我想通过RC4的强力数组值找到RC4的内部状态,但我不确定如何强制它。
#include <stdio.h>
#include <string.h>
typedef unsigned long ULONG;
void rc4_init(unsigned char *s, unsigned char *key, unsigned long Len)
{
int i = 0, j = 0;
char k[256] = { 0 };
unsigned char tmp = 0;
for (i = 0; i<256; i++) {
s[i] = i;
k[i] = key[i%Len];
}
for (i = 0; i<256; i++) {
j = (j + s[i] + k[i]) % 256;
tmp = s[i];
s[i] = s[j];
s[j] = tmp;
}
}
void rc4_crypt(unsigned char *s, unsigned char *Data, unsigned long Len)
{
int i = 0, j = 0, t = 0;
unsigned long k = 0;
unsigned char tmp;
for (k = 0; k<Len; k++) {
i = (i + 1) % 256;
j = (j + s[i]) % 256;
tmp = s[i];
s[i] = s[j];
s[j] = tmp;
t = (s[i] + s[j]) % 256;
Data[k] ^= s[t];
printf("%d\n ", Data[k] ^= s[t]); //May be I have to brute force here
}
}
int main()
{
unsigned char s[256] = { 0 }; //S-box
char key[256] = { "12345678" };
char pData[512] = "testRC4";
ULONG len = strlen(pData);
printf("key : %s\n", key);
printf("raw : %s\n", pData);
rc4_init(s, (unsigned char *)key, strlen(key));
rc4_crypt(s, (unsigned char *)pData, len);
printf("encrypt : %s\n", pData);
rc4_init(s, (unsigned char *)key, strlen(key));
rc4_crypt(s, (unsigned char *)pData, len);
printf("decrypt : %s\n", pData);
getchar();
return 0;
}
在行printf(“%d \ n”,Data [k] ^ = s [t]);显示这样的价值。
116,101,115,116,82,67,52
我不确定我是否必须强行使用此值或我必须编辑哪条线来查找强暴力以查找RC4的内部状态。请帮我。
答案 0 :(得分:0)
116,101,115,116,82,67,52是“testRC4”的ascii,即你的未加密值
由于...
,您的printf()语句实际上正在将您的数据更改回原始数据Data[t] ^= s[t]
这是一项任务,具有r值。因此,您首先更改Data [t],然后获取新值并打印它。但就在之前,您使用相同的表达式设置值。 ((N ^ Y)^ Y)== N。
将printf更改为...
printf("%d\n",Data[t]);