zoukankan      html  css  js  c++  java
  • Kostya Keygen#2分析

    主要就是构造408ede处的2A个字节..

    其中第一个字节必须为0x2D,倒数第二个字节必须为0x36,倒数第三个字节为0x31.

    之后,对这个2A字节的缓冲区,要满足一些条件:

      1

      在408ede里查找字符0x2E

      找到0x2E之后的第一个位置存到栈中,位置A

      之后再从位置A开始找0x2D

      找到-之后的第一个位置,位置B,存到EDX中

      位置A到位置B之间的字符串,拷贝到408321中

      408321在sub401c51处作为第一个参数,第二个参数为[408824] == 431A

      我写了一个循环,用于得到合适的数值对, 即

    循环后有许多解,找到eax==431a431a的,然后对应的i就应该是字符串.

    比如我最终得到i == 968768946

    那么字符串应该就是39 36 38 37 36 38 39 34 36

    在408ede里就是2e 39 36 38 37 36 38 39 34 36 2d

    2

      在408ede中寻找0x5F,然后称其为位置C. 位置B到位置C之间的字符串必须满足

    长度为6,第4个字符的ASCII码值,等于6个字符以数值形式的值的总和(对大于0xXX的还要减去0x37).

    这个可以有很多种选择,我就选了个

    35 35 35 41 5D 32

    5D - 0x37 = 0x26

    0x26 + 5+5+5+0xA+2 = 0x41(就刚好是A)

    3在408ede中寻找0x5D,称其位置为D,从408ede的第三个字节开始,到0x5d,全部拷贝.

    然后对前16个字节,前8个拷贝到40846d, 后8个拷贝到40856d

    这16个字符,必须在a~f,A~F,0~9内..然后

    每8个都会对应地转换成为一个DWORD

    比如有0x31 0x41 0x31 0x31 0x31 0x31 0x31 0x42

    就会转换称1A11111B这样的DWORD

    这样的两个DWORD会到sub_4020ac处参与运算,得到两个DWORD,存放在40884E,和408852

    ,后两个结果会分别跟e43f955c,f19714bb作对比,相等,那么不跳,最终也就成功了.

    那么在sub_4020ac处的运算就很关键

    这个过程,用到了409240开始的一大块数据,这一大块数据,经过我的实验,输入相同的用户名,改变前面讲的16个字节的字符,对这一大块数据不会有影响.  这一大块数据是在函数sub_401fa9里产生的,具体怎么产生不重要.

    然后经过我的研究sub_4020ac里的算法是可逆的, 我把那一大块数据扣出来,然后写了逆算法,由正确的两个DWORDe43f955c,f19714bb 反推了正确的初始值

    31 44 45 30 32 41 31 38     44 42 33 37 39 43 34 41  这16个,正确的初始值

    正向算法是:

    EAX == XX

     EDX == YY

    begin:

       eax ^= constant_a

       esi = f(eax)

       edx ^= esi

       xchg eax,edx

       jmp begin   执行16次

    逆向算法是:

    .

    反推的代码,我也写在了damnit.cpp的DAMN里面..

    然后最终正确的2A个serial就是

    0x2d,0x31,0x31,0x44,0x45,0x30,0x32,0x41,0x31,0x38,0x44,0x42,0x33,0x37,0x39,0x43,0x34,0x41,0x31,0x5d,0x2e,0x39,0x36,0x38,0x37,0x36,0x38,0x39,0x34,0x36,0x2d,0x35,0x35,0x35,0x41,0x5d,0x32,0x5f,0x31,0x31,0x36,0x31,0x0

    然后就是做最后的处理,把这个转换成输入时的字符.

    详见代码的FUCK1宏里包括的, 以及分析过程.txt里的sub_401981和sub_4019EC

    最终得到了最后结果

    aaaaaa

    Ljq4i,UiAq_2N)bkD3qxV]YWGoxpO(eTEn0xMBTPFj

    最终成功..

    以下是分析过程中我的笔记: 按执行顺序

    namelen  >=5  <=0x180
    
    
    408ade  name     408820  namelen
    408bde  serial   40882c seriallen
    
    
    sub_4018AF---------------------
    arg4   408956  S29zdHlhS29zdHlhS29zdHlhS29zdHlhS29zdHlhS2
    arg3   40725C  S29zdHlhOiBTaW1wbHkgYnV0IGVhc3kgaW4gQmFzZTY0IDop
    arg2   8
    arg1   408bde  111111111111111111111111111111111111111111
    
    
    
    得到arg1的长度,放到全局40883A
    把arg3前8个放到arg4前8个
    
    
    果然就是把arg3的前8个,循环地放在arg4里面,长度为次数为arg1的长度
    
    最终全局的40883A变为0
    
    sub_401a23------------------------------
    
    arg1  408956 S29zdHlhS29zdHlhS29zdHlhS29zdHlhS29zdHlhS2
    arg2  408bde 111111111111111111111111111111111111111111
    arg3  408fde 是一个缓冲区,进去之前是空的
    
    
    对arg2,arg1的每一对字符分别调用sub_401981,
    然后把返回值分别存在408830和408831,
    取出,放在AL,DL,之后AL=AL-DL-1
    然后EAX和0x47比,小于等于的话就放在408fde开始的对应字节
    如果EAX大于0X47,说明此时AL是负数,那么EAX再加0x47,,就变成正数而且小于0x47,
    再存.  看来AL是正数的时候是不可能大于0x47的.
    
    
    sub_401981:----------------------------------------------
    arg1:  就一个字符
    
    用到了407012处存储的字符串
    ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890.-_()[],&
    
    对arg1在这个表中寻找,得到arg1字符在表中的索引,索引以1开始
    返回值就是这个索引
    
    
    sub_4019EC:_____________________________________
    arg1:  40882C    是seriallen
    arg2:  408fde    就是sub_401a23最终得到的结果
    arg3:  408ede    初始进去是空的
    
    
    408fde的每个字节的值作为数组下标,到407012[下标处]找到对应字节
    放到408ede开始的对应字节
    
                                              ----408EDE最重要的字符串
    
    --------------------------------------------------
    出了sub_4019EC:
    在408ede里查找字符0x2E(.)
    
    找到0x2E之后的第一个位置存到栈中,位置A
    
    之后再从位置A开始找0x2D,即为'-',
    
    找到-之后的第一个位置,位置B,存到EDX中
    位置A到位置B之间的字符串,拷贝到408321中
    
    从408ede+1开始再找0x2D,这里的值应该就是位置B了,       (怪不得这里要+1,因为第一个字节就是2D)
    
    之后再从408ede开始找0x5F,之后的第一个位置,称为位置C
    把位置B到位置C之间的字符串拷贝到408341处
    
    
    sub401c51___________________________________________必须返回1
    arg1: 408321     
    arg2: [408824] ==> 431A
    
    408321字符串必须为968768946   431A431A
    
    
    ___________________________________________________
    
    出了sub401c51之后
    
    408341开始的字符串
    前6个字符,如果是数字,那么加起来,如果是字符,那么-0x37后求和,所以如果是大写字母,那么刚好是十六进制的和
    
    
    408341处的字符串长度必须是6
    
    第4个字符的ASCII码值必须等于6个字符的前面求出的和.
    
    408ede的倒数第二个字符的值必须是'6'
    
    倒数第三个字符必须为'1'
    [408320]这个byte必须为0
    
    
    
    sub_402189_______________________  返回值必须非零
    arg1: 408ede
    
    
    在408ede中找0x5D,位置A
    
    从408ede的第三个字符开始到这个0x5D,拷贝到408361处
    然后得到这个字符串的长度放到408461处
    
    然后对这个字符串的每一个字符:
    如果
    BL>=0x30跳
      BL<=0X39跳
    这一段代码谁来都会跳到后面去
    
    把408361处的8个字符,拷贝到40846D处
    
    把408361+8处开始的8个字符,拷贝到40856D处
    
    然后用40846D和40856D这两个字符串作为参数分别调用sub_402254, 得到的返回值放在408846和40884A处
    然后返回1,成功完成这个函数
    
    sub_402254___________________________________________
    arg1: 字符串地址,字符串长度为8
    
    对字符串中每一个字符,比如12345678
    如果是纯数字,那么产生的返回值的值就是纯数字12345678
    如果不是数字,那么就把他的ASCII码值-0x57后
    
    经过试验发现1~9,, A~F,,a~f都可以转换为对应的字符,其中字母随意大小写都行.
    
    比如'123154ab'  返回值就是123154AB
    __________________________________
    
    出了sub_402189之后,jnz就跳到401571,开始最后一段的处理....
    
    
    
    
    
    sub_4020ac______________________________________
    arg1: 40884e   :存放的目的地址,用于得到最终的结果
    arg2: 408846   :sub_402189得到的值,有两个DWORD
    
    arg1最终的得是e43f955c, arg1+4最终的得是f19714bb
    
    408846   XX
    40884A   YY
    
    40884E   e43f955c
    408852   f19714bb
    
    (EAX初始的值放的是XX)
    EAX跟[409244+0x40]==[409284]开始的DWORD开始XOR,一直XOR到[409244+4]
    得到的结果假设为
    
    EAX == AA BB CC DD
    
    [BB*4+409688] + [AA*4+409288]--> esi --->  esi xor [CC*4+409a88] + [DD*4+409e88]  ---> esi
    
    EDX = EDX xor esi, (EDX的初始的值放的是YY)
    然后EDX跟EAX交换了值
    然后再上去xor,循环16次,
    
    
    得到的结果,EAX再和[409244] xor一次
    EDX再和[409240]xor 一次  然后eax放在408852,EDX放在40884E
    
    
    记得409288   409688   409a88   409e88  折是一段连续的地址
    每两个相聚为0x400, 100个DWORD
    
    _______________________________________________________________________
    sub_401fa9填充了[409240,40a288)这一块地方
    这一块地方的值又是和那两个字符串有关的.
    
    sub_401fa9似乎和那两个字符串没什么关系...
    是固定值..
    
    从4072d8开始,搬运0x412个DWORD到409240处
    
    从407284开始,,搬运0x38个BYTE到40a288处,就是上面那次搬运结束后的地方
    
    再从40a288处搬运0x25个字节到40a2ab
    
    ....我日,反正这里有一堆处理...
    
    最后实验一下,如果不行,我就真的放弃了!!
    
    __________________________________________________________________
    把409240开始的数全部拷到数组里,然后根据最终出来的值反推一下...
    
    写个程序....
    
    最终成功了!!!!!!!!!!!
    
    
    
    
    
    
    
    408ede的第一个字符xor 0x2c 后结果为1 
    那么第一个字符应该是2D
    
    2A  = 42长度
    
    aaaaaa
    Ljq4i,UiAq_2N)bkD3qxV]YWGoxpO(eTEn0xMBTPFj

    这个crackme的一些说明:

    1这是培训期间的一个CRACKME,最终算出了一对注册码,获得了一大瓶可乐

    2分析过程断网

    3f1,f2,f3  3个txt是我用来确定不同的输入,是否是相同的输出数据块,结果发现是的.

    4分析过程.txt是我按照顺序分析下去时记录的. 整理报告是写完后整理了下思路后总结的.

    5这个CRACKME我感觉我转过了好几个巧妙的弯

    第一个简单的弯是:

    这里,XOR EAX,0x1234执行0x10000次,其实相当于什么都没做,

    4013A2这里必须跳,EAX必须等于0x56003C, 那么可以知道GetDlgTextA后得到的EAX必须为0x56003c-0x1000*56 - 0x12=0x2a,就是密码长度.

    第二个弯是:

    sub_401c51里的一个判断, 

    给定了两个初始值,得算出符合条件的一个EAX

    我用C写了个穷举,算出了结果

    第三个弯是:

    我发现这个算法是可逆的,同样也写了个C语言的解密.

    以下是为了这个crackme写的计算程序代码:

    #include <windows.h>
    #include <stdio.h>
    
    //
    //int main()
    //{
    //    DWORD edx = 0x17, ecx = 0x1b,esi=0;
    //    DWORD eax;
    //    for (DWORD i = 0; i < 0xffff'ffff; i++)
    //    {
    //        eax = i;
    //        edx = 0x17;
    //        ecx = 0x1B;
    //
    //        while (ecx > 0)
    //        {
    //            esi = edx;
    //            esi <<= ecx;
    //            esi *= ecx;
    //            esi ^= eax;
    //            esi &= 0x7fff'ffff;
    //            ecx -= 3;
    //            eax = esi;
    //        }
    //        if (HIWORD(eax) == LOWORD(eax))
    //        {
    //            printf("%08X", eax);
    //            printf("  %d
    ", i);
    //            
    //        }
    //    }
    //
    //
    //
    //    return 0;
    //}
    
    #define FUCK 1
    #if FUCK
    int main()
    {
        BYTE arr[] =
        { 0x2d,0x31,0x31,0x44,0x45,0x30,0x32,0x41,0x31,0x38,0x44,0x42,0x33,0x37,0x39,0x43,0x34,0x41,0x31,0x5d,0x2e,0x39,0x36,0x38,0x37,0x36,0x38,0x39,0x34,0x36,0x2d,0x35
        ,0x35,0x35,0x41,0x5d,0x32,0x5f,0x31,0x31,0x36,0x31,0x0};
    
        char *szString = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890.-_()[],&";
    
        int i = 0;
        while (arr[i] != 0)
        {
            for (int j = 0; j < strlen(szString); ++j)
            {
                if (szString[j] == arr[i])
                {
                    printf("%x ", j);
                    break;
                }
            }
            ++i;
        }
        //3f 34 34 3 4 3d 35 0 34 3b 3 1 36 3a 3c 2 37 0 34 44 3e 3c 39 3b 3a 39 3b 3c 37 39 3f 38 38 38 0 44 35 40 34 34 39 34
        //3f 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 44 3e 3c 39 3b 3a 39 3b 3c 37 39 3f 38 38 38 00 44 35 40 34 34 39 34
        //13 36 3d 34 1e 08 26 22 13 36 3d 34 1e 08 26 22 13 36 3d 34 1e 08 26 22 13 36 3d 34 1e 08 26 22 13 36 3d 34 1e 08 26 22 13 36 3d 34 1e 08 26 22
    
        //如果上面列和+1>0x47,那么就把和-0x47,否则保留原值,那么得到的就是  输入的字符串在表中的索引了(1开头)..
    
        int arrxxx[] = {0x3f,0x34,0x34,0x03,0x04,0x3d,0x35,0x00,0x34,0x3b,0x03,0x01,0x36,0x3a,0x3c,0x02,0x37,0x00,0x34,0x44,0x3e,0x3c,0x39,0x3b,0x3a,0x39,0x3b,0x3c,0x37,0x39,0x3f,0x38,0x38,0x38,0x0,0x44,0x35,0x40,0x34,0x34,0x39,0x34};
        int arryyy[] = { 0x13,0x36,0x3d,0x34,0x1e,0x08,0x26,0x22,0x13,0x36,0x3d,0x34,0x1e,0x08,0x26,0x22,0x13,0x36,0x3d,0x34,0x1e,0x08,0x26,0x22,0x13,0x36,0x3d,0x34,0x1e,0x08,0x26,0x22,0x13,0x36,0x3d,0x34,0x1e,0x08,0x26,0x22,0x13,0x36 };
    
        for (int i = 0; i < 0x2a; ++i)
        {
            int k = arrxxx[i] + arryyy[i] + 1;
            if (k <= 0x47)
            {
                printf("%c", szString[k-1]);
            }
            else
            {
                printf("%c", szString[k - 0x47-1]);
            }
        }             
        //L jqhL9TPAjqhL9TPAjq xV]YWGoxpO(eTEn0xMBTPFj
        //Ljq4i,UiAq_2N)bkD3qxV]YWGoxpO(eTEn0xMBTPFj
        return 0;
    }
    #endif
    
    #define BYTE1(para) (DWORD)((para&0xff00'0000)>>24)
    #define BYTE2(para) (DWORD)((para&0x00ff'0000)>>16)
    #define BYTE3(para) (DWORD)((para&0x0000'ff00)>>8)
    #define BYTE4(para) (DWORD)((para&0x0000'00ff)>>0)
    
    
    
    #define DAMN 0
    #if DAMN
    
    BYTE arr[] =
    {
        0x3B,0xF0,0x98,0xEF,0x4D,0x37,0xF1,0xC6,0x93,0x1A,0x57,0x75,0x30,0x72,0xF2,0x5B,
        0x98,0x4E,0x99,0x64,0x4C,0xF0,0x08,0x84,0x3D,0xC0,0x69,0xAA,0xDF,0xD8,0x1A,0xB8,
        0xC8,0xF7,0x31,0x6A,0x8B,0x1C,0x4A,0x56,0xCF,0xB3,0xC0,0x45,0x8A,0x97,0xDC,0xB4,
        0x12,0x8E,0x23,0xA1,0xEC,0xEE,0x3D,0x3B,0xE3,0x7F,0xB1,0x79,0xD1,0xE2,0x93,0xEC,
        0x24,0x0C,0x33,0xE1,0x2D,0x35,0xEA,0x6E,0x7C,0x2B,0x6B,0x6E,0x41,0xA9,0xBE,0xE6,
        0xA5,0xA5,0x4E,0xCE,0xF2,0x90,0xD5,0x2E,0x40,0xF3,0x8C,0xEF,0xB6,0x52,0x1B,0xCD,
        0x00,0x52,0x6E,0xE1,0x9C,0x64,0x99,0x40,0xC8,0xB8,0x08,0x6C,0x3A,0xE7,0xF8,0x68,
        0xEA,0x08,0x0F,0x84,0x9A,0x20,0xA7,0x43,0x4E,0xDE,0x56,0x89,0x0A,0xCD,0xB0,0xDA,
        0xC2,0xF5,0x5B,0x22,0x58,0x1D,0x91,0x8C,0xFB,0x66,0x54,0xA4,0x9F,0xBF,0x71,0x94,
        0x9D,0x76,0x14,0x73,0xD3,0x6F,0x53,0xE0,0xB7,0xB3,0xD7,0x64,0x15,0x02,0x63,0xB1,
        0x6F,0x72,0xEE,0xF9,0x94,0x99,0x57,0xC0,0x95,0x5D,0x62,0xEC,0x85,0xFA,0xB6,0x5B,
        0x63,0x2E,0xE3,0xF2,0x61,0x3B,0xA3,0x93,0xAD,0x7D,0xFD,0x4E,0x36,0x00,0x27,0x2F,
        0xF4,0x75,0xFA,0x6F,0x18,0xEF,0x3E,0x82,0x5F,0xA9,0x59,0x2A,0x45,0x28,0x9F,0x8E,
        0x72,0xA1,0x00,0x73,0x6F,0xF9,0x9D,0xB3,0x58,0x6E,0x49,0x1F,0x10,0x3B,0x53,0xCC,
        0x82,0xCB,0x55,0x76,0x86,0x51,0xAB,0x8A,0x89,0x08,0xA8,0x24,0xD3,0xF7,0x10,0xCF,
        0xA9,0x28,0x7D,0x8C,0xF5,0x9F,0x29,0x96,0x9C,0x64,0x3B,0xD1,0x17,0x4E,0xEC,0xF6,
        0x79,0x24,0x09,0x5A,0x9B,0x89,0x36,0x5C,0xEB,0x55,0x60,0x8B,0x38,0x1E,0x72,0x7F,
        0x7B,0xBB,0x8D,0x6F,0xC7,0xA3,0x60,0x32,0x48,0x54,0xBB,0x22,0x0F,0x4B,0x37,0x92,
        0x43,0x52,0xAD,0xA4,0x67,0xD3,0xAE,0x3C,0x3A,0xAF,0xAC,0x2C,0x58,0x73,0x50,0xC2,
        0x92,0xA6,0x0A,0xE4,0x6C,0xA7,0xDD,0x7C,0x09,0x2B,0xB3,0xBA,0xF9,0xB8,0x60,0x7F,
        0xF3,0x10,0x0B,0x16,0xB1,0x1F,0x62,0x28,0x69,0xB0,0x07,0xB9,0x23,0x6E,0x94,0x97,
        0xFE,0xAB,0xC9,0xE6,0x1A,0x34,0x89,0xB1,0x91,0x74,0xFD,0x0C,0x12,0xD2,0x2C,0x49,
        0x2C,0xA3,0xE5,0x8C,0x6D,0x6A,0x6F,0xF4,0x1E,0x91,0x79,0xCE,0xE3,0x1A,0x12,0x14,
        0x29,0x98,0x20,0xF2,0xF0,0x67,0x75,0xFD,0xA7,0xAA,0xCB,0x11,0x60,0x0F,0x8E,0x81,
        0x6E,0x05,0x18,0xB0,0x94,0xC7,0xE3,0xEF,0xBD,0xF6,0x08,0xA2,0xC5,0xAE,0x44,0xFE,
        0x17,0x79,0x9B,0xEC,0x88,0x96,0xD0,0x38,0xF2,0x3A,0x6A,0x3C,0x7A,0x82,0x98,0xE1,
        0x97,0xBA,0xBC,0x40,0xC8,0xF2,0x27,0x24,0x1F,0xCF,0xA9,0xDE,0xEF,0xEE,0x49,0x8B,
        0x23,0x3A,0xC9,0x02,0xB5,0xBD,0x5E,0x99,0x1F,0xCF,0x30,0x0F,0xAB,0x0B,0x01,0xA6,
        0x86,0x10,0x5A,0xCC,0x02,0xCD,0xA3,0x21,0x5C,0x53,0x07,0xF3,0xF7,0x86,0x9B,0x1E,
        0xC4,0x80,0x63,0x90,0x9A,0x97,0xA3,0xC6,0xAD,0xCE,0xAF,0x11,0x69,0x60,0xA9,0x18,
        0xA7,0xF8,0xB5,0xE8,0xC4,0xAB,0xE4,0xD7,0x65,0x96,0x76,0x3A,0xC3,0x30,0x32,0x97,
        0x92,0x59,0xD8,0xA9,0x9F,0x82,0x4B,0x24,0x51,0x0E,0x24,0xCD,0x2D,0x64,0x52,0xA3,
        0x20,0xD2,0x7D,0xA9,0xF0,0x05,0x60,0xB9,0x69,0x8A,0xFC,0xC2,0x5F,0x47,0x0C,0x11,
        0x7E,0x4D,0x5B,0x6A,0xEE,0x7B,0xF1,0xCC,0x84,0x47,0x14,0x84,0x28,0xC2,0xCC,0xD5,
        0x96,0x71,0x72,0x92,0x9F,0x60,0x86,0x75,0x2D,0x61,0x89,0x15,0xE5,0xF8,0x70,0xD2,
        0x15,0xB6,0x2C,0x09,0xAA,0x07,0xB6,0x9E,0x5A,0x31,0xD5,0x4E,0x80,0x40,0x16,0xBD,
        0x5A,0xEE,0x94,0xBA,0x5B,0xE9,0x91,0x2B,0x10,0x14,0xC6,0x9F,0x6D,0x5D,0x42,0xDC,
        0x0B,0xF4,0xE4,0x37,0x20,0x3D,0xE2,0x66,0x97,0x56,0xDE,0x3B,0x19,0xAA,0x97,0x25,
        0x4D,0x43,0x0A,0x13,0x9E,0xF2,0x83,0xC2,0x21,0x3E,0x65,0x2F,0x6C,0xF9,0x12,0xC4,
        0x95,0xD6,0xDF,0x63,0xD4,0x24,0xF9,0x66,0x48,0xFA,0x31,0xB5,0x59,0x5C,0xFA,0x7A,//未知字符0x02,这TM是什么鬼 0x02,0xA3,0x0B,0x94,0xFD,0x53,0x2C,0x25,0xDF,0x36,0xD1,0xDE,0x67,0xF4,0x30,0xAB,
        0x02,0xA3,0x0B,0x94,0xFD,0x53,0x2C,0x25,0xDF,0x36,0xD1,0xDE,0x67,0xF4,0x30,0xAB,
        0xFE,0xDB,0xFA,0x11,0xE8,0x76,0xC3,0x71,0x74,0xC6,0x4F,0x75,0xFE,0x66,0x3B,0xB8,
        0x6E,0x37,0x90,0xF7,0xE2,0xD5,0x62,0x67,0x57,0x8A,0xE5,0x47,0x4B,0xEC,0xEE,0xED,
        0xD8,0xED,0x9E,0x40,0x23,0x7E,0xD3,0x56,0x01,0x8A,0x4D,0xBF,0xA6,0xCD,0xDF,0xFA,
        0x25,0x24,0xE0,0x44,0x4C,0x95,0x53,0xCA,0xA3,0x33,0x11,0x1B,0xD3,0xED,0x32,0xAB,
        0x3F,0x1B,0x17,0xBE,0x5D,0xFE,0x67,0xEF,0x6E,0x0D,0xF8,0x58,0xAD,0x32,0x3F,0x04,
        0x3C,0xB2,0x2C,0x25,0xD2,0xB1,0x4F,0x51,0x8C,0x48,0x20,0x19,0xB1,0xE6,0x4A,0xC2,
        0xE2,0x7A,0xB6,0x4C,0x10,0xD6,0xBD,0xDA,0x41,0xD3,0xB3,0x1A,0x82,0x85,0x7F,0xD1,
        0x52,0xC1,0x63,0xCF,0x36,0x93,0x53,0x09,0x78,0xCE,0xA3,0xEA,0x06,0x7D,0xC1,0x0D,
        0x1B,0xAB,0x57,0x1D,0x19,0xA2,0x22,0x91,0x15,0xD6,0xFC,0x72,0xF8,0x2F,0x76,0xF7,
        0x5D,0x87,0x38,0xA5,0x6D,0x6E,0x99,0xD8,0x43,0x16,0xAA,0x85,0xDA,0x8E,0x54,0x3B,
        0x5F,0x6D,0x09,0x35,0x66,0xC2,0x58,0xF4,0x5F,0x84,0x53,0xAB,0x7C,0x2F,0x55,0x30,
        0xA5,0x8E,0xD0,0x33,0x31,0x34,0x19,0xD0,0x64,0x3D,0x23,0x9A,0x24,0x3A,0x48,0x36,
        0xB0,0xA0,0xB8,0x2D,0xBF,0x42,0x4E,0xE6,0x3B,0x4E,0x1B,0xC0,0x34,0xBB,0xAB,0xCA,
        0x9F,0x91,0xA4,0xCE,0x9A,0xC2,0xC2,0x7E,0x35,0xFA,0xE0,0x22,0xB5,0xAD,0xC0,0x2E,
        0x2F,0x41,0x69,0xAC,0x42,0x25,0x2D,0x21,0xE2,0x62,0xEB,0xDA,0x27,0x68,0x5D,0x35,
        0xC3,0x3C,0x79,0xE8,0xD5,0x2B,0x87,0x5E,0x99,0x8C,0x69,0xB8,0x29,0x41,0x59,0x7D,
        0x2F,0x7D,0x8E,0x24,0x18,0x3E,0x3F,0x6A,0xAB,0xDD,0x92,0xEA,0xCA,0xBF,0xCD,0xBC,
        0x76,0x82,0xA1,0x61,0x73,0x5B,0x63,0x00,0xD4,0x4B,0xC4,0xA8,0xDF,0xA3,0x93,0x02,
        0xE4,0x95,0x5C,0xE9,0x35,0xA2,0xF6,0xC3,0xC9,0x2C,0x6F,0x0F,0xC0,0xF1,0x7C,0x29,
        0x41,0x80,0x70,0x80,0xC5,0x18,0x84,0x81,0x2A,0x24,0x8E,0x34,0xAB,0xC6,0x4D,0xA4,
        0x87,0x4A,0xE1,0xD5,0xEA,0x87,0x36,0x0E,0xF8,0xF2,0xA6,0x6B,0x2B,0x02,0x13,0x45,
        0xD8,0x42,0xFC,0x7C,0xBA,0x1B,0xAF,0xBC,0x1A,0x9F,0x48,0x6B,0x1C,0x38,0x3D,0x58,
        0x1E,0x06,0xBF,0xD9,0x76,0xF7,0x8F,0xC2,0xD2,0x36,0xCC,0x59,0x46,0x96,0xAB,0x6E,
        0x10,0x1C,0x5A,0x24,0x3B,0x2E,0x98,0x0A,0x61,0x4B,0xAF,0xC7,0x89,0xD5,0xF9,0x3B,
        0x68,0x8E,0xF9,0xEE,0xA2,0x92,0x86,0xE3,0x6C,0xF9,0xED,0xAE,0x04,0x0E,0x5C,0xF0,
        0x1D,0x96,0xD1,0x6C,0xE1,0x64,0xDF,0xC3,0xEC,0xF6,0x23,0x05,0x4A,0x70,0xC4,0xD1,
        0x6D,0xF6,0xAC,0x18,0x60,0x6A,0xDE,0x0A,0xA3,0x9E,0x83,0x07,0x75,0x08,0xE4,0x9E,
        0xA9,0x89,0x61,0x62,0x56,0x96,0x33,0xEB,0x28,0xD1,0x70,0x27,0x23,0x21,0x4D,0xCF,
        0x15,0xBA,0x4D,0xDE,0xC9,0x90,0x57,0x2C,0xB5,0x0C,0x47,0x4A,0xCC,0x6F,0xB6,0x54,
        0x6D,0x10,0x74,0xEA,0xBE,0x1B,0x93,0xD2,0xDE,0xFB,0x92,0x57,0x2E,0x21,0x2C,0x86,
        0x55,0x24,0x8A,0x76,0xBF,0x0F,0x34,0x64,0xC7,0x18,0x55,0x00,0xCF,0x61,0xA0,0xA2,
        0x80,0x82,0x9B,0xEB,0x41,0xDE,0xFD,0x99,0x9C,0xF6,0x0E,0x18,0xF6,0x2E,0x97,0x2A,
        0x55,0xEC,0x03,0xAD,0x2D,0xB6,0x41,0x67,0x7E,0xEE,0x4F,0xE8,0xBF,0xC0,0xED,0x2F,
        0x1A,0x77,0xD0,0x59,0xFB,0x46,0x8F,0x53,0x99,0x7B,0x81,0x65,0x93,0x80,0x05,0x5C,
        0x83,0xC9,0xE4,0xEE,0xF6,0xC3,0x9B,0xB5,0x63,0x9B,0xC9,0x49,0x88,0x80,0xE3,0xD8,
        0xD8,0x35,0x25,0x2D,0x18,0x13,0x60,0x40,0x54,0xEF,0x61,0xD1,0xD2,0x4F,0xF4,0x0E,
        0x18,0x10,0x67,0x54,0x52,0x01,0x72,0x8E,0x27,0x2A,0x8A,0x1F,0xEA,0x86,0xAD,0xA1,
        0xC5,0x20,0xC6,0x51,0xFA,0x67,0x7B,0xB7,0x4B,0xAF,0xDD,0xC6,0x20,0x55,0x56,0x9C,
        0x51,0x55,0x23,0x00,0xC2,0x82,0xDF,0x9D,0x66,0xD9,0xCD,0x31,0x00,0xDC,0xAF,0x33,
        0x19,0xD9,0xB6,0x9B,0x2D,0x1B,0x68,0x33,0xC3,0x61,0x59,0x82,0xE4,0x87,0xA6,0xE8,
        0xB0,0xDA,0x39,0xC6,0xBC,0x69,0x17,0x0C,0x17,0x11,0x7F,0x57,0xE8,0x46,0xBA,0xBD,
        0x89,0x4B,0x15,0x66,0xDE,0x59,0x37,0xB3,0xE2,0x53,0x47,0x38,0x97,0xC3,0x17,0x52,
        0x9D,0x89,0xE1,0x79,0x75,0xBA,0x76,0x05,0x79,0xFB,0xAC,0x6E,0x40,0x0F,0x4A,0x99,
        0x64,0x24,0x03,0xEA,0x29,0x62,0x01,0x87,0x11,0x49,0xEB,0x98,0xB9,0x4F,0x6A,0xE3,
        0x74,0x06,0x61,0x30,0xC9,0x04,0x53,0xA8,0xF7,0x6C,0xCD,0x74,0x78,0x66,0x1A,0x73,
        0xF9,0x07,0xF9,0x79,0x78,0xC0,0x1B,0x27,0xBD,0x33,0x96,0x40,0x31,0xA9,0xB2,0x40,
        0xB0,0x58,0x2B,0x8F,0x49,0x11,0x7B,0xDD,0x17,0xD2,0xF3,0xB6,0x1A,0x7C,0xF1,0x9C,
        0x01,0x38,0x23,0x3D,0xB5,0x8B,0x22,0x3E,0xE2,0xD2,0x0A,0xCF,0x55,0xD2,0x52,0x5D,
        0x5A,0x01,0xF1,0xF6,0xE3,0xB7,0xB3,0xCB,0x0C,0x26,0x70,0x38,0x18,0x69,0x62,0x46,
        0xA6,0xC7,0x58,0x2A,0xC6,0xD2,0xF4,0x84,0xE8,0xB0,0x8F,0xD8,0x40,0x5F,0x4C,0x33,
        0x66,0x41,0xA2,0x72,0x5A,0x55,0xC1,0xC3,0x0A,0xDD,0xD2,0xEF,0x94,0x52,0x56,0xD1,
        0xF3,0xA4,0x54,0x17,0xE1,0x53,0x58,0x61,0xE7,0xE8,0xFB,0x1E,0xBD,0x20,0x26,0x27,
        0x40,0xDC,0x9A,0xDF,0x9F,0xAA,0x51,0x1C,0xE9,0x69,0x7E,0xC1,0xFA,0x2E,0x20,0xB2,
        0x27,0xE2,0xB7,0x34,0x0B,0x12,0x2E,0x86,0xF3,0x4E,0x30,0xE1,0x48,0x50,0xF8,0x8E,
        0xAE,0x95,0x11,0xF2,0x0C,0xA8,0x43,0x7A,0x0F,0x77,0x55,0x6D,0x9C,0x71,0x85,0xA8,
        0xF8,0x26,0x40,0xB8,0x06,0xBD,0x0C,0x35,0x9B,0xD3,0x1D,0x3F,0xE9,0x78,0x4F,0xCA,
        0xC4,0x0D,0xAA,0x28,0x62,0x50,0xD8,0x74,0x77,0xB0,0x16,0xC9,0x81,0xAA,0xEB,0xFA,
        0xEF,0x27,0x99,0x2D,0x06,0x8F,0xD8,0x7F,0xB5,0x49,0x88,0xD1,0xC4,0x48,0xB3,0xF8,
        0xA5,0x93,0x4A,0xAD,0xC4,0x8C,0xC8,0xD9,0x47,0x13,0x72,0x26,0xC6,0xA5,0x39,0x25,
        0x57,0x61,0x72,0xD7,0x98,0xB8,0x21,0x89,0x7F,0x21,0x77,0xEE,0xAA,0x85,0x35,0x72,
        0x1E,0x37,0x25,0x37,0xA3,0xF6,0x8D,0xDC,0xAB,0xB9,0xDC,0x90,0x71,0x19,0x9B,0xD2,
        0x62,0xB6,0x32,0x42,0xCC,0xF8,0x9F,0x6C,0x5B,0x23,0x7E,0x4D,0x7A,0x0A,0xB8,0xAC,
        0xFE,0xE3,0x64,0x69,0xC3,0x1A,0xF3,0xB1,0x3B,0xF0,0xF2,0x6B,0xEC,0x0E,0x58,0x39,
        0x1B,0x7C,0x86,0x99,0xAA,0x0D,0x53,0x82,0xCA,0x89,0x16,0xCD,0x1A,0x97,0xAD,0xD6,
        0x05,0x24,0x7D,0xEC,0xFD,0x2F,0x49,0x94,0x33,0x2F,0x52,0x30,0xFB,0x68,0x57,0xBB,
        0x22,0xCD,0x10,0xAF,0x74,0x5E,0x30,0x01,0x44,0xA5,0x6F,0x1B,0x08,0x21,0x13,0x2C,
        0x84,0x2F,0xC9,0x3C,0x10,0x18,0xF4,0xDB,0x84,0xBC,0x02,0x8A,0xA7,0xD6,0xB0,0x5D,
        0x9F,0x38,0x19,0xDB,0xD5,0x1E,0x05,0xB9,0x94,0xF1,0xC9,0xFE,0x04,0x1F,0x86,0xEF,
        0xD2,0xF9,0x46,0xE0,0x14,0x58,0x0D,0x25,0x1E,0x70,0xC8,0x94,0xCB,0xD6,0x67,0xCF,
        0x81,0x1A,0xEF,0x5D,0xB4,0x2F,0x96,0x36,0xEF,0x5D,0x47,0x1E,0x80,0x5F,0x6A,0x13,
        0xDF,0x17,0x24,0xED,0x37,0x4C,0x1B,0xA8,0xCA,0xA8,0xE4,0x30,0x58,0x7D,0x7B,0x24,
        0x8E,0x16,0x5F,0x09,0x36,0x5E,0x92,0x59,0x92,0x87,0xA6,0xEF,0xF9,0xCA,0x54,0x3D,
        0xE4,0xA8,0x48,0xD6,0xCE,0x6C,0x91,0x18,0x3D,0xE2,0x92,0xDE,0x3B,0x2C,0xE2,0xA3,
        0x68,0xB6,0x47,0x9E,0xBD,0x53,0x89,0x1E,0xEB,0x23,0xD2,0x61,0x01,0xB9,0x0D,0x1B,
        0x9A,0xF0,0xA3,0xCD,0x2B,0x5B,0xF8,0x2A,0x4C,0x20,0x29,0xBD,0xAA,0xFA,0x36,0x5C,
        0xCA,0x20,0xBD,0xA5,0x6C,0x7C,0x4A,0x93,0x32,0x2F,0x6D,0x74,0x25,0x3F,0x46,0xB0,
        0x13,0x89,0xAD,0xEB,0xEA,0x8E,0xF3,0xD6,0x80,0x00,0x25,0xC2,0xDB,0x49,0x7D,0x77,
        0x0F,0xB3,0x97,0x34,0xFE,0x57,0x55,0xC7,0x41,0xB5,0xB9,0xFC,0xDF,0x46,0x7E,0xCE,
        0x47,0x5E,0x9A,0x62,0x29,0x4A,0xA4,0x20,0x8F,0x42,0xDE,0xB8,0x29,0x3E,0xE3,0x7B,
        0xB4,0x63,0x47,0x06,0x1F,0xC6,0xEF,0x1F,0x7B,0xE0,0x46,0xB6,0xAB,0x36,0x3A,0xC0,
        0xD0,0x88,0x9A,0x09,0x4C,0x22,0x72,0x69,0x92,0xDA,0x97,0x33,0x0C,0x74,0x11,0xD7,
        0xC3,0xE7,0xEC,0x82,0xC6,0x94,0x15,0x43,0x62,0x45,0xBA,0xE2,0xB3,0x1A,0x02,0x16,
        0x48,0xED,0xD0,0x83,0x04,0x55,0x45,0xE0,0x47,0x65,0x34,0x1C,0x06,0xFA,0x0D,0x9A,
        0xC9,0x7A,0x89,0x2B,0x29,0x7E,0xEA,0x2E,0x2E,0x9D,0xEC,0x0A,0xC7,0xA6,0x2B,0xFE,
        0xB0,0x59,0x48,0x1A,0xD7,0xD4,0xC0,0xE2,0x38,0xE4,0x6E,0xB2,0xA2,0x8E,0x70,0x26,
        0x5C,0x8B,0xD8,0x6D,0x30,0xF8,0xA9,0x53,0x5F,0x46,0x54,0x48,0xC2,0xEE,0xB9,0x5D,
        0x0C,0x71,0xF4,0x33,0xFF,0x79,0x23,0xF0,0x37,0x19,0xCD,0x12,0xCD,0xDA,0x79,0xDC,
        0xEE,0xBE,0x1F,0x91,0x7A,0x1C,0x72,0x81,0x00,0x63,0xD3,0x90,0x8F,0x05,0x39,0x3F,
        0xE8,0xC2,0x1C,0xA3,0x73,0x40,0xD6,0xE5,0x95,0x32,0x48,0x02,0x42,0x01,0xCC,0x59,
        0xE5,0x0A,0x27,0xE1,0x46,0x9F,0xEA,0xB4,0x86,0x89,0xD6,0xA9,0xE8,0x52,0xB9,0x5F,
        0xF7,0xD0,0x6F,0x36,0xB3,0x85,0xBE,0xF6,0x6A,0xD0,0xD8,0x97,0x3A,0x72,0x9D,0x66,
        0xF6,0x58,0x96,0x1B,0x58,0x31,0x8F,0x3F,0x0C,0x64,0x61,0x1E,0x72,0x56,0x7D,0x92,
        0x25,0x00,0xD3,0xC9,0x0A,0x42,0x29,0x01,0xE4,0x29,0x94,0xBD,0xB1,0xD6,0x66,0x1F,
        0x72,0xC4,0xAF,0xB5,0x5B,0xE7,0xC3,0x48,0x79,0x12,0x9C,0x10,0xAE,0x5A,0x34,0xE8,
        0x4C,0xE9,0x64,0x9C,0x99,0xF4,0xDA,0xF3,0xB3,0xAD,0xFD,0xFF,0x5F,0xFC,0xAD,0x59,
        0xB5,0x3C,0xB8,0x43,0x97,0x88,0x2A,0xE7,0xCB,0x20,0xEF,0xA3,0x2F,0x1E,0x87,0x3E,
        0x41,0x40,0xC9,0x03,0xB1,0x44,0xB9,0x9A,0x3E,0xD6,0xB1,0x9E,0x45,0x4F,0x13,0x05,
        0x9F,0x13,0x5E,0x22,0x7D,0xD5,0x51,0x8E,0x02,0x10,0x6F,0xC1,0x40,0x2F,0x0D,0xE8,
        0x3B,0x9D,0x7C,0xE1,0x15,0x32,0x82,0x45,0xC9,0x7C,0xFE,0x07,0xBC,0xB7,0x58,0x0C,
        0x01,0x6E,0x15,0x03,0x20,0xCF,0x31,0x33,0x45,0x40,0xC4,0x89,0xCA,0xCD,0xDD,0x9D,
        0x9C,0x52,0x41,0x33,0x66,0x16,0x9A,0x2A,0x44,0x55,0x2F,0xCC,0x5F,0x51,0xC1,0xB9,
        0x7D,0x2C,0x2C,0x02,0xCF,0x2C,0xF4,0x21,0x7B,0xCF,0x27,0xCF,0x39,0xCB,0x33,0xE1,
        0x9D,0x9B,0xA1,0xF3,0x9B,0xAD,0xAF,0x2C,0x56,0x9F,0xFE,0x89,0xA6,0xB4,0xED,0x35,
        0x59,0x6B,0x76,0xE7,0xB2,0x98,0x16,0x0E,0x62,0xB1,0xD1,0x3E,0x70,0x4A,0x17,0xF3,
        0x51,0xBC,0x8D,0x5A,0xDB,0x7E,0x34,0xC5,0xE1,0xF5,0x16,0xF6,0xB2,0x70,0x1D,0xAC,
        0x3E,0xFD,0x11,0xB5,0xF6,0xDF,0xB9,0xD6,0x92,0x47,0xED,0xD3,0x4A,0x01,0xEB,0x91,
        0x04,0xCA,0xF1,0x4A,0xA9,0x55,0x0F,0xFE,0xEB,0x7D,0xBC,0xE6,0x3E,0x88,0x66,0xDE,
        0xC6,0x0F,0x67,0x79,0xFF,0x1C,0x4D,0xF8,0x5B,0x32,0x31,0x80,0xA9,0xBB,0xA4,0xC9,
        0x4A,0x5E,0xCA,0xAE,0xDE,0xFA,0xF5,0x85,0x8B,0x10,0xB2,0x07,0x61,0x25,0x8D,0x38,
        0x3D,0xE7,0xDE,0x45,0x7D,0x9A,0x9F,0x3D,0xB6,0xA9,0x6C,0x41,0xA3,0x41,0x63,0xC8,
        0xC7,0x82,0xE2,0x64,0x30,0x38,0x2F,0x3C,0xF8,0x39,0xFA,0x51,0xC1,0x45,0xDB,0x7E,
        0xFE,0x90,0xCB,0xCB,0x62,0x2E,0x45,0x30,0xDF,0x8C,0x89,0x9B,0x35,0xF6,0x50,0x12,
        0xD0,0xC2,0xB9,0x36,0x34,0x5F,0x41,0x84,0xE1,0xBC,0xCE,0xB0,0xBB,0x45,0x06,0xA5,
        0x4F,0x4C,0x2B,0x54,0xC3,0xBF,0xA1,0xD2,0xFE,0xF1,0x93,0xB7,0x0C,0xB5,0x14,0xD5,
        0xB4,0x52,0x58,0x56,0x66,0x26,0x03,0xF6,0x86,0x66,0xA8,0xAE,0x28,0xCF,0xB7,0x7A,
        0xBB,0xB3,0x2B,0xFB,0xAA,0xA4,0x93,0xC7,0xD1,0x67,0x3D,0x4C,0xEF,0x90,0xEE,0xBF,
        0x48,0xFD,0xB5,0x47,0xB2,0xC8,0x5C,0x61,0x70,0x6F,0x2F,0x0A,0xAA,0x8C,0x88,0xF6,
        0xBF,0x59,0xDC,0xF0,0xD3,0xB7,0xBB,0xB0,0x2C,0x34,0xAB,0x58,0x21,0x35,0x9D,0xCF,
        0xDC,0xA4,0x8B,0x7B,0xB8,0x44,0x39,0x1D,0xF9,0x22,0xBA,0xFB,0x14,0x5C,0xF1,0xA4,
        0x4D,0x40,0x36,0x78,0x8C,0x2E,0x70,0x79,0xB6,0x1C,0x79,0x29,0x50,0x6B,0xB7,0xA7,
        0xFE,0xBD,0xC2,0xFB,0xA3,0xD4,0xA1,0xB6,0xF7,0x4C,0x07,0xE5,0xA2,0xD4,0x4F,0x8E,
        0x8D,0x49,0xE3,0x00,0xCA,0x49,0x6C,0x56,0xAD,0x6E,0xE9,0x35,0x42,0x29,0xF4,0xEF,
        0x7F,0x14,0x31,0x04,0xDD,0xB3,0x73,0xFC,0xF7,0xA8,0x95,0xD8,0x39,0x7B,0x61,0xB8,
        0xFD,0x89,0xD3,0x48,0x32,0x3E,0x3C,0xF9,0xE3,0xC2,0xEB,0xF2,0x99,0x0D,0xA7,0xAD,
        0x13,0xCC,0xA3,0x7C,0xD5,0x3A,0x03,0xFA,0x9C,0xAF,0xDA,0xE6,0x46,0x93,0xD9,0x7A,
        0x16,0xF9,0x55,0xB1,0x90,0x50,0x8A,0x72,0x2C,0xAE,0x4F,0x60,0x12,0xF3,0x82,0xB5,
        0x13,0x64,0xA6,0x0E,0xA0,0x8F,0x59,0x63,0x7A,0x02,0x88,0xD5,0x57,0x9B,0xB2,0x5F,
        0xCC,0xDC,0x5D,0x03,0x0F,0x6C,0xCB,0x24,0xA2,0x84,0x7D,0x3D,0xB9,0xE0,0xF3,0xF2,
        0x8D,0x90,0x82,0xBB,0xD3,0x2A,0xFD,0x47,0x10,0xA9,0xEA,0xC5,0x59,0x52,0x9C,0xB4,
        0xEC,0x50,0x99,0xB4,0xDB,0xFA,0xFC,0xA0,0xF9,0xC1,0xC3,0x7B,0x49,0xD0,0x29,0xE4,
        0x1F,0x39,0x50,0x33,0x84,0x8F,0x96,0x3B,0xE7,0xFE,0x41,0x0A,0x4E,0xEA,0x4F,0xF0,
        0xCE,0x19,0x34,0x5C,0xBB,0xBF,0x95,0x94,0x26,0x61,0x5E,0x29,0x3D,0x2B,0xC7,0xA8,
        0xB2,0x02,0x73,0xC5,0xF5,0x8D,0x04,0x26,0x4C,0x77,0xC7,0xFD,0x8B,0xA9,0x6F,0x02,
        0xA2,0x8F,0xC4,0x9F,0xF4,0xA6,0x55,0x88,0xEB,0x55,0x88,0x32,0x24,0xC2,0x82,0x4D,
        0xBA,0x68,0x16,0xF7,0xDD,0xD3,0x83,0x8E,0x50,0x5B,0xA4,0xB6,0xFE,0x49,0x0C,0xD3,
        0x02,0x4B,0xB3,0x52,0x8F,0xF5,0xCD,0xA7,0xE3,0x41,0x63,0xA5,0xFE,0xF7,0xDF,0x7F,
        0xEF,0x9D,0x68,0x20,0x89,0xB3,0xA0,0xF7,0x75,0xA4,0x52,0xE3,0x88,0x81,0x13,0x9F,
        0x24,0x1C,0x5A,0xB6,0x63,0x70,0x11,0x1F,0x65,0xBC,0xCD,0x7C,0x48,0x79,0xC7,0x32,
        0x0D,0x6F,0x90,0x20,0x26,0xA2,0xD9,0x49,0x3D,0xDD,0x3D,0xB9,0xCA,0x33,0x74,0x76,
        0x21,0xC0,0x34,0xD6,0xD5,0x38,0x9B,0xA2,0x61,0x26,0x99,0x58,0x2A,0xBB,0xB0,0xFD,
        0xF5,0x5E,0x92,0x15,0x49,0x08,0x00,0x8B,0x01,0x0E,0xFB,0x2F,0x81,0xD5,0xE7,0xC0,
        0xC4,0x54,0x16,0xD1,0xE0,0x00,0x03,0x91,0x14,0x39,0x69,0x48,0x2F,0xA0,0x15,0x76,
        0xA2,0xD8,0xE6,0x3F,0x66,0xA8,0xFA,0x15,0x0F,0x41,0x35,0x20,0x66,0xF1,0xE1,0xCD,
        0x9D,0x0D,0xE2,0x96,0xBF,0xCD,0x56,0xBD,0x4D,0x33,0x05,0x7D,0x7E,0x09,0x2E,0x46,
        0x80,0x4C,0xEE,0x08,0xB9,0xF1,0x11,0x6D,0x98,0xBC,0xC7,0xA4,0x67,0xEB,0xBD,0x22,
        0x25,0xA6,0x1F,0x15,0xE6,0xB3,0xF7,0x00,0x2A,0x7A,0x13,0xC6,0x9F,0xAD,0x03,0x0F,
        0xF0,0xAB,0xCF,0x3F,0xCF,0x15,0xDB,0x84,0x70,0x04,0xD4,0x94,0xD5,0x96,0x4B,0x69,
        0x92,0x30,0xD2,0xA9,0x5D,0x79,0x52,0xE3,0xD8,0x9C,0x2C,0x62,0x49,0xDF,0x9E,0xC1,
        0x4E,0x37,0x72,0x4B,0x71,0x2A,0x70,0x9A,0xCF,0x06,0x16,0x12,0x7E,0x6D,0x78,0x78,
        0xB5,0x24,0xC2,0xB6,0x0C,0xB0,0x57,0x6A,0xDB,0xD0,0x1B,0x75,0x1F,0xAA,0x41,0xF5,
        0xC7,0x2A,0xD0,0xE1,0x98,0x2A,0x5B,0x66,0x63,0x2B,0x52,0x5B,0x61,0x8C,0x8C,0x91,
        0x0F,0x87,0x9E,0x86,0x4C,0x38,0x08,0xDC,0x85,0x98,0xDE,0xB5,0xBB,0x37,0x28,0xF0,
        0x82,0xCA,0xBE,0xFE,0xD3,0x09,0x98,0x8E,0x8B,0xFE,0x6E,0x20,0x7C,0x31,0x75,0x06,
        0x4E,0x75,0x81,0x32,0xA7,0x79,0xA3,0x1C,0x29,0x33,0x0B,0x35,0x58,0x16,0x00,0xD0,
        0x9A,0xE5,0x66,0xAF,0x37,0x84,0xE1,0xAB,0x2F,0xF8,0x9E,0x6B,0x32,0xFE,0x62,0x85,
        0x8B,0x2E,0x7E,0xB1,0xDD,0xAE,0x17,0x1B,0x3F,0x5F,0x58,0x18,0x50,0x29,0x60,0x27,
        0xFF,0x60,0xDA,0xF5,0x11,0x1A,0x56,0x85,0xB2,0x46,0x94,0xD7,0x47,0x02,0x60,0x32,
        0x0C,0x39,0xB0,0x54,0x71,0x73,0x66,0x7F,0x57,0x21,0xF9,0xC8,0x80,0x3C,0x1C,0x07,
        0x7C,0x22,0x2B,0x5D,0x9E,0x07,0x36,0xD1,0xB4,0xCD,0xF1,0x6D,0x88,0xDE,0x85,0xEA,
        0xFC,0x5C,0x48,0xD4,0xF6,0x76,0xC4,0x00,0xA6,0x64,0x74,0xAF,0xE5,0xDE,0xBB,0xB6,
        0x3C,0xD9,0x3B,0xA8,0xE7,0xD9,0xFF,0x59,0x87,0x9B,0x72,0xF3,0x92,0x27,0xE2,0x5C,
        0xD6,0xF9,0x39,0xD9,0x2C,0xA5,0xD1,0x8C,0xAE,0xEA,0x44,0xAA,0x78,0x65,0xAD,0x5A,
        0x7C,0xF8,0x7C,0xC9,0x61,0xCF,0xE8,0x88,0xE3,0xD7,0xA9,0x3D,0xA9,0xD8,0xFD,0xFE,
        0x6C,0x0B,0x89,0x15,0xBE,0xD1,0xC4,0xAF,0xA8,0x16,0x6A,0xC3,0x32,0x63,0xBD,0xFF,
        0xA3,0x28,0xDA,0xD1,0x4F,0x5D,0x3D,0x54,0xAA,0x41,0xFF,0xFA,0xAF,0x6E,0x4E,0x05,
        0x52,0x01,0x23,0xE4,0xFB,0x89,0xFE,0x51,0xE8,0xCE,0xD8,0xDC,0x51,0x70,0x39,0x5B,
        0x4C,0x8A,0xE5,0x61,0xD2,0xA3,0xD5,0xF5,0x33,0xD3,0x87,0x1A,0xED,0x5C,0x35,0xAD,
        0xD6,0xCC,0xB5,0x2B,0x0C,0x1C,0x45,0x75,0x71,0xF7,0x08,0x77,0x28,0xEB,0x35,0x37,
        0x7A,0x12,0x70,0x92,0x69,0xF7,0xC4,0xCA,0x70,0x4A,0x44,0x63,0x90,0xA3,0xCF,0x94,
        0xCB,0x1D,0x69,0xA0,0xC2,0x3D,0xDE,0x01,0x97,0xDE,0x1D,0xB5,0x00,0x93,0x73,0xA1,
        0x6C,0x80,0x64,0x2D,0x83,0xBA,0xE7,0x3F,0x83,0x1A,0x04,0x55,0x99,0xA0,0xF1,0xAA,
        0x23,0x53,0x23,0xB4,0xC7,0xB3,0x98,0xEE,0xCA,0xE1,0xB0,0xB8,0xAC,0x58,0xC3,0x55,
        0x46,0xE1,0xF5,0xE5,0x0C,0x6C,0xAE,0x9A,0x2D,0xBA,0x99,0x47,0xE5,0x28,0x43,0xAA,
        0x7E,0x1F,0x72,0x6A,0xE9,0xBD,0x03,0xB6,0x70,0xC4,0x26,0x6C,0x4C,0x79,0x57,0x32,
        0x17,0xD0,0x38,0x21,0x02,0x4B,0x2E,0x8D,0x9F,0xE6,0x2B,0xD1,0xED,0x2D,0xEC,0xF0,
        0x6F,0x18,0x42,0x05,0x3B,0xA4,0x14,0x94,0x43,0x60,0xF2,0x81,0xA3,0xE8,0x93,0x5B,
        0xB3,0xBE,0xEF,0x01,0x1C,0x66,0xA7,0x92,0x0C,0xF5,0xFD,0x59,0x5C,0xC8,0x88,0xE7,
        0x76,0xD4,0x66,0xBE,0x70,0x77,0x3A,0xA9,0x8C,0xD5,0xA4,0xE9,0xF5,0xE4,0x56,0x61,
        0x2B,0xBA,0x47,0x27,0xFE,0x93,0x65,0xD2,0x66,0xF0,0x6B,0x61,0x54,0x59,0xF4,0xF0,
        0xAA,0xA8,0xB2,0x2F,0x89,0xCE,0x3F,0xDD,0xD4,0x50,0xEE,0x5F,0xE2,0xE6,0x4A,0xE9,
        0x93,0x91,0x4A,0xA3,0xAA,0x57,0x69,0x4C,0xF9,0x88,0x92,0x68,0x54,0xD6,0x5D,0x6F,
        0x77,0xE8,0xCD,0xF0,0xD1,0xB6,0xD0,0xE3,0x24,0x51,0x16,0xE1,0x13,0x2A,0x0E,0x60,
        0xB9,0x9A,0x8F,0x96,0x86,0xEA,0x5C,0x02,0xE5,0x4D,0x69,0x26,0x8A,0x08,0xCB,0xC4,
        0xDA,0x04,0xD0,0x0E,0x23,0xDA,0x9A,0xD9,0x4E,0x9C,0x47,0x7F,0xE6,0xCB,0x60,0xEB,
        0xD3,0x14,0x2E,0xA2,0x8E,0x5B,0xB2,0xAC,0x5B,0xEC,0x47,0x6E,0xFA,0xDC,0xBC,0x8B,
        0x68,0x30,0x43,0xEF,0x69,0xA6,0xF3,0x09,0xE6,0xD5,0x70,0x6C,0x5E,0x9B,0x4A,0xBB,
        0xF5,0x1F,0x6D,0x0C,0xF2,0x3B,0x7B,0xAF,0xC9,0x00,0x6D,0xDA,0x50,0x03,0xE9,0x93,
        0x19,0xDC,0x73,0x6E,0x6D,0x3F,0xFD,0x31,0xBB,0x53,0x61,0x34,0x50,0x1F,0x52,0x93,
        0x94,0x9B,0xAE,0xBE,0xEB,0x05,0x76,0x6E,0x9E,0x0A,0xFD,0xF5,0xE1,0x56,0x8B,0x67,
        0x64,0x31,0xC7,0xDF,0xC6,0x4B,0x91,0x53,0x04,0xC9,0x74,0x50,0xF3,0xFD,0x9D,0xE1,
        0xB5,0x20,0x10,0x0D,0xC9,0xFA,0xDC,0x5C,0xB9,0x56,0x48,0x6B,0x3A,0x7B,0x0F,0x42,
        0x0E,0x53,0x57,0xA1,0xB9,0xF5,0x47,0xF7,0xB6,0x0E,0xF4,0x49,0x34,0x83,0x42,0xAC,
        0x69,0xD7,0xAC,0xED,0x66,0xCA,0xA9,0x8C,0xEF,0xB5,0x42,0x68,0x55,0x5A,0x65,0x2B,
        0xB9,0x98,0x6D,0x91,0xB6,0x10,0x8B,0x4C,0xC3,0x93,0x5E,0x92,0xF6,0x5C,0x7B,0xD2,
        0x9E,0x1C,0xE9,0x8C,0x54,0x8B,0x7B,0xA2,0x5B,0xC4,0x2C,0x1D,0x6B,0xC1,0xDA,0x53,
        0x4C,0x13,0xD6,0xC7,0xEB,0x03,0x24,0xC2,0x31,0x10,0x07,0x9D,0xDF,0x30,0xAB,0xBD,
        0x2E,0x72,0x7A,0x3F,0x40,0x9A,0x0A,0x9B,0x10,0xCA,0x5E,0x8A,0x89,0x9B,0xA7,0x1A,
        0xC5,0x71,0x3F,0x71,0x6B,0x6B,0xE3,0xA8,0x5A,0x11,0x3A,0xB0,0xE0,0x24,0xEE,0x50,
        0x18,0x8A,0x00,0xBE,0x26,0x14,0xFC,0xB0,0x65,0x07,0x01,0x20,0x73,0x5D,0x0B,0x92,
        0x56,0x6A,0x1F,0x10,0x3C,0x74,0x69,0x16,0x20,0x0D,0xC2,0x95,0xFB,0xD8,0x39,0x65,
        0x36,0x9D,0x8F,0x06,0x6C,0x4D,0x72,0x13,0x6F,0x5F,0x70,0x85,0xB9,0x1E,0x6A,0x03,
        0x20,0x6F,0x98,0xA2,0x69,0x3F,0xC7,0x4B,0x75,0x0D,0x92,0x05,0x66,0x7C,0x7B,0x0E,
        0x3B,0xE7,0x1C,0xE8,0xC9,0x61,0x60,0xD8,0x88,0x26,0xE4,0xDC,0x88,0xDD,0x29,0xDE,
        0xBC,0xD6,0xF3,0x16,0xF1,0x91,0x18,0x55,0x49,0x8B,0xD9,0x2E,0x14,0x4F,0x4C,0x04,
        0x20,0x00,0xD8,0xA9,0xAF,0x1C,0x09,0xEB,0x42,0x63,0x90,0x6C,0xFE,0x77,0xDC,0x8C,
        0x80,0x78,0x83,0xC7,0x00,0xC9,0xF7,0x83,0x10,0x24,0x1F,0x7A,0xCD,0x72,0xC8,0x5A,
        0x71,0x77,0xB2,0x67,0x9A,0xA3,0x51,0xDD,0xA3,0x1D,0x21,0x9C,0xAF,0x8B,0xF9,0xCB,
        0x34,0x66,0x26,0x1E,0x7E,0x64,0x18,0xFD,0x61,0x98,0xA0,0x4B,0x03,0x20,0xC0,0x1C,
        0x93,0x8B,0x97,0x34,0x08,0x05,0xFF,0xA8,0x56,0xB3,0xF9,0x8D,0xA9,0x60,0x94,0x0C,
        0xA6,0x7C,0x26,0xB0,0x14,0xFD,0x8E,0x84,0xF0,0x0E,0x72,0x07,0xEF,0x57,0xFB,0x17,
        0xA9,0x87,0x1E,0x13,0xF5,0x8A,0x31,0x1A,0x7A,0x0E,0xE2,0x7A,0x1A,0x80,0xD3,0xF5,
        0x70,0x9D,0x2A,0x81,0x25,0x4F,0x54,0xFC,0x9E,0x04,0x5F,0x39,0x02,0x23,0x4C,0x84,
        0x5F,0xA2,0xC7,0xA4,0xAD,0x93,0x51,0x71,0x9C,0x86,0x78,0xAA,0xD2,0xB6,0xF7,0xA5,
        0xA1,0x86,0xA4,0xFE,0xF4,0x4D,0xB9,0x9F,0x0F,0x52,0x2E,0x8D,0xD5,0x5B,0x41,0x73,
        0x62,0xBE,0x73,0xA8,0xF7,0xB1,0x2B,0x10,0x9F,0xC0,0x18,0xBA,0xAF,0x9A,0xC2,0xED,
        0xCC,0xD1,0x7C,0x61,0xBF,0x7E,0x86,0xAD,0x52,0x74,0x68,0xA0,0xF9,0x85,0x61,0x9D,
        0x3A,0x33,0x8B,0x96,0x40,0x59,0x13,0xBC,0x48,0x3A,0x10,0xD7,0x0D,0x07,0x9F,0x1F,
        0x4C,0xCD,0xB9,0xC2,0xDB,0x9E,0xBF,0x0A,0xB8,0x90,0x2E,0xD1,0x39,0x0F,0x78,0x78,
        0xD7,0x00,0x20,0x2B,0x77,0x20,0x2C,0xA0,0x7A,0xD7,0xFB,0x7E,0xCC,0xBF,0xD3,0x70,
        0xE5,0x4B,0xD1,0x30,0xDC,0xCD,0x83,0x95,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x20,0x73,0x6F,0x6D,0x65,0x20,0x63,0x61,0x66,0x66,0x65,0x69,0x6E,0x65,0x20,0x74,
        0x6F,0x20,0x73,0x6F,0x6C,0x76,0x65,0x20,0x69,0x74,0x21,0x59,0x6F,0x75,0x20,0x6E,
        0x65,0x65,0x64,0x20,0x73,0x6F,0x6D,0x65,0x20,0x63,0x61,0x66,0x66,0x65,0x69,0x6E,
        0x65,0x20,0x74,0x6F,0x20,0x73,0x6F,0x6C,0x76,0x65,0x20,0x69,0x74,0x21,0x59,0x6F
    }; //这个数组从409240开始
    
    int main()
    {
        
    
        DWORD eax = 0xf19714bb, edx = 0xe43f955c;
        
        /*DWORD eax = 0xe3a91d54, edx = 0xf9536d3a;*/
        DWORD dword_409240 = *(DWORD*)&arr[0];
        DWORD dword_409244 = *(DWORD*)&arr[4];
        DWORD esi = 0;
    
        eax ^= dword_409244;
        edx ^= dword_409240;
    
        DWORD temp = 0;
        for (int i = 0; i < 16; ++i)
        {
            //交换eax,edx
            temp = eax;
            eax = edx;
            edx = temp;
    
            esi = *(DWORD*)&arr[0x409688 - 0x409240 + BYTE2(eax) * 4] +
                *(DWORD*)&arr[0x409288 - 0x409240 + BYTE1(eax) * 4];
    
            esi = (esi ^ (*(DWORD*)&arr[0x409a88 - 0x409240 + BYTE3(eax) * 4])) +
                *(DWORD*)&arr[0x409e88 - 0x409240 + BYTE4(eax) * 4];   //被优先级坑了一把,+的优先级高于^
    
            edx ^= esi;
            eax ^= *(DWORD*)&arr[0x409248 - 0x409240 + i * 4];
    
        }
        printf("%08X %08X", eax, edx);
    
        //c648553b d3c9ddbd
    
        //3b5548c6  bdddc9d3
    
        //1DE02A18 DB379C4A
    
        //182ae01d 4a9c37db
    
        //182ae01d 4a9c37db
    
        // 0x41 0x42 0x43 0x44 0x45  0X46
        //  A    B    C    D    E      F
    
        //31 38 32 41 45 30 31 44     34 41 39 43 33 37 44 42
    
        //31 44 45 30 32 41 31 38     44 42 33 37 39 43 34 41
    
    
        return 0;
    }
    
    
    #endif
          //  eax         edx         esi
    // 1    16cb9d01     25582a19   123d8026
    // 2    
  • 相关阅读:
    Mysql命令大全
    查看LINUX进程内存占用情况
    PHP内存溢出 Allowed memory size of 解决办法
    Selenium--->环境配置
    自定义一个web框架
    django 使用记录
    javascript
    paramiko 及堡垒机初步接触
    python 操作 redis
    python rabbitmq
  • 原文地址:https://www.cnblogs.com/cqubsj/p/6617777.html
Copyright © 2011-2022 走看看