google?pagerank?checksum算法

原来网上早就有了checksum的相关破解，下面试checksum的汇编代码和vb版的破解。

目前我所用的就是vb版的checksum代码。

checksum的汇编代码：

GOOGLECHECK proc near

var_8 = dword ptr -8
var_4 = dword ptr -4
url_offset = dword ptr? 8
url_length = dword ptr? 0Ch
magic_dword = dword ptr? 10h

push ebp
mov ebp,esp
push ecx
push ecx
mov eax,[ebp+url_length]
cmp eax,0Ch
push ebx
push esi
mov esi,[ebp+magic_dword] ; = 0xE6359A60
push edi
mov edi,9E3779B9h ; derived from the golden number,hi TEA ;)
mov ebx,edi
mov [ebp+var_4],eax
jb jump_1
push 0Ch
pop ecx
xor edx,edx
div ecx
mov ecx,[ebp+url_offset]
mov [ebp+var_8],eax

loop_1:
movzx eax,byte ptr [ecx+7]
movzx edx,byte ptr [ecx+6]
shl eax,8
add eax,edx
movzx edx,byte ptr [ecx+5]
shl eax,byte ptr [ecx+4]
add edx,edi
shl eax,8
lea edi,[edx+eax]
movzx eax,byte ptr [ecx+0Bh]
movzx edx,byte ptr [ecx+0Ah]
shl eax,byte ptr [ecx+9]
shl eax,byte ptr [ecx+8]
add edx,esi
shl eax,8
lea esi,[edx+eax]
movzx edx,byte ptr [ecx+3]
movzx eax,byte ptr [ecx+2]
shl edx,8
add edx,eax
movzx eax,byte ptr [ecx+1]
shl edx,byte ptr [ecx]
shl edx,eax
sub edx,edi
sub edx,esi
mov eax,esi
shr eax,0Dh
add edx,ebx
xor edx,eax
sub edi,edx
sub edi,edx
shl eax,8
xor edi,eax
sub esi,edi
sub esi,edx
mov eax,edi
shr eax,0Dh
xor esi,0Ch
xor edx,10h
xor edi,edi
sub [ebp+var_4],0Ch
sub esi,5
xor esi,edi
mov eax,3
sub edx,esi
xor edx,eax
mov ebx,ebx
sub edi,ebx
shl eax,0Ah
xor edi,ebx
shr eax,0Fh
xor esi,eax
add ecx,0Ch
dec [ebp+var_8]
jnz loop_1
jmp short jump_2

jump_1:
mov ecx,[ebp+url_offset]

jump_2:
add esi,[ebp+url_length]
mov eax,[ebp+var_4]
dec eax
cmp eax,0Ah ; switch 11 cases
ja defaultswitch ; default
jmp ds:off_100307EA[eax*4] ; switch jump

switch_10:
movzx eax,byte ptr [ecx+0Ah] ; case 0xA
shl eax,18h
add esi,eax

switch_9:
movzx eax,byte ptr [ecx+9] ; case 0x9
shl eax,10h
add esi,eax

switch_8:
movzx eax,byte ptr [ecx+8] ; case 0x8
shl eax,8
add esi,eax

switch_7:
movzx eax,byte ptr [ecx+7] ; case 0x7
movzx edx,byte ptr [ecx+4]
shl eax,edi
lea edi,[edx+eax]
jmp short switch_3 ; case 0x3

switch_6:
movzx eax,byte ptr [ecx+6] ; case 0x6
shl eax,10h
add edi,eax

switch_5:
movzx eax,byte ptr [ecx+5] ; case 0x5
shl eax,8
add edi,eax

switch_4:
movzx eax,byte ptr [ecx+4] ; case 0x4
add edi,eax

switch_3:
movzx eax,byte ptr [ecx+3] ; case 0x3
movzx edx,byte ptr [ecx+2]
shl eax,byte ptr [ecx+1]
movzx ecx,byte ptr [ecx]
shl eax,8
add ecx,ebx
lea ebx,[ecx+eax]
jmp short defaultswitch ; default

switch_2:
movzx eax,byte ptr [ecx+2] ; case 0x2
shl eax,10h
add ebx,eax

switch_1:
movzx eax,byte ptr [ecx+1] ; case 0x1
shl eax,8
add ebx,eax

switch_0:
movzx eax,byte ptr [ecx] ; case 0x0
add ebx,eax

defaultswitch:
sub ebx,edi ; default
sub ebx,0Dh
xor ebx,ebx
mov eax,eax
sub ebx,edi
sub ebx,0Ch
xor ebx,esi
mov ecx,eax
shr ecx,3
xor ebx,ecx
sub edi,eax
mov ecx,ebx
shl ecx,ecx
sub eax,edi
sub eax,ebx
shr edi,0Fh
xor eax,edi
pop edi
pop esi
pop ebx
leave
retn
GOOGLECHECK endp

; Switch table
off_100307EA
dd offset switch_0
dd offset switch_1
dd offset switch_2
dd offset switch_3
dd offset switch_4
dd offset switch_5
dd offset switch_6
dd offset switch_7
dd offset switch_8
dd offset switch_9
dd offset switch_10

checksum的vb代码：

'=========================================================
' functions for the checksum:
'
' Function sl(ByVal x,ByVal n)
' Function sr(ByVal x,ByVal n)
' Function zeroFill(ByVal a,ByVal b)
' Private Function uadd(ByVal L1,ByVal L2)
' Private Function usub(ByVal L1,ByVal L2)
' Function mix(ByVal ia,ByVal ib,ByVal ic)
' Function gc(ByVal s,ByVal i)
' function GoogleCH(ByVal sURL)
' Function CalculateChecksum(sURL)
'=========================================================
Function sl(ByVal x,ByVal n)
??? If n = 0 Then
??????? sl = x
??? Else
??????? Dim k
??????? k = CLng(2 ^ (32 - n - 1))
??????? Dim d
??????? d = x And (k - 1)
??????? Dim c
??????? c = d * CLng(2 ^ n)
??????? If x And k Then
??????????? c = c Or &H80000000
??????? End If
??????? sl = c
??? End If
End Function

Function sr(ByVal x,ByVal n)
??? If n = 0 Then
??????? sr = x
??? Else
??????? Dim y
??????? y = x And &H7FFFFFFF
??????? Dim z
??????? If n = 32 - 1 Then
??????????? z = 0
??????? Else
??????????? z = y CLng(2 ^ n)
??????? End If
??????? If y <> x Then
??????????? z = z Or CLng(2 ^ (32 - n - 1))
??????? End If
??????? sr = z
??? End If
End Function

Function zeroFill(ByVal a,ByVal b) ?
?Dim x
?if (&H80000000 AND a) then
??x = sr(a,1)
??x = x AND (NOT &H80000000)
??x = x OR &H40000000
??????? x = sr(x,b-1)
?else
??x = sr(a,b)
?end if
?zeroFill = x
End Function

Private Function uadd(ByVal L1,ByVal L2)
??? Dim L11,L12,L21,L22,L31,L32
??? L11 = L1 And &HFFFFFF
??? L12 = (L1 And &H7F000000) &H1000000
??? If L1 < 0 Then L12 = L12 Or &H80
??? L21 = L2 And &HFFFFFF
??? L22 = (L2 And &H7F000000) &H1000000
??? If L2 < 0 Then L22 = L22 Or &H80
??? L32 = L12 + L22
??? L31 = L11 + L21
??? If (L31 And &H1000000) Then L32 = L32 + 1
??? uadd = (L31 And &HFFFFFF) + (L32 And &H7F) * &H1000000
??? If L32 And &H80 Then uadd = uadd Or &H80000000
End Function

Private Function usub(ByVal L1,L32
??? L11 = L1 And &HFFFFFF
??? L12 = (L1 And &H7F000000) &H1000000
??? If L1 < 0 Then L12 = L12 Or &H80
??? L21 = L2 And &HFFFFFF
??? L22 = (L2 And &H7F000000) &H1000000
??? If L2 < 0 Then L22 = L22 Or &H80
??? L32 = L12 - L22
??? L31 = L11 - L21
??? If L31 < 0 Then
??????? L32 = L32 - 1
??????? L31 = L31 + &H1000000
??? End If
??? usub = L31 + (L32 And &H7F) * &H1000000
??? If L32 And &H80 Then usub = usub Or &H80000000
End Function
?
Function mix(ByVal ia,ByVal ic)
?Dim a,b,c
?a = ia
?b = ib
?c = ic
?
?a = usub(a,b)
?a = usub(a,c)
?a = a XOR zeroFill(c,13)
?
?b = usub(b,c)
?b = usub(b,a)
?b = b XOR sl(a,8)
?
?c = usub(c,a)
?c = usub(c,b)
?c = c XOR zeroFill(b,13)
?
?a = usub(a,12)
?
?b = usub(b,16)
?
?c = usub(c,5)
?
?a = usub(a,3)
?
?b = usub(b,10)
?
?c = usub(c,15)
?
?Dim ret(3)
??
?ret(0) = a
?ret(1) = b
?ret(2) = c
?
?mix = ret
End Function

Function gc(ByVal s,ByVal i)
?gc = Asc(Mid(s,i+1,1))
End Function

function GoogleCH(ByVal sURL)
?Dim iLength,a,c,k,iLen,m
?iLength = Len(sURL)

?a = &H9E3779B9
?b = &H9E3779B9
?c = GOOGLE_MAGIC
?k = 0
???
??? iLen = iLength
??? do while iLen >= 12
??????? a = uadd(a,(uadd(gc(sURL,k+0),uadd(sl(gc(sURL,k+1),8),k+2),16),sl(gc(sURL,k+3),24))))))
??????? b = uadd(b,k+4),k+5),k+6),k+7),24))))))
??????? c = uadd(c,k+8),k+9),k+10),k+11),24))))))

??m = mix(a,c)
??
??????? a = m(0)
??????? b = m(1)
??????? c = m(2)
???????
??????? k = k + 12

??????? iLen = iLen - 12
??? loop

??? c = uadd(c,iLength)

??? select case iLen ' all the case statements fall through
??????? case 11
???c = uadd(c,24))
???c = uadd(c,16))
???c = uadd(c,8))
???b = uadd(b,24))
???b = uadd(b,16))
???b = uadd(b,gc(sURL,k+4))
???a = uadd(a,24))
???a = uadd(a,16))
???a = uadd(a,8))
???a = uadd(a,k+0))
??????? case 10
???c = uadd(c,k+0))
??????? case 9
???c = uadd(c,k+0))
??????? case 8
???b = uadd(b,k+0))
??????? case 7
???b = uadd(b,k+0))
??????? case 6
???b = uadd(b,k+0))
??????? case 5
???b = uadd(b,k+0))
??????? case 4
???a = uadd(a,k+0))
??????? case 3
???a = uadd(a,k+0))
??????? case 2
???a = uadd(a,k+0))
??????? case 1
???a = uadd(a,k+0))
??? End Select
???
??? m = mix(a,c)
???
??? GoogleCH = m(2)
End Function

Function CalculateChecksum(sURL)
?CalculateChecksum = "6" & CStr(GoogleCH("info:" & sURL) AND &H7FFFFFFF)
End Function

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!