |
USGI b13:1; |
USGI b14:1; |
USGI b15:1; |
USGI b16:1; |
USGI b17:1; |
USGI b18:1; |
USGI b19:1; |
USGI b20:1; |
USGI b21:1; |
USGI b22:1; |
USGI b23:1; |
USGI b24:1; |
USGI b25:1; |
USGI b26:1; |
USGI b27:1; |
USGI b28:1; |
USGI b29:1; |
USGI b30:1; |
USGI b31:1; |
USGI b32:1; /* MSC high order bit */ |
} entrybit; |
}entryun; |
|
for (iUn.i = 0; iUn.i < 256; iUn.i++) |
{ |
entryun.entry = 0; /* zero out the value */ |
|
entryun.entrybit.b32 = (iUn.bit.i2 ^ iUn.bit.i8); |
entryun.entrybit.b31 = (iUn.bit.i1 ^ iUn.bit.i2 ^ |
iUn.bit.i7 ^ iUn.bit.i8); |
entryun.entrybit.b30 = (iUn.bit.i1 ^ iUn.bit.i2 ^ |
iUn.bit.i6 ^ iUn.bit.i7 ^ |
iUn.bit.i8); |
entryun.entrybit.b29 = (iUn.bit.i1 ^ iUn.bit.i5 ^ |
iUn.bit.i6 ^ iUn.bit.i7); |
|
entryun.entrybit.b28 = (iUn.bit.i2 ^ iUn.bit.i4 ^ |
iUn.bit.i5 ^ iUn.bit.i6 ^ |
iUn.bit.i8); |
entryun.entrybit.b27 = (iUn.bit.i1 ^ iUn.bit.i2 ^ |
iUn.bit.i3 ^ iUn.bit.i4 ^ |
iUn.bit.i5 ^ iUn.bit.i7 ^ |
iUn.bit.i8); |
entryun.entrybit.b26 = (iUn.bit.i1 ^ iUn.bit.i2 ^ |
iUn.bit.i3 ^ iUn.bit.i4 ^ |
iUn.bit.i6 ^ iUn.bit.i7 ); |
entryun.entrybit.b25 = (iUn.bit.i1 ^ iUn.bit.i3 ^ |
iUn.bit.i5 ^ iUn.bit.i6 ^ |
iUn.bit.i8); |
|
entryun.entrybit.b24 = (iUn.bit.i4 ^ iUn.bit.i5 ^ |
iUn.bit.i7 ^ iUn.bit.i8); |
entryun.entrybit.b23 = (iUn.bit.i3 ^ iUn.bit.i4 ^ |
iUn.bit.i6 ^ iUn.bit.i7); |
entryun.entrybit.b22 = (iUn.bit.i3 ^ iUn.bit.i5 ^ |
iUn.bit.i6 ^ iUn.bit.i8); |
entryun.entrybit.b21 = (iUn.bit.i4 ^ iUn.bit.i5 ^ |
iUn.bit.i7 ^ iUn.bit.i8); |
|
entryun.entrybit.b20 = (iUn.bit.i2 ^ iUn.bit.i3 ^ |
iUn.bit.i4 ^ iUn.bit.i6 ^ |
iUn.bit.i7 ^ iUn.bit.i8 ); |
entryun.entrybit.b19 = (iUn.bit.i1 ^ iUn.bit.i2 ^ |
iUn.bit.i3 ^ iUn.bit.i5 ^ |
iUn.bit.i6 ^ iUn.bit.i7 ); |
entryun.entrybit.b18 = (iUn.bit.i1 ^ iUn.bit.i2 ^ |
iUn.bit.i4 ^ iUn.bit.i5 ^ |
iUn.bit.i6 ); |
entryun.entrybit.b17 = (iUn.bit.i1 ^ iUn.bit.i3 ^ |
iUn.bit.i4 ^ iUn.bit.i5 ); |
|
entryun.entrybit.b16 = (iUn.bit.i3 ^ iUn.bit.i4 ^ |
iUn.bit.i8); |
entryun.entrybit.b15 = (iUn.bit.i2 ^ iUn.bit.i3 ^ |
iUn.bit.i7); |
entryun.entrybit.b14 = (iUn.bit.i1 ^ iUn.bit.i2 ^ |
iUn.bit.i6); |
entryun.entrybit.b13 = (iUn.bit.i1 ^ iUn.bit.i5); |
|
entryun.entrybit.b12 = (iUn.bit.i4); |
entryun.entrybit.b11 = (iUn.bit.i3); |
entryun.entrybit.b10 = (iUn.bit.i8); |
entryun.entrybit.b9 = (iUn.bit.i2 ^ iUn.bit.i7 ^ |
iUn.bit.i8); |
|
entryun.entrybit.b8 = (iUn.bit.i1 ^ iUn.bit.i6 ^ |
iUn.bit.i7); |
entryun.entrybit.b7 = (iUn.bit.i5 ^ iUn.bit.i6 ); |
entryun.entrybit.b6 = (iUn.bit.i2 ^ iUn.bit.i4 ^ |
iUn.bit.i5 ^ iUn.bit.i8); |
entryun.entrybit.b5 = (iUn.bit.i1 ^ iUn.bit.i3 ^ |
iUn.bit.i4 ^ iUn.bit.i7 ); |
|
entryun.entrybit.b4 = (iUn.bit.i2 ^ iUn.bit.i3 ^ |
iUn.bit.i6); |
entryun.entrybit.b3 = (iUn.bit.i1 ^ iUn.bit.i2 ^ |
iUn.bit.i5); |
entryun.entrybit.b2 = (iUn.bit.i1 ^ iUn.bit.i4); |
entryun.entrybit.b1 = (iUn.bit.i3); |
|
crctable[iUn.i] = entryun.entry; |
} |
} |
by: 发表于:2017-06-20 16:11:57 顶(0) | 踩(0) 回复
??
回复评论