classical reversing

#本人修改版
# coding: utf-8
import struct
D = open("hop.exe", "rb").read()
def read(p):
    return struct.unpack("<i", D[p:p+4])[0]
offset = 0x44f491-0x4e891
start  = 0x44f491-offset
goal   = 0x4015b9-offset
E = [{start:()}]  
def print_flag(goal):
    flag=''
    p=goal
    for i in range(41,0,-1):
        t = E[i][p]
        p=t[0]
        flag += chr(t[1])                                                
    print flag[::-1]
for i in range(41):
    E += [{}]
    for p in E[i]:
        m = read(p+4)
        a = read(p+11)
        for c in range(0x20, 0x7f) if i<40 else [0]:
            t = p+read(p+m*c+a)   
            E[i+1][t]=(p, c)
print_flag(goal)

#注意这一句for c in range(0x20, 0x7f) if i<40 else [0]:可分解成下面两段代码
for i in range(40):
    E += [{}]
    for p in E[i]:
        m = read(p+4)
        a = read(p+11)
        for c in range(0x20, 0x7f):
            t = p+read(p+m*c+a)   
            E[i+1][t]=(p, c)   
E += [{}]           
for p in E[40]:
    a = read(p+11)
    t = p+read(p+a)   
    E[41][t]=(p, c)

from ctypes import c_uint64
crctable = []
untable=[]
for i in range(256):
    t = c_uint64(i)
    for _i in range(8):
        b = t.value & 0x1
        t.value = t.value >> 0x1
        if b:
            t.value ^= 0xc96c5795d7870f42
    untable.append(t.value >> 56)
    crctable.append(t.value)

def find_index(crc):
    return untable.index(crc>>56)

def crc(c,crc_):
    index=(crc_^c)&0xff
    crc_=crc_>>8
    crc_=crc_^crctable[index]
    return crc_

def uncrc(c,crc_):
    t=find_index(crc_)
    crc_^=crctable[t]
    crc_=(crc_<<8)&0xffffffffffffffff
    crc_=crc_+(t^c)
    return crc_

#what key can may us get the crc64 value 0x676F5F675F695F6C
key = '12345678'  #use key 12345678 can get 0xadab87822f5af097
init_value = '_[Hello___Welcome To Reversing.Kr]__The idea of the algorithm came out of the codeengn challenge__This algorithm very FXCK__But you can solve it!!__Impossible is Impossible_()_[]_()_[]_()_[]_()_[]_()_[]_()_[]\xe7\x51\xde\x35\xa3\x13\x90\x2e)_[]_()_[]_()_[]_()_[]_()_[]_()_[]_()_[\x00'
c = map(ord,list(init_value))
for i,v in enumerate(key):
    c[i * 0x10] = ord(v)
def crc64(init_crc):
    crc=c_uint64(init_crc)
    for ch in c:
        crc.value=crctable[(crc.value%256) ^ ch ] ^ (crc.value>>8)
        #print '%016x ' %(crc.value)   
    return crc.value
crc_=crc64(0)
print 'key:%s init_crc:%d crc64:0x%016x' %(key,0,crc_)   #c_uint64(0xadab87822f5af097)
for ch in c[::-1]:
    crc_=uncrc(ch,crc_)
print 'init_crc is %016x by uncrc' %(crc_)   

def test(ss):
    crc_=0x8144347f
    for ch in ss:
        crc_=crc(ord(ch),crc_)
    for ch in ss[::-1]:
        crc_=uncrc(ord(ch),crc_)   
    print  '0x%08x' %(crc_)           
test('ADMIN')