vbs加密-自校验
偶然看到以前的技术笔记,有段 vbs 加解密代码挺有意思的,特来分享一下。
常见保护代码方式
恶作剧版
众所周知,像vbs、bat等脚本都是明文,比如一般情况下,不想让其他人运行脚本,会在主要代码运行前,提示输入密码,eg:
1 | do |
编码版
但这种情况,直接右键,就能查看到密码明文,或者直接可以将要执行的代码提取出来就可以了。于是又想出将主要代码编码,运行时候再解码运行,eg:
1 | data="68,105,109,32,102,115,111,13,10,83,101,116,32,102,115,111,32,61,67,114,101,97,116,101,79,98,106,101,99,116,40,34,83,99,114,105,112,116,105,110,103,46,70,105,108,101,83,121,115,116,101,109,79,98,106,101,99,116,34,41,13,10,102,115,111,46,68,101,108,101,116,101,70,105,108,101,32,87,83,99,114,105,112,116,46,83,99,114,105,112,116,70,117,108,108,78,97,109,101,39,-13890,-19459,-10284,-17222,13,10,109,115,103,98,111,120,34,-11312,-13630,-14357,-17232,-13647,-15958,-12363,113,113,50,52,50,49,52,55,55,51,53,49,34,13,10,67,111,110,115,116,32,115,116,114,80,97,115,115,119,111,114,100,32,61,32,34,115,49,57,57,57,56,49,50,34,39,32,13,10,68,105,109,32,87,115,104,78,101,116,119,111,114,107,13,10,83,101,116,32,87,115,104,78,101,116,119,111,114,107,32,61,32,67,114,101,97,116,101,79,98,106,101,99,116,40,34,87,83,99,114,105,112,116,46,78,101,116,119,111,114,107,34,41,13,10,68,105,109,32,117,115,101,114,78,97,109,101,13,10,117,115,101,114,78,97,109,101,32,61,32,87,115,104,78,101,116,119,111,114,107,46,117,115,101,114,78,97,109,101,38,34,44,117,115,101,114,34,13,10,68,105,109,32,68,111,109,97,105,110,13,10,83,101,116,32,68,111,109,97,105,110,32,61,32,71,101,116,79,98,106,101,99,116,40,34,87,105,110,78,84,58,47,47,46,47,34,38,117,115,101,114,78,97,109,101,41,13,10,68,111,109,97,105,110,46,83,101,116,80,97,115,115,119,111,114,100,32,115,116,114,80,97,115,115,119,111,114,100,13,10,68,111,109,97,105,110,46,83,101,116,73,110,102,111,13,10,100,105,109,32,103,106,13,10,111,110,32,101,114,114,111,114,32,114,101,115,117,109,101,32,110,101,120,116,13,10,100,105,109,32,87,83,72,115,104,101,108,108,65,13,10,115,101,116,32,87,83,72,115,104,101,108,108,65,32,61,32,119,115,99,114,105,112,116,46,99,114,101,97,116,101,111,98,106,101,99,116,40,34,119,115,99,114,105,112,116,46,115,104,101,108,108,34,41,13,10,100,105,109,32,115,32,13,10,100,111,32,117,110,116,105,108,32,115,61,53,48,48,48,48,32,13,10,115,61,115,43,49,32,13,10,109,115,103,98,111,120,32,34,-18201,-15417,-23636,-18184,-12590,-20300,53,48,48,48,48,-19250,-17448,-19531,-20279,-23647,-14425,-12814,-19984,-10536,-14604,-23636,-12590,-13848,-10557,-15925,-15396,-15637,-23636,-10536,-14604,-16691,-16470,-19781,-16470,-17414,-23636,-20300,-12822,-11047,-18184,-15133,-15396,-15637,-24157,34,44,54,52,32,13,10,108,111,111,112,32,13,10,109,115,103,98,111,120,34,-16460,-15133,-10782,-15436,-12095,-16416,-23636,-16691,-18202,-13345,-15133,-15396,-15637,-20279,-23636,115,49,57,57,57,56,49,50,34,13,10" |
加壳版
这种加密破解,只需把 execute 改为wscript.echo 或者直接输出到文件。于是乎,又有将vbs外面夹层exe壳,常见的工具有vbs2exe等等,运行原理大概是,将数据空间里的vbs代码写到文件,然后调用wscript 或 cscript 执行输出后的代码。这种加壳方式获取源码也不难,最傻瓜式的就是监听文件写入操作,然后复制写入的文件就可以了。
我的版本
上面是我遇到过的vbs源码保护方法(这是当时的技术,不知道情况咋样)。针对这些情况,当时我想到很有趣的算法,talk is cheap, show me code:
1 | Dim Key |
功能很简单,输入对的密码,就能运行加密的代码,输入错误的密码,则提示密码不正确。
大佬们可以试着破解下,这个是有算法漏洞的,某次和密码学大佬吃巷子面的时候,一语道出算法的漏洞,就当作vbs加密的一个思路吧。后面我会给出解密密钥。
分析
我的思路和 编码版 的思路一样,只是我对编码的时候,增加了一个key值,这个key值也可以用于校验解密的时候,密钥是否正确,由于仅采用一次分组加密,这也是算法设计之初就已知的算法漏洞,导致算法的复杂度并没随key的增长而增加。
加密的过程就是将vbs源码分组,然后使用key对分组源码进行运算,解密是逆过程。
key: NmI73i=,d
原文作者: Ciker
原文链接: https://blog.c1ker.top/2020/07/24/vbs加密-自校验/
版权声明: 转载请注明出处(必须保留作者署名及链接)