识别 advapi32.dll 中使用的加密算法
Identifying the ENCRYPTION ALGORITHM used in advapi32.dll
如何查找以下vb代码中使用了哪种加密方式
据我了解它正在使用
- MD5 散列给定的密钥
- 得到MD5的结果
- 然后使用结果值作为 RC4 算法的密钥
问题是当单独使用上述过程时,我没有得到相同的输出。
vb 代码给出以下输出。
aa = !!S
a = !!
b = +
c = -
abc = !!P®
hello = W¡!!‘
A = 3
B = 0
C = 1
ABC = 3pŽ
注意:上面b的值是一个类似“+”的符号,竖线较长
vb代码如下
Private Const MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0"
Private Const PROV_RSA_FULL = 1
Private Const ALG_CLASS_DATA_ENCRYPT = 24576
Private Const ALG_CLASS_HASH = 32768
Private Const ALG_TYPE_ANY = 0
Private Const ALG_TYPE_BLOCK = 1536
Private Const ALG_TYPE_STREAM = 2048
Private Const ALG_SID_RC2 = 2
Private Const ALG_SID_RC4 = 1
Private Const ALG_SID_MD5 = 3
Private Const CALG_MD5 = ((ALG_CLASS_HASH Or ALG_TYPE_ANY) Or ALG_SID_MD5)
Private Const CALG_RC2 = ((ALG_CLASS_DATA_ENCRYPT Or ALG_TYPE_BLOCK) Or ALG_SID_RC2)
Private Const CALG_RC4 = ((ALG_CLASS_DATA_ENCRYPT Or ALG_TYPE_STREAM) Or ALG_SID_RC4)
Private Const ENCRYPT_ALGORITHM = CALG_RC4
Private Const ENCRYPT_BLOCK_SIZE = 1
Private Const CRYPT_EXPORTABLE = 1
Dim lHHash As Long
Dim lHkey As Long
Dim lResult As Long
Dim lHExchgKey As Long
Dim lHCryptprov As Long
Dim sContainer As String
Dim lCryptLength As Long
Dim lCryptBufLen As Long
Dim sCryptBuffer As String
On Error GoTo EncryptError
Dim sOutputBuffer As String
Dim sProvider
sOutputBuffer = ""
'Get handle to the default CSP
sProvider = MS_DEF_PROV & vbNullChar
If Len(PlainText) = 0 Then
DoCryptoEncrypt = ""
Exit Function
End If
If Not CBool(CryptAcquireContext(lHCryptprov, ByVal _
sContainer, ByVal sProvider, PROV_RSA_FULL, 0)) Then
' If there is no default key container then create one
' using Flags field
If GetLastError = 0 Then
If Not CBool(CryptAcquireContext(lHCryptprov, 0&, ByVal sProvider, PROV_RSA_FULL, CRYPT_NEWKEYSET)) Then
sOutputBuffer = PlainText
GoTo Finished
End If
End If
End If
'Create a hash object
If Not CBool(CryptCreateHash(lHCryptprov, CALG_MD5, 0, _
0, lHHash)) Then
GoTo Finished
End If
'Hash in the password text
If Not CBool(CryptHashData(lHHash, sPassword, _
Len(sPassword), 0)) Then
GoTo Finished
End If
'Create a session key from the hash object.
If Not CBool(CryptDeriveKey(lHCryptprov, _
ENCRYPT_ALGORITHM, lHHash, 0, lHkey)) Then
GoTo Finished
End If
'Destroy the hash object.
CryptDestroyHash (lHHash)
lHHash = 0
'Create a buffer for the CryptEncrypt function
lCryptLength = Len(PlainText)
lCryptBufLen = lCryptLength * 2
sCryptBuffer = String(lCryptBufLen, vbNullChar)
LSet sCryptBuffer = PlainText
'Encrypt the text data
If Not CBool(CryptEncrypt(lHkey, 0, 1, 0, sCryptBuffer, _
lCryptLength, lCryptBufLen)) Then
End If
相关代码为:
If Not CBool(CryptDeriveKey(lHCryptprov, _
ENCRYPT_ALGORITHM, lHHash, 0, lHkey)) Then
GoTo Finished
End If
而ENCRYPT_ALGORITHM
定义为CALG_RC4
。此常量记录在此处:https://docs.microsoft.com/de-de/windows/desktop/SecCrypto/alg-id
所以是:RC4 流加密。
您的 vb 代码的工作方式如下。
- 它使用 MD5 对给定值进行哈希处理。
- 然后它使用 MD5 哈希值创建一个与 RC4 算法兼容的会话密钥
- 使用 RC4 作为算法和会话密钥作为密钥创建加密值
如何查找以下vb代码中使用了哪种加密方式
据我了解它正在使用
- MD5 散列给定的密钥
- 得到MD5的结果
- 然后使用结果值作为 RC4 算法的密钥
问题是当单独使用上述过程时,我没有得到相同的输出。
vb 代码给出以下输出。
aa = !!S
a = !!
b = +
c = -
abc = !!P®
hello = W¡!!‘
A = 3
B = 0
C = 1
ABC = 3pŽ
注意:上面b的值是一个类似“+”的符号,竖线较长
vb代码如下
Private Const MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0"
Private Const PROV_RSA_FULL = 1
Private Const ALG_CLASS_DATA_ENCRYPT = 24576
Private Const ALG_CLASS_HASH = 32768
Private Const ALG_TYPE_ANY = 0
Private Const ALG_TYPE_BLOCK = 1536
Private Const ALG_TYPE_STREAM = 2048
Private Const ALG_SID_RC2 = 2
Private Const ALG_SID_RC4 = 1
Private Const ALG_SID_MD5 = 3
Private Const CALG_MD5 = ((ALG_CLASS_HASH Or ALG_TYPE_ANY) Or ALG_SID_MD5)
Private Const CALG_RC2 = ((ALG_CLASS_DATA_ENCRYPT Or ALG_TYPE_BLOCK) Or ALG_SID_RC2)
Private Const CALG_RC4 = ((ALG_CLASS_DATA_ENCRYPT Or ALG_TYPE_STREAM) Or ALG_SID_RC4)
Private Const ENCRYPT_ALGORITHM = CALG_RC4
Private Const ENCRYPT_BLOCK_SIZE = 1
Private Const CRYPT_EXPORTABLE = 1
Dim lHHash As Long
Dim lHkey As Long
Dim lResult As Long
Dim lHExchgKey As Long
Dim lHCryptprov As Long
Dim sContainer As String
Dim lCryptLength As Long
Dim lCryptBufLen As Long
Dim sCryptBuffer As String
On Error GoTo EncryptError
Dim sOutputBuffer As String
Dim sProvider
sOutputBuffer = ""
'Get handle to the default CSP
sProvider = MS_DEF_PROV & vbNullChar
If Len(PlainText) = 0 Then
DoCryptoEncrypt = ""
Exit Function
End If
If Not CBool(CryptAcquireContext(lHCryptprov, ByVal _
sContainer, ByVal sProvider, PROV_RSA_FULL, 0)) Then
' If there is no default key container then create one
' using Flags field
If GetLastError = 0 Then
If Not CBool(CryptAcquireContext(lHCryptprov, 0&, ByVal sProvider, PROV_RSA_FULL, CRYPT_NEWKEYSET)) Then
sOutputBuffer = PlainText
GoTo Finished
End If
End If
End If
'Create a hash object
If Not CBool(CryptCreateHash(lHCryptprov, CALG_MD5, 0, _
0, lHHash)) Then
GoTo Finished
End If
'Hash in the password text
If Not CBool(CryptHashData(lHHash, sPassword, _
Len(sPassword), 0)) Then
GoTo Finished
End If
'Create a session key from the hash object.
If Not CBool(CryptDeriveKey(lHCryptprov, _
ENCRYPT_ALGORITHM, lHHash, 0, lHkey)) Then
GoTo Finished
End If
'Destroy the hash object.
CryptDestroyHash (lHHash)
lHHash = 0
'Create a buffer for the CryptEncrypt function
lCryptLength = Len(PlainText)
lCryptBufLen = lCryptLength * 2
sCryptBuffer = String(lCryptBufLen, vbNullChar)
LSet sCryptBuffer = PlainText
'Encrypt the text data
If Not CBool(CryptEncrypt(lHkey, 0, 1, 0, sCryptBuffer, _
lCryptLength, lCryptBufLen)) Then
End If
相关代码为:
If Not CBool(CryptDeriveKey(lHCryptprov, _
ENCRYPT_ALGORITHM, lHHash, 0, lHkey)) Then
GoTo Finished
End If
而ENCRYPT_ALGORITHM
定义为CALG_RC4
。此常量记录在此处:https://docs.microsoft.com/de-de/windows/desktop/SecCrypto/alg-id
所以是:RC4 流加密。
您的 vb 代码的工作方式如下。
- 它使用 MD5 对给定值进行哈希处理。
- 然后它使用 MD5 哈希值创建一个与 RC4 算法兼容的会话密钥
- 使用 RC4 作为算法和会话密钥作为密钥创建加密值