WinCrypt & CryptImportKey KeyBlob分析

逆向一个程序用到了 CryptImportKey CryptEncrypt 进行加密
导入的Key数据为

BYTE key[] = {
        0x08,
        0x02,
        0x00,0x00,
        0x01,0x66,0x00,0x00,
        0x08,0x00,0x00,0x00,
        0x23,0xE2,0x55,0x17,0x92,0x68,0x53,0x32
    };
//上面的数据实际上对应的结构为
struct keyBlob
{
	BLOBHEADER hdr;
	DWORD keySize;
	BYTE bytes[8];
} blob;
typedef struct _PUBLICKEYSTRUC {
        BYTE    bType;
        BYTE    bVersion;
        WORD    reserved;
        ALG_ID  aiKeyAlg;
} BLOBHEADER, PUBLICKEYSTRUC;

根据以上结构, 从 wincrypt.h 头文件中可查得头定义实际为

BYTE key[] = 
Read More