diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..62f354a --- /dev/null +++ b/.gitignore @@ -0,0 +1,122 @@ +# File created using '.gitignore Generator' for Visual Studio Code: https://bit.ly/vscode-gig + +# Created by https://www.gitignore.io/api/windows,visualstudiocode,c,c++ +# Edit at https://www.gitignore.io/?templates=windows,visualstudiocode,c,c++ + +### C ### +# Prerequisites +*.d + +# Object files +*.o +*.ko +*.obj +*.elf + +# Linker output +*.ilk +*.map +*.exp + +# Precompiled Headers +*.gch +*.pch + +# Libraries +*.lib +*.a +*.la +*.lo + +# Shared objects (inc. Windows DLLs) +*.dll +*.so +*.so.* +*.dylib + +# Executables +*.exe +*.out +*.app +*.i*86 +*.x86_64 +*.hex + +# Debug files +*.dSYM/ +*.su +*.idb +*.pdb + +# Kernel Module Compile Results +*.mod* +*.cmd +.tmp_versions/ +modules.order +Module.symvers +Mkfile.old +dkms.conf + +### C++ ### +# Prerequisites + +# Compiled Object files +*.slo + +# Precompiled Headers + +# Compiled Dynamic libraries + +# Fortran module files +*.mod +*.smod + +# Compiled Static libraries +*.lai + +# Executables + +### VisualStudioCode ### +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json + +### VisualStudioCode Patch ### +# Ignore all local history of files +.history + +### Windows ### +# Windows thumbnail cache files +Thumbs.db +Thumbs.db:encryptable +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + +# End of https://www.gitignore.io/api/windows,visualstudiocode,c,c++ + +# Custom rules (everything added below won't be overriden by 'Generate .gitignore File' if you use 'Update' option) +.vs/* +*.log +*.tlog +*.enc diff --git a/Makefile b/Makefile deleted file mode 100644 index 7531f3d..0000000 --- a/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -CFLAGS= -Wall -O4 -std=c99 -OBJS= aeskeyfind.o aes.o util.o - -all: aeskeyfind - -aeskeyfind: $(OBJS) - $(CC) -o aeskeyfind $(OBJS) - -clean: - @rm -f aeskeyfind *~ \#* $(OBJS) - diff --git a/aes.o b/aes.o deleted file mode 100644 index cbc558d..0000000 Binary files a/aes.o and /dev/null differ diff --git a/aeskeyfind.c b/aeskeyfind.c index 71e88e7..66b6213 100644 --- a/aeskeyfind.c +++ b/aeskeyfind.c @@ -7,15 +7,19 @@ #include #include #include -#include +#include #include -#include #include #include +#include +//linux依存 +//#include :mmap用 +//#include : +//#include :コマンドライン操作 extern char *optarg; extern int optind, opterr, optopt; -#include + #ifdef __FreeBSD__ #include @@ -25,6 +29,7 @@ extern int optind, opterr, optopt; #include "util.h" #include "aes.h" +#include "getopt.h" #define DEFAULT_THRESHOLD 10 static long int gThreshold = DEFAULT_THRESHOLD; @@ -151,34 +156,34 @@ static unsigned char AES_xtime(uint32_t x) // converts a key schedule that's had InvMixColumn pre-applied as // an optimisation for decryption back to a normal key schedule // added code------------------------------------------------------ -static void unconvert_key(uint32_t *k, int rounds) -{ - int i; - uint32_t w, tmp1, old_a0, a0, a1, a2, a3; - - k += 4; - - for (i= rounds*4; i > 4; i--) - { - w= *k; - - // note: a quirk of aeskeyfind is that the bytes are in - // reverse order within the word compared to normal AES - a3 = (uint32_t)((w>>24)&0xFF); - a2 = (uint32_t)((w>>16)&0xFF); - a1 = (uint32_t)((w>>8)&0xFF); - a0 = (uint32_t)(w&0xFF); - - tmp1 = a0 ^ a1 ^ a2 ^ a3; - old_a0 = a0; - a0 ^= tmp1 ^ AES_xtime(a0 ^ a1); - a1 ^= tmp1 ^ AES_xtime(a1 ^ a2); - a2 ^= tmp1 ^ AES_xtime(a2 ^ a3); - a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0); - - *k++ = ((a3 << 24) | (a2 << 16) | (a1 << 8) | a0); - } -} +//static void unconvert_key(uint32_t *k, int rounds) +//{ +// int i; +// uint32_t w, tmp1, old_a0, a0, a1, a2, a3; +// +// k += 4; +// +// for (i= rounds*4; i > 4; i--) +// { +// w= *k; +// +// // note: a quirk of aeskeyfind is that the bytes are in +// // reverse order within the word compared to normal AES +// a3 = (uint32_t)((w>>24)&0xFF); +// a2 = (uint32_t)((w>>16)&0xFF); +// a1 = (uint32_t)((w>>8)&0xFF); +// a0 = (uint32_t)(w&0xFF); +// +// tmp1 = a0 ^ a1 ^ a2 ^ a3; +// old_a0 = a0; +// a0 ^= tmp1 ^ AES_xtime(a0 ^ a1); +// a1 ^= tmp1 ^ AES_xtime(a1 ^ a2); +// a2 ^= tmp1 ^ AES_xtime(a2 ^ a3); +// a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0); +// +// *k++ = ((a3 << 24) | (a2 << 16) | (a1 << 8) | a0); +// } +//} // added code------------------------------------------------------ // The core key finding loop @@ -225,23 +230,23 @@ static void find_keys(const uint8_t* bmap, size_t last) if (xor_count_256 <= gThreshold) print_key(map,256,i); + //速度が低下するので除外 // added code----------------------------------------------- - for(int tweaks = 0; tweaks < MAX_TWEAKS; tweaks++) { - // Try various tweaks to how key schedule is storted - uint32_t newmap[4*11]; - map = (uint32_t*)&(bmap[i]); - if(tweaks & TWEAK_REVERSE_ORDER) - for (size_t row = 0; row < 11; row++) - memcpy(newmap+4*row, map+4*(10-row), 4*sizeof(uint32_t)); - else - memcpy(newmap, map, 4*11*sizeof(uint32_t)); - map = newmap; - if(tweaks & TWEAK_INVMIXCOLUMN) - unconvert_key(map, 10); + //for(int tweaks = 0; tweaks < MAX_TWEAKS; tweaks++) { + // // Try various tweaks to how key schedule is storted + // uint32_t newmap[4*11]; + // map = (uint32_t*)&(bmap[i]); + // if(tweaks & TWEAK_REVERSE_ORDER) + // for (size_t row = 0; row < 11; row++) + // memcpy(newmap+4*row, map+4*(10-row), 4*sizeof(uint32_t)); + // else + // memcpy(newmap, map, 4*11*sizeof(uint32_t)); + // map = newmap; + // if(tweaks & TWEAK_INVMIXCOLUMN) + // unconvert_key(map, 10); // added code----------------------------------------------- // Check distance from 128-bit AES key - int xor_count_128 = 0; // rowがラウンド数と対応 // map[n]の型はuin32_t=4byte=32bit // columnがkey長に対応,4回確かめて128bit分の鍵であるか検証 @@ -253,6 +258,7 @@ static void find_keys(const uint8_t* bmap, size_t last) // (row番目ラウンド,column-1番目ワード)xor(row-1番目ラウンド,column番目ワード)xor(row番目ラウンド,column番目ワード) // Ex: W4(1,0) xor W1(0,1) xor W5(1,1) // この式はラウンドキーがAESの定義通り実装されている場合0となる + int xor_count_128 = 0; for (size_t row = 1; row < 11; row++) { for (size_t column = 0; column < 4; column++) { if (column == 0) @@ -269,7 +275,7 @@ static void find_keys(const uint8_t* bmap, size_t last) } if (xor_count_128 < gThreshold) print_key(map,128,i); - } + //} if (gProgress) { size_t pct = (increment > 0) ? i / increment : i * 100 / last; @@ -287,24 +293,51 @@ static void find_keys(const uint8_t* bmap, size_t last) } // ファイルオープン,ファイルのポインター,大きさを返す +//linux依存コード // Memory maps filename and return a pointer on success, setting len // to the length of the file (does not return on error) -unsigned char *map_file(char *filename, size_t *len) { - int fd = open(filename, O_RDONLY); - if (fd < 0) - err(1, "image open failed"); - - struct stat st; - if (fstat(fd, &st) != 0) - err(1, "image fstat failed"); - - unsigned char *map; - map = (unsigned char*)mmap(0, st.st_size, PROT_READ, MAP_SHARED, fd, 0); - if (map == MAP_FAILED) - err(1, "image mmap failed"); - - *len = st.st_size; - return map; +//unsigned char *map_file(char *filename, size_t *len) { +// int fd = open(filename, O_RDONLY); +// if (fd < 0) +// err(1, "image open failed"); +// +// struct stat st; +// if (fstat(fd, &st) != 0) +// err(1, "image fstat failed"); +// +// unsigned char *map; +// map = (unsigned char*)mmap(0, st.st_size, PROT_READ, MAP_SHARED, fd, 0); +// if (map == MAP_FAILED) +// err(1, "image mmap failed"); +// +// *len = st.st_size; +// return map; +//} + +unsigned char* map_file(const char* filename, LONGLONG* len) { + HANDLE hFile = CreateFile(filename, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); + if (hFile == INVALID_HANDLE_VALUE) + err(1, "image open failed"); + if (!GetFileSizeEx(hFile, len)) { + CloseHandle(hFile); + err(1, "get file_size failed"); + } + HANDLE hMap = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,"m_Image"); + if (hMap == NULL) { + CloseHandle(hFile); + hFile = INVALID_HANDLE_VALUE; + err(1, "image mapping failed"); + } + void* m_pPointer = (char*)MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0); + if (m_pPointer == NULL) { + CloseHandle(hMap); + CloseHandle(hFile); + hMap = 0; + hFile = INVALID_HANDLE_VALUE; + err(1, "image mvof failed"); + } + return m_pPointer; + } int main(int argc, char * argv[]) @@ -345,14 +378,18 @@ int main(int argc, char * argv[]) usage(); exit(1); } - - size_t len; + + LONGLONG len; unsigned char *image = map_file(argv[0], &len); - if (len < 240) { - fprintf(stderr, "memory image too small\n"); - exit(1); - } - + //char *filename = "D:\\my_program\\medusa_unlocker\\medusa.dump"; + //unsigned char* image = map_file(filename, &len); + printf("filesize:%lld",len); + puts(""); + if (len < 240) { + fprintf(stderr, "memory image too small\n"); + exit(1); + } + find_keys(image, len - 240); return 0; diff --git a/aeskeyfind.o b/aeskeyfind.o deleted file mode 100644 index dfff475..0000000 Binary files a/aeskeyfind.o and /dev/null differ diff --git a/aeskeyfind_windows.sln b/aeskeyfind_windows.sln new file mode 100644 index 0000000..9d49ee6 --- /dev/null +++ b/aeskeyfind_windows.sln @@ -0,0 +1,37 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.29509.3 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aeskeyfind_windows", "aeskeyfind_windows.vcxproj", "{F14DD89C-DFCF-4068-A22B-3298A850AD42}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + dump_test|x64 = dump_test|x64 + dump_test|x86 = dump_test|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.Debug|x64.ActiveCfg = Debug|x64 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.Debug|x64.Build.0 = Debug|x64 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.Debug|x86.ActiveCfg = Debug|Win32 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.Debug|x86.Build.0 = Debug|Win32 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.dump_test|x64.ActiveCfg = dump_test|x64 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.dump_test|x64.Build.0 = dump_test|x64 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.dump_test|x86.ActiveCfg = dump_test|Win32 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.dump_test|x86.Build.0 = dump_test|Win32 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.Release|x64.ActiveCfg = Release|x64 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.Release|x64.Build.0 = Release|x64 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.Release|x86.ActiveCfg = Release|Win32 + {F14DD89C-DFCF-4068-A22B-3298A850AD42}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {1B587126-1FE8-4706-A6F9-9D4F509DF5A6} + EndGlobalSection +EndGlobal diff --git a/aeskeyfind_windows.vcxproj b/aeskeyfind_windows.vcxproj new file mode 100644 index 0000000..9fe93df --- /dev/null +++ b/aeskeyfind_windows.vcxproj @@ -0,0 +1,229 @@ + + + + + Debug + Win32 + + + dump_test + Win32 + + + dump_test + x64 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 16.0 + {F14DD89C-DFCF-4068-A22B-3298A850AD42} + Win32Proj + aeskeyfindwindows + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + Unicode + + + Application + true + v142 + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + Unicode + + + + + + + + + + + + + + + + + + + + + + + + + + + true + + + true + + + true + + + true + + + false + + + false + + + + + + Level3 + Disabled + true + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + + + + + + + Level3 + Disabled + true + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + + + + + + + Level3 + Disabled + true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + + + + + + + Level3 + Disabled + true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + + + + + + + Level3 + MaxSpeed + true + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + true + true + + + + + + + Level3 + MaxSpeed + true + true + true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + true + true + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/aeskeyfind_windows.vcxproj.filters b/aeskeyfind_windows.vcxproj.filters new file mode 100644 index 0000000..ef4f946 --- /dev/null +++ b/aeskeyfind_windows.vcxproj.filters @@ -0,0 +1,42 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + ソース ファイル + + + ソース ファイル + + + ソース ファイル + + + ソース ファイル + + + + + ヘッダー ファイル + + + ヘッダー ファイル + + + ヘッダー ファイル + + + \ No newline at end of file diff --git a/aeskeyfind_windows.vcxproj.user b/aeskeyfind_windows.vcxproj.user new file mode 100644 index 0000000..d289900 --- /dev/null +++ b/aeskeyfind_windows.vcxproj.user @@ -0,0 +1,11 @@ + + + + C:\Users\ryo\Desktop\memory.dmp -v + WindowsLocalDebugger + + + C:\Users\ryo\Desktop\memory.dmp -v + WindowsLocalDebugger + + \ No newline at end of file diff --git a/getopt.c b/getopt.c new file mode 100644 index 0000000..1b1140c --- /dev/null +++ b/getopt.c @@ -0,0 +1,224 @@ +/* + * getopt - POSIX like getopt for Windows console Application + * + * win-c - Windows Console Library + * Copyright (c) 2015 Koji Takami + * Released under the MIT license + * https://github.com/takamin/win-c/blob/master/LICENSE + */ +#include +#include +#include "getopt.h" + +char* optarg = 0; +int optind = 1; +int opterr = 1; +int optopt = 0; + +int postpone_count = 0; +int nextchar = 0; + +static void postpone(int argc, char* const argv[], int index) { + char** nc_argv = (char**)argv; + char* p = nc_argv[index]; + int j = index; + for(; j < argc - 1; j++) { + nc_argv[j] = nc_argv[j + 1]; + } + nc_argv[argc - 1] = p; +} +static int postpone_noopt(int argc, char* const argv[], int index) { + int i = index; + for(; i < argc; i++) { + if(*(argv[i]) == '-') { + postpone(argc, argv, index); + return 1; + } + } + return 0; +} +static int _getopt_(int argc, char* const argv[], + const char* optstring, + const struct option* longopts, int* longindex) +{ + while(1) { + int c; + const char* optptr = 0; + if(optind >= argc - postpone_count) { + c = 0; + optarg = 0; + break; + } + c = *(argv[optind] + nextchar); + if(c == '\0') { + nextchar = 0; + ++optind; + continue; + } + if(nextchar == 0) { + if(optstring[0] != '+' && optstring[0] != '-') { + while(c != '-') { + /* postpone non-opt parameter */ + if(!postpone_noopt(argc, argv, optind)) { + break; /* all args are non-opt param */ + } + ++postpone_count; + c = *argv[optind]; + } + } + if(c != '-') { + if(optstring[0] == '-') { + optarg = argv[optind]; + nextchar = 0; + ++optind; + return 1; + } + break; + } else { + if(strcmp(argv[optind], "--") == 0) { + optind++; + break; + } + ++nextchar; + if(longopts != 0 && *(argv[optind] + 1) == '-') { + char const* spec_long = argv[optind] + 2; + char const* pos_eq = strchr(spec_long, '='); + int spec_len = (pos_eq == NULL ? strlen(spec_long) : pos_eq - spec_long); + int index_search = 0; + int index_found = -1; + const struct option* optdef = 0; + while(longopts->name != 0) { + if(strncmp(spec_long, longopts->name, spec_len) == 0) { + if(optdef != 0) { + if(opterr) { + fprintf(stderr, "ambiguous option: %s\n", spec_long); + } + return '?'; + } + optdef = longopts; + index_found = index_search; + } + longopts++; + index_search++; + } + if(optdef == 0) { + if(opterr) { + fprintf(stderr, "no such a option: %s\n", spec_long); + } + return '?'; + } + switch(optdef->has_arg) { + case no_argument: + optarg = 0; + if(pos_eq != 0) { + if(opterr) { + fprintf(stderr, "no argument for %s\n", optdef->name); + } + return '?'; + } + break; + case required_argument: + if(pos_eq == NULL) { + ++optind; + optarg = argv[optind]; + } else { + optarg = (char*)pos_eq + 1; + } + break; + } + ++optind; + nextchar = 0; + if(longindex != 0) { + *longindex = index_found; + } + if(optdef->flag != 0) { + *optdef->flag = optdef->val; + return 0; + } + return optdef->val; + } + continue; + } + } + optptr = strchr(optstring, c); + if(optptr == NULL) { + optopt = c; + if(opterr) { + fprintf(stderr, + "%s: invalid option -- %c\n", + argv[0], c); + } + ++nextchar; + return '?'; + } + if(*(optptr+1) != ':') { + nextchar++; + if(*(argv[optind] + nextchar) == '\0') { + ++optind; + nextchar = 0; + } + optarg = 0; + } else { + nextchar++; + if(*(argv[optind] + nextchar) != '\0') { + optarg = argv[optind] + nextchar; + } else { + ++optind; + if(optind < argc - postpone_count) { + optarg = argv[optind]; + } else { + optopt = c; + if(opterr) { + fprintf(stderr, + "%s: option requires an argument -- %c\n", + argv[0], c); + } + if(optstring[0] == ':' || + (optstring[0] == '-' || optstring[0] == '+') && + optstring[1] == ':') + { + c = ':'; + } else { + c = '?'; + } + } + } + ++optind; + nextchar = 0; + } + return c; + } + + /* end of option analysis */ + + /* fix the order of non-opt params to original */ + while((argc - optind - postpone_count) > 0) { + postpone(argc, argv, optind); + ++postpone_count; + } + + nextchar = 0; + postpone_count = 0; + return -1; +} + +int getopt(int argc, char* const argv[], + const char* optstring) +{ + return _getopt_(argc, argv, optstring, 0, 0); +} +int getopt_long(int argc, char* const argv[], + const char* optstring, + const struct option* longopts, int* longindex) +{ + return _getopt_(argc, argv, optstring, longopts, longindex); +} +/******************************************************** +int getopt_long_only(int argc, char* const argv[], + const char* optstring, + const struct option* longopts, int* longindex) +{ + return -1; +} +********************************************************/ + diff --git a/getopt.h b/getopt.h new file mode 100644 index 0000000..8111e04 --- /dev/null +++ b/getopt.h @@ -0,0 +1,44 @@ +/* + * getopt - POSIX like getopt for Windows console Application + * + * win-c - Windows Console Library + * Copyright (c) 2015 Koji Takami + * Released under the MIT license + * https://github.com/takamin/win-c/blob/master/LICENSE + */ +#ifndef _GETOPT_H_ +#define _GETOPT_H_ + +#ifdef __cplusplus +extern "C" { +#endif // __cplusplus + + int getopt(int argc, char* const argv[], + const char* optstring); + + extern char *optarg; + extern int optind, opterr, optopt; + +#define no_argument 0 +#define required_argument 1 +#define optional_argument 2 + + struct option { + const char *name; + int has_arg; + int* flag; + int val; + }; + + int getopt_long(int argc, char* const argv[], + const char* optstring, + const struct option* longopts, int* longindex); +/**************************************************************************** + int getopt_long_only(int argc, char* const argv[], + const char* optstring, + const struct option* longopts, int* longindex); +****************************************************************************/ +#ifdef __cplusplus +} +#endif // __cplusplus +#endif // _GETOPT_H_ diff --git a/util.o b/util.o deleted file mode 100644 index 404ecc4..0000000 Binary files a/util.o and /dev/null differ