TitanRain
15-07-08, 10:19 PM
1. Bảo mật cho web
Hàm trống hack SQL injection: Lọc toàn bộ các ký tự đặc biệt trước khi chèn vào câu lệnh truy vấn
private function formatInput(byval str)
str = replace(str, "'", "", 1, -1, 1)
str = replace(str, "-", "", 1, -1, 1)
str = replace(str,"""", "", 1, -1, 1)
str = replace(str, "<", "<", 1, -1, 1)
str = replace(str, ">", ">", 1, -1, 1)
str = replace(str, "[", "[", 1, -1, 1)
str = replace(str, "]", "]", 1, -1, 1)
str = replace(str, "=", "", 1, -1, 1)
str = replace(str, "select", "select", 1, -1, 1)
str = replace(str, "join", "join", 1, -1, 1)
str = replace(str, "union", "union", 1, -1, 1)
str = replace(str, "where", "where", 1, -1, 1)
str = replace(str, "insert", "insert", 1, -1, 1)
str = replace(str, "delete", "delete", 1, -1, 1)
str = replace(str, "update", "update", 1, -1, 1)
str = replace(str, "like", "like", 1, -1, 1)
str = replace(str, "drop", "drop", 1, -1, 1)
str = replace(str, "create", "create", 1, -1, 1)
str = replace(str, "modify", "modify", 1, -1, 1)
str = replace(str, "rename", "rename", 1, -1, 1)
str = replace(str, "alter", "alter", 1, -1, 1)
str = replace(str, "cast", "cast", 1, -1, 1)
str = replace(str, chr(34), """, 1, -1, 1)
formatInput = str
end function
Ví dụ minh họa bằng trang Login.htm
<html>
<head>
<meta <b><font color=red>[Chỉ có thành viên mới xem link được. <a href="register.php"> Nhấp đây để đăng ký thành viên......</a>]</font></b>"Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>
<body>
<form action="Login.asp" method="get">
Username: <input type="text" name="UserName" id="UserName" size="16" maxlength="16" />
Password: <input type="password" name="Password" id="Password" size="16" maxlength="16" />
<input type="submit" value="Login" />
</form>
</body>
</html>
1 phần code trang Login.asp
<%
private function formatInput(byval str)
str = replace(str, "'", "", 1, -1, 1)
str = replace(str, "-", "", 1, -1, 1)
str = replace(str,"""", "", 1, -1, 1)
str = replace(str, "<", "<", 1, -1, 1)
str = replace(str, ">", ">", 1, -1, 1)
str = replace(str, "[", "[", 1, -1, 1)
str = replace(str, "]", "]", 1, -1, 1)
str = replace(str, "=", "", 1, -1, 1)
str = replace(str, "select", "select", 1, -1, 1)
str = replace(str, "join", "join", 1, -1, 1)
str = replace(str, "union", "union", 1, -1, 1)
str = replace(str, "where", "where", 1, -1, 1)
str = replace(str, "insert", "insert", 1, -1, 1)
str = replace(str, "delete", "delete", 1, -1, 1)
str = replace(str, "update", "update", 1, -1, 1)
str = replace(str, "like", "like", 1, -1, 1)
str = replace(str, "drop", "drop", 1, -1, 1)
str = replace(str, "create", "create", 1, -1, 1)
str = replace(str, "modify", "modify", 1, -1, 1)
str = replace(str, "rename", "rename", 1, -1, 1)
str = replace(str, "alter", "alter", 1, -1, 1)
str = replace(str, "cast", "cast", 1, -1, 1)
str = replace(str, chr(34), """, 1, -1, 1)
formatInput = str
end function
strUserName = formatInput(Trim(Mid(Request.QueryString("UserName"), 1, 10)))
strPassWord = formatInput(Trim(Mid(Request.QueryString("PassWord"), 1, 16)))
Response.write("Wellcome:"& strUserName)
%>
Giả định kịch bản đăng nhập
1. Người dùng duyệt trang login.htm để đăng nhập
2. Truy vấn được gửi đến trang login.asp để xử lý
3. Tại trang login.asp UserName và Pasword đã được "lọc" thông qua hàm formatInput
2. Mã hóa mã nguồn web khi đặt trên host với Window Script Encoder:
<b><font color=red>[Chỉ có thành viên mới xem link được. <a href="register.php"> Nhấp đây để đăng ký thành viên......</a>]</font></b>
3. Ví dụ 1 trang ranking sử dụng .xml để lưu thông tin nhân vật và tự động cập nhật mỗi giờ
<b><font color=red>[Chỉ có thành viên mới xem link được. <a href="register.php"> Nhấp đây để đăng ký thành viên......</a>]</font></b>
TitanRain
15-07-08, 10:31 PM
2. Mã hóa mật khẩu trong quá trình truyền trên mạng
a. Giả định tình huống:
Có nhiều trang web không hề mã hóa thông tin người dùng khi họ đăng nhập, tên tài khoản và password được gửi ở dạng thô đến máy chủ.
Nếu ai đó ở trong cùng mạng với user và sử dụng các chương trình chặn các gói tin đi qua router (xin phép ko nói tên chương trình - cái này mình có được trong bộ đĩa CCNA)
b. Giải quyết vấn đề mật khẩu thô
- Phải mã hóa mật khẩu trước khi có bất kỳ sự truyền thông nào qua mạng.
Tôi xin trình bày 1 giải pháp đó là: Mã hoá mật khẩu ngay tại browser
và tôi sử dụng javascript để làm điều này:
Bên dưới là hàm mã hóa MD5 viết bằng javascript
var MD5=function (string){function RotateLeft(lValue, iShiftBits){return (lValue<<iShiftBits) | (lValue>>>(32-iShiftBits))};function AddUnsigned(lX,lY){var lX4,lY4,lX8,lY8,lResult;lX8=(lX & 0x80000000);lY8=(lY & 0x80000000);lX4=(lX & 0x40000000);lY4=(lY & 0x40000000);lResult=(lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);if(lX4 & lY4){return (lResult ^ 0x80000000 ^ lX8 ^ lY8)};if(lX4 | lY4){if(lResult & 0x40000000){return (lResult ^ 0xC0000000 ^ lX8 ^ lY8)}else{return (lResult ^ 0x40000000 ^ lX8 ^ lY8)}}else{return (lResult ^ lX8 ^ lY8)};};function F(x,y,z){return (x & y) | ((~x) & z)};function G(x,y,z){return (x & z) | (y & (~z))};function H(x,y,z){return (x ^ y ^ z)};function I(x,y,z){return (y ^ (x | (~z)))};function FF(a,b,c,d,x,s,ac){a=AddUnsigned(a, AddUnsigned(AddUnsigned(F(b, c, d), x), ac));return AddUnsigned(RotateLeft(a, s), b)};function GG(a,b,c,d,x,s,ac){a=AddUnsigned(a, AddUnsigned(AddUnsigned(G(b, c, d), x), ac));return AddUnsigned(RotateLeft(a, s), b)};function HH(a,b,c,d,x,s,ac){a=AddUnsigned(a, AddUnsigned(AddUnsigned(H(b, c, d), x), ac));return AddUnsigned(RotateLeft(a, s), b)};function II(a,b,c,d,x,s,ac){a=AddUnsigned(a, AddUnsigned(AddUnsigned(I(b, c, d), x), ac));return AddUnsigned(RotateLeft(a, s), b)};function ConvertToWordArray(string){var lWordCount;var lMessageLength=string.length;var lNumberOfWords_temp1=lMessageLength + 8;var lNumberOfWords_temp2=(lNumberOfWords_temp1-(lNumberOfWords_temp1 % 64))/64;var lNumberOfWords=(lNumberOfWords_temp2+1)*16;var lWordArray=Array(lNumberOfWords-1);var lBytePosition=0;var lByteCount=0;while (lByteCount<lMessageLength){lWordCount=(lByteCount-(lByteCount % 4))/4;lBytePosition=(lByteCount % 4)*8;lWordArray[lWordCount]=(lWordArray[lWordCount] | (string.charCodeAt(lByteCount)<<lBytePosition));lByteCount++};lWordCount=(lByteCou nt-(lByteCount % 4))/4;lBytePosition=(lByteCount % 4)*8;lWordArray[lWordCount]=lWordArray[lWordCount] | (0x80<<lBytePosition);lWordArray[lNumberOfWords-2]=lMessageLength<<3;lWordArray[lNumberOfWords-1]=lMessageLength>>>29;return lWordArray};function WordToHex(lValue){var WordToHexValue="",WordToHexValue_temp="",lByte,lCount;for(lCount=0;lCount<=3;lCount++){lByte=(lValue>>>(lCount*8)) & 255;WordToHexValue_temp="0" + lByte.toString(16);WordToHexValue=WordToHexValue + WordToHexValue_temp.substr(WordToHexValue_temp.len gth-2,2)};return WordToHexValue};function Utf8Encode(string){string=string.replace(/\r\n/g,"\n");var utftext="";for (var n=0;n<string.length;n++){var c=string.charCodeAt(n);if(c<128){utftext += String.fromCharCode(c)}else{if((c>127) && (c<2048)){utftext += String.fromCharCode((c >> 6) | 192);utftext += String.fromCharCode((c & 63) | 128)}else{utftext += String.fromCharCode((c >> 12) | 224);utftext += String.fromCharCode(((c >> 6) & 63) | 128);utftext += String.fromCharCode((c & 63) | 128)}}};return utftext};var x=Array();var k,AA,BB,CC,DD,a,b,c,d;var S11=7, S12=12, S13=17, S14=22;var S21=5, S22=9 , S23=14, S24=20;var S31=4, S32=11, S33=16, S34=23;var S41=6, S42=10, S43=15, S44=21;string=Utf8Encode(string);x=ConvertToWordAr ray(string);a=0x67452301;b=0xEFCDAB89;c=0x98BADCFE ;d=0x10325476;for(k=0;k<x.length;k+=16){AA=a;BB=b;CC=c;DD=d;a=FF(a,b,c,d,x[k+0], S11,0xD76AA478);d=FF(d,a,b,c,x[k+1], S12,0xE8C7B756);c=FF(c,d,a,b,x[k+2], S13,0x242070DB);b=FF(b,c,d,a,x[k+3], S14,0xC1BDCEEE);a=FF(a,b,c,d,x[k+4], S11,0xF57C0FAF);d=FF(d,a,b,c,x[k+5], S12,0x4787C62A);c=FF(c,d,a,b,x[k+6], S13,0xA8304613);b=FF(b,c,d,a,x[k+7], S14,0xFD469501);a=FF(a,b,c,d,x[k+8], S11,0x698098D8);d=FF(d,a,b,c,x[k+9], S12,0x8B44F7AF);c=FF(c,d,a,b,x[k+10],S13,0xFFFF5BB1);b=FF(b,c,d,a,x[k+11],S14,0x895CD7BE);a=FF(a,b,c,d,x[k+12],S11,0x6B901122);d=FF(d,a,b,c,x[k+13],S12,0xFD987193);c=FF(c,d,a,b,x[k+14],S13,0xA679438E);b=FF(b,c,d,a,x[k+15],S14,0x49B40821);a=GG(a,b,c,d,x[k+1], S21,0xF61E2562);d=GG(d,a,b,c,x[k+6], S22,0xC040B340);c=GG(c,d,a,b,x[k+11],S23,0x265E5A51);b=GG(b,c,d,a,x[k+0], S24,0xE9B6C7AA);a=GG(a,b,c,d,x[k+5], S21,0xD62F105D);d=GG(d,a,b,c,x[k+10],S22,0x2441453);c=GG(c,d,a,b,x[k+15],S23,0xD8A1E681);b=GG(b,c,d,a,x[k+4], S24,0xE7D3FBC8);a=GG(a,b,c,d,x[k+9], S21,0x21E1CDE6);d=GG(d,a,b,c,x[k+14],S22,0xC33707D6);c=GG(c,d,a,b,x[k+3], S23,0xF4D50D87);b=GG(b,c,d,a,x[k+8], S24,0x455A14ED);a=GG(a,b,c,d,x[k+13],S21,0xA9E3E905);d=GG(d,a,b,c,x[k+2], S22,0xFCEFA3F8);c=GG(c,d,a,b,x[k+7], S23,0x676F02D9);b=GG(b,c,d,a,x[k+12],S24,0x8D2A4C8A);a=HH(a,b,c,d,x[k+5], S31,0xFFFA3942);d=HH(d,a,b,c,x[k+8], S32,0x8771F681);c=HH(c,d,a,b,x[k+11],S33,0x6D9D6122);b=HH(b,c,d,a,x[k+14],S34,0xFDE5380C);a=HH(a,b,c,d,x[k+1], S31,0xA4BEEA44);d=HH(d,a,b,c,x[k+4], S32,0x4BDECFA9);c=HH(c,d,a,b,x[k+7], S33,0xF6BB4B60);b=HH(b,c,d,a,x[k+10],S34,0xBEBFBC70);a=HH(a,b,c,d,x[k+13],S31,0x289B7EC6);d=HH(d,a,b,c,x[k+0], S32,0xEAA127FA);c=HH(c,d,a,b,x[k+3], S33,0xD4EF3085);b=HH(b,c,d,a,x[k+6], S34,0x4881D05);a=HH(a,b,c,d,x[k+9], S31,0xD9D4D039);d=HH(d,a,b,c,x[k+12],S32,0xE6DB99E5);c=HH(c,d,a,b,x[k+15],S33,0x1FA27CF8);b=HH(b,c,d,a,x[k+2], S34,0xC4AC5665);a=II(a,b,c,d,x[k+0], S41,0xF4292244);d=II(d,a,b,c,x[k+7], S42,0x432AFF97);c=II(c,d,a,b,x[k+14],S43,0xAB9423A7);b=II(b,c,d,a,x[k+5], S44,0xFC93A039);a=II(a,b,c,d,x[k+12],S41,0x655B59C3);d=II(d,a,b,c,x[k+3], S42,0x8F0CCC92);c=II(c,d,a,b,x[k+10],S43,0xFFEFF47D);b=II(b,c,d,a,x[k+1], S44,0x85845DD1);a=II(a,b,c,d,x[k+8], S41,0x6FA87E4F);d=II(d,a,b,c,x[k+15],S42,0xFE2CE6E0);c=II(c,d,a,b,x[k+6], S43,0xA3014314);b=II(b,c,d,a,x[k+13],S44,0x4E0811A1);a=II(a,b,c,d,x[k+4], S41,0xF7537E82);d=II(d,a,b,c,x[k+11],S42,0xBD3AF235);c=II(c,d,a,b,x[k+2], S43,0x2AD7D2BB);b=II(b,c,d,a,x[k+9], S44,0xEB86D391);a=AddUnsigned(a,AA);b=AddUnsigned( b,BB);c=AddUnsigned(c,CC);d=AddUnsigned(d,DD)};var temp=WordToHex(a)+WordToHex(b)+WordToHex(c)+WordTo Hex(d);return temp.toLowerCase()};
Có thể bạn sẽ hỏi: Mật khẩu đã mã hóa hash 1 way thì làm sao để so sánh với mật khẩu trong database?
- Cách giải quyết 1: Mật khẩu trong database cũng ở dạng đã mã hóa MD5
(Nhưng tôi ko sử dụng cách này vì tôi ko sử dụng JoinServer có MD5)
- Cách giải quyết 2: Lấy mật khẩu trong database vẫn ở dạng nguyên thủy đem mã hóa MD5 rồi so sánh với chuỗi mật khẩu đã mã hóa.
Để làm điều này chúng ta cần có thêm hàm mã hóa MD5 phía máy chủ web.
Ở đây tôi sử dụng hàm MD5 viết bằng Vbscript
<%
Private Const BITS_TO_A_BYTE=8
Private Const BYTES_TO_A_WORD=4
Private Const BITS_TO_A_WORD=32
Private m_lOnBits(30)
Private m_l2Power(30)
m_lOnBits(0)=CLng(1)
m_lOnBits(1)=CLng(3)
m_lOnBits(2)=CLng(7)
m_lOnBits(3)=CLng(15)
m_lOnBits(4)=CLng(31)
m_lOnBits(5)=CLng(63)
m_lOnBits(6)=CLng(127)
m_lOnBits(7)=CLng(255)
m_lOnBits(8)=CLng(511)
m_lOnBits(9)=CLng(1023)
m_lOnBits(10)=CLng(2047)
m_lOnBits(11)=CLng(4095)
m_lOnBits(12)=CLng(8191)
m_lOnBits(13)=CLng(16383)
m_lOnBits(14)=CLng(32767)
m_lOnBits(15)=CLng(65535)
m_lOnBits(16)=CLng(131071)
m_lOnBits(17)=CLng(262143)
m_lOnBits(18)=CLng(524287)
m_lOnBits(19)=CLng(1048575)
m_lOnBits(20)=CLng(2097151)
m_lOnBits(21)=CLng(4194303)
m_lOnBits(22)=CLng(8388607)
m_lOnBits(23)=CLng(16777215)
m_lOnBits(24)=CLng(33554431)
m_lOnBits(25)=CLng(67108863)
m_lOnBits(26)=CLng(134217727)
m_lOnBits(27)=CLng(268435455)
m_lOnBits(28)=CLng(536870911)
m_lOnBits(29)=CLng(1073741823)
m_lOnBits(30)=CLng(2147483647)
m_l2Power(0)=CLng(1)
m_l2Power(1)=CLng(2)
m_l2Power(2)=CLng(4)
m_l2Power(3)=CLng(8)
m_l2Power(4)=CLng(16)
m_l2Power(5)=CLng(32)
m_l2Power(6)=CLng(64)
m_l2Power(7)=CLng(128)
m_l2Power(8)=CLng(256)
m_l2Power(9)=CLng(512)
m_l2Power(10)=CLng(1024)
m_l2Power(11)=CLng(2048)
m_l2Power(12)=CLng(4096)
m_l2Power(13)=CLng(8192)
m_l2Power(14)=CLng(16384)
m_l2Power(15)=CLng(32768)
m_l2Power(16)=CLng(65536)
m_l2Power(17)=CLng(131072)
m_l2Power(18)=CLng(262144)
m_l2Power(19)=CLng(524288)
m_l2Power(20)=CLng(1048576)
m_l2Power(21)=CLng(2097152)
m_l2Power(22)=CLng(4194304)
m_l2Power(23)=CLng(8388608)
m_l2Power(24)=CLng(16777216)
m_l2Power(25)=CLng(33554432)
m_l2Power(26)=CLng(67108864)
m_l2Power(27)=CLng(134217728)
m_l2Power(28)=CLng(268435456)
m_l2Power(29)=CLng(536870912)
m_l2Power(30)=CLng(1073741824)
Private Function LShift(lValue,iShiftBits)
If iShiftBits=0 Then
LShift=lValue
Exit Function
ElseIf iShiftBits=31 Then
If lValue And 1 Then
LShift=&H80000000
Else
LShift=0
End If
Exit Function
ElseIf iShiftBits<0 Or iShiftBits>31 Then
Err.Raise 6
End If
If (lValue And m_l2Power(31-iShiftBits)) Then
LShift=((lValue And m_lOnBits(31-(iShiftBits+1)))*m_l2Power(iShiftBits)) Or &H80000000
Else
LShift=((lValue And m_lOnBits(31-iShiftBits))*m_l2Power(iShiftBits))
End If
End Function
Private Function RShift(lValue,iShiftBits)
If iShiftBits=0 Then
RShift=lValue
Exit Function
ElseIf iShiftBits=31 Then
If lValue And &H80000000 Then
RShift=1
Else
RShift=0
End If
Exit Function
ElseIf iShiftBits<0 Or iShiftBits>31 Then
Err.Raise 6
End If
RShift=(lValue And &H7FFFFFFE)\m_l2Power(iShiftBits)
If (lValue And &H80000000) Then
RShift=(RShift Or (&H40000000\m_l2Power(iShiftBits-1)))
End If
End Function
Private Function RotateLeft(lValue,iShiftBits)
RotateLeft=LShift(lValue,iShiftBits) Or RShift(lValue,(32-iShiftBits))
End Function
Private Function AddUnsigned(lX,lY)
Dim lX4
Dim lY4
Dim lX8
Dim lY8
Dim lResult
lX8=lX And &H80000000
lY8=lY And &H80000000
lX4=lX And &H40000000
lY4=lY And &H40000000
lResult=(lX And &H3FFFFFFF)+(lY And &H3FFFFFFF)
If lX4 And lY4 Then
lResult=lResult Xor &H80000000 Xor lX8 Xor lY8
ElseIf lX4 Or lY4 Then
If lResult And &H40000000 Then
lResult=lResult Xor &HC0000000 Xor lX8 Xor lY8
Else
lResult=lResult Xor &H40000000 Xor lX8 Xor lY8
End If
Else
lResult=lResult Xor lX8 Xor lY8
End If
AddUnsigned=lResult
End Function
Private Function F(x,y,z)
F=(x And y) Or ((Not x) And z)
End Function
Private Function G(x,y,z)
G=(x And z) Or (y And (Not z))
End Function
Private Function H(x,y,z)
H=(x Xor y Xor z)
End Function
Private Function I(x,y,z)
I=(y Xor (x Or (Not z)))
End Function
Private Sub FF(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(F(b,c,d),x ),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
Private Sub GG(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(G(b,c,d),x ),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
Private Sub HH(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(H(b,c,d),x ),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
Private Sub II(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(I(b,c,d),x ),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
Private Function ConvertToWordArray(sMessage)
Dim lMessageLength
Dim lNumberOfWords
Dim lWordArray()
Dim lBytePosition
Dim lByteCount
Dim lWordCount
Dim lByteValue ' need these variables to handle byte value and input argument type
Dim lMessageType
Const MODULUS_BITS=512
Const CONGRUENT_BITS=448
lMessageType=Vartype(sMessage)
Select Case lMessageType ' strings or Variant Byte Arrays: nothing else!
Case 8 : lMessageLength=Len(sMessage)
Case 8209 : lMessageLength=LenB(sMessage)
Case Else Err.Raise -1,"MD5","Unknown Type passed to MD5 function"
End Select
lNumberOfWords=(((lMessageLength+((MODULUS_BITS-CONGRUENT_BITS)\BITS_TO_A_BYTE))\(MODULUS_BITS\BIT S_TO_A_BYTE))+1)*(MODULUS_BITS\BITS_TO_A_WORD)
ReDim lWordArray(lNumberOfWords-1)
lBytePosition=0
lByteCount=0
Do Until lByteCount >=lMessageLength
lWordCount=lByteCount\BYTES_TO_A_WORD
lBytePosition=(lByteCount Mod BYTES_TO_A_WORD)*BITS_TO_A_BYTE
Select Case lMessageType ' get the next byte value
Case 8 : lByteValue = Asc (Mid (sMessage,lByteCount+1,1))
Case 8209 : lByteValue = AscB(MidB(sMessage,lByteCount+1,1))
End Select
lWordArray(lWordCount)=lWordArray(lWordCount) Or LShift(lByteValue,lBytePosition)
lByteCount=lByteCount+1
Loop
lWordCount=lByteCount\BYTES_TO_A_WORD
lBytePosition=(lByteCount Mod BYTES_TO_A_WORD)*BITS_TO_A_BYTE
lWordArray(lWordCount)=lWordArray(lWordCount) Or LShift(&H80,lBytePosition)
lWordArray(lNumberOfWords-2)=LShift(lMessageLength,3)
lWordArray(lNumberOfWords-1)=RShift(lMessageLength,29)
ConvertToWordArray=lWordArray
End Function
Private Function WordToHex(lValue)
Dim lByte
Dim lCount
For lCount=0 To 3
lByte=RShift(lValue,lCount*BITS_TO_A_BYTE) And m_lOnBits(BITS_TO_A_BYTE-1)
WordToHex=WordToHex & Right("0" & Hex(lByte),2)
Next
End Function
Public Function MD5(sMessage)
Dim x
Dim k
Dim AA
Dim BB
Dim CC
Dim DD
Dim a
Dim b
Dim c
Dim d
Const S11=7
Const S12=12
Const S13=17
Const S14=22
Const S21=5
Const S22=9
Const S23=14
Const S24=20
Const S31=4
Const S32=11
Const S33=16
Const S34=23
Const S41=6
Const S42=10
Const S43=15
Const S44=21
x=ConvertToWordArray(sMessage)
a=&H67452301
b=&HEFCDAB89
c=&H98BADCFE
d=&H10325476
For k=0 To UBound(x) Step 16
AA=a
BB=b
CC=c
DD=d
FF a,b,c,d,x(k+0),S11,&HD76AA478
FF d,a,b,c,x(k+1),S12,&HE8C7B756
FF c,d,a,b,x(k+2),S13,&H242070DB
FF b,c,d,a,x(k+3),S14,&HC1BDCEEE
FF a,b,c,d,x(k+4),S11,&HF57C0FAF
FF d,a,b,c,x(k+5),S12,&H4787C62A
FF c,d,a,b,x(k+6),S13,&HA8304613
FF b,c,d,a,x(k+7),S14,&HFD469501
FF a,b,c,d,x(k+8),S11,&H698098D8
FF d,a,b,c,x(k+9),S12,&H8B44F7AF
FF c,d,a,b,x(k+10),S13,&HFFFF5BB1
FF b,c,d,a,x(k+11),S14,&H895CD7BE
FF a,b,c,d,x(k+12),S11,&H6B901122
FF d,a,b,c,x(k+13),S12,&HFD987193
FF c,d,a,b,x(k+14),S13,&HA679438E
FF b,c,d,a,x(k+15),S14,&H49B40821
GG a,b,c,d,x(k+1),S21,&HF61E2562
GG d,a,b,c,x(k+6),S22,&HC040B340
GG c,d,a,b,x(k+11),S23,&H265E5A51
GG b,c,d,a,x(k+0),S24,&HE9B6C7AA
GG a,b,c,d,x(k+5),S21,&HD62F105D
GG d,a,b,c,x(k+10),S22,&H2441453
GG c,d,a,b,x(k+15),S23,&HD8A1E681
GG b,c,d,a,x(k+4),S24,&HE7D3FBC8
GG a,b,c,d,x(k+9),S21,&H21E1CDE6
GG d,a,b,c,x(k+14),S22,&HC33707D6
GG c,d,a,b,x(k+3),S23,&HF4D50D87
GG b,c,d,a,x(k+8),S24,&H455A14ED
GG a,b,c,d,x(k+13),S21,&HA9E3E905
GG d,a,b,c,x(k+2),S22,&HFCEFA3F8
GG c,d,a,b,x(k+7),S23,&H676F02D9
GG b,c,d,a,x(k+12),S24,&H8D2A4C8A
HH a,b,c,d,x(k+5),S31,&HFFFA3942
HH d,a,b,c,x(k+8),S32,&H8771F681
HH c,d,a,b,x(k+11),S33,&H6D9D6122
HH b,c,d,a,x(k+14),S34,&HFDE5380C
HH a,b,c,d,x(k+1),S31,&HA4BEEA44
HH d,a,b,c,x(k+4),S32,&H4BDECFA9
HH c,d,a,b,x(k+7),S33,&HF6BB4B60
HH b,c,d,a,x(k+10),S34,&HBEBFBC70
HH a,b,c,d,x(k+13),S31,&H289B7EC6
HH d,a,b,c,x(k+0),S32,&HEAA127FA
HH c,d,a,b,x(k+3),S33,&HD4EF3085
HH b,c,d,a,x(k+6),S34,&H4881D05
HH a,b,c,d,x(k+9),S31,&HD9D4D039
HH d,a,b,c,x(k+12),S32,&HE6DB99E5
HH c,d,a,b,x(k+15),S33,&H1FA27CF8
HH b,c,d,a,x(k+2),S34,&HC4AC5665
II a,b,c,d,x(k+0),S41,&HF4292244
II d,a,b,c,x(k+7),S42,&H432AFF97
II c,d,a,b,x(k+14),S43,&HAB9423A7
II b,c,d,a,x(k+5),S44,&HFC93A039
II a,b,c,d,x(k+12),S41,&H655B59C3
II d,a,b,c,x(k+3),S42,&H8F0CCC92
II c,d,a,b,x(k+10),S43,&HFFEFF47D
II b,c,d,a,x(k+1),S44,&H85845DD1
II a,b,c,d,x(k+8),S41,&H6FA87E4F
II d,a,b,c,x(k+15),S42,&HFE2CE6E0
II c,d,a,b,x(k+6),S43,&HA3014314
II b,c,d,a,x(k+13),S44,&H4E0811A1
II a,b,c,d,x(k+4),S41,&HF7537E82
II d,a,b,c,x(k+11),S42,&HBD3AF235
II c,d,a,b,x(k+2),S43,&H2AD7D2BB
II b,c,d,a,x(k+9),S44,&HEB86D391
a=AddUnsigned(a,AA)
b=AddUnsigned(b,BB)
c=AddUnsigned(c,CC)
d=AddUnsigned(d,DD)
Next
MD5=LCase(WordToHex(a) & WordToHex(b) & WordToHex(c) & WordToHex(d))
End Function
%>
Powered by vBulletin® Version 4.2.0 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.