160个练手CrackMe-034
来源:互联网 发布:matlab 二维矩阵赋值 编辑:程序博客网 时间:2024/06/07 16:18
1、无壳
FileKey类型
2、OD载入
00401016 |. 6A 00 push 0x0 ; /hTemplateFile = NULL00401018 |. 68 80000000 push 0x80 ; |Attributes = NORMAL0040101D |. 6A 03 push 0x3 ; |Mode = OPEN_EXISTING0040101F |. 6A 00 push 0x0 ; |pSecurity = NULL00401021 |. 6A 03 push 0x3 ; |ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE00401023 |. 68 000000C0 push 0xC0000000 ; |Access = GENERIC_READ|GENERIC_WRITE00401028 |. 68 D7204000 push Cruehead.004020D7 ; |CRACKME3.KEY0040102D |. E8 76040000 call <jmp.&KERNEL32.CreateFileA> ; \CreateFileA00401032 |. 83F8 FF cmp eax,-0x100401035 |. 75 0C jnz XCruehead.0040104300401037 |> 68 0E214000 push Cruehead.0040210E ; CrackMe v3.00040103C |. E8 B4020000 call Cruehead.004012F5 ; " - Uncracked"00401041 |. EB 6B jmp XCruehead.004010AE00401043 |> A3 F5204000 mov dword ptr ds:[0x4020F5],eax ; 文件句柄00401048 |. B8 12000000 mov eax,0x120040104D |. BB 08204000 mov ebx,Cruehead.00402008 ; ASCII " opqr"00401052 |. 6A 00 push 0x0 ; /pOverlapped = NULL00401054 |. 68 A0214000 push Cruehead.004021A0 ; |pBytesRead = Cruehead.004021A000401059 |. 50 push eax ; |BytesToRead => 12 (18.)0040105A |. 53 push ebx ; |Buffer => Cruehead.004020080040105B |. FF35 F5204000 push dword ptr ds:[0x4020F5] ; |hFile = 000001E800401061 |. E8 30040000 call <jmp.&KERNEL32.ReadFile> ; \ReadFile00401066 |. 833D A0214000>cmp dword ptr ds:[0x4021A0],0x12 ; 读取长度 0x120040106D |.^ 75 C8 jnz XCruehead.004010370040106F |. 68 08204000 push Cruehead.00402008 ; 00401074 |. E8 98020000 call Cruehead.00401311 ; 处理函数 100401079 |. 8135 F9204000>xor dword ptr ds:[0x4020F9],0x1234567800401083 |. 83C4 04 add esp,0x400401086 |. 68 08204000 push Cruehead.00402008 ; 0040108B |. E8 AC020000 call Cruehead.0040133C ; 处理函数 200401090 |. 83C4 04 add esp,0x400401093 |. 3B05 F9204000 cmp eax,dword ptr ds:[0x4020F9] ; 比较00401099 |. 0F94C0 sete al0040109C |. 50 push eax0040109D |. 84C0 test al,al0040109F |.^ 74 96 je XCruehead.00401037 ; 跳向失败
call 00401311()处理Serial前14位得到一个值,和Serial的后4位比较,相同成功,不相同失败;
原型:
int call_00401311(char *serial){ int sum = 0; for(int i = 0; i < 0xE; i++){ serial[i] ^= 0x41 + i; sum += serial[i]; if(serial[i] == 0) break; } return sum ^ 0x12345678;}if(call_00401311(serial) == *(int *)(serial + 14)) "Y";else "N";
3、注册机
int call_00401311(char *serial){ int sum = 0; for(int i = 0; i < 0xE; i++){ serial[i] ^= 0x41 + i; sum += serial[i]; if(serial[i] == 0) break; } return sum ^ 0x12345678;}int main(){ FILE *fp; char serial[15]; int ret; cout << "Please enter a string with a length of 14:" << endl; cin >> serial; fp = fopen("CRACKME3.KEY", "wb+"); fwrite(serial, 0x0E, 1, fp); fflush(fp); ret = call_00401311(serial); fwrite(&ret, 0x04, 1, fp);// cout << hex << ret; return 0;}
阅读全文
0 0
- 160个练手CrackMe-034
- 160个练手CrackMe-001
- 160个练手CrackMe-002
- 160个练手CrackMe-003
- 160个练手CrackMe-004
- 160个练手CrackMe-005
- 160个练手CrackMe-006
- 160个练手CrackMe-007
- 160个练手CrackMe-008
- 160个练手CrackMe-009
- 160个练手CrackMe-010
- 160个练手CrackMe-011
- 160个练手CrackMe-012
- 160个练手CrackMe-013
- 160个练手CrackMe-014
- 160个练手CrackMe-015
- 160个练手CrackMe-016
- 160个练手CrackMe-017
- 还没传播出去的网站内链seo建设优化大全
- 记录ViewPage+Fragment嵌套ViewPage+Fragment滑动时内部嵌套卡顿的问题和实现Fragment的懒加载
- 华硕笔记本进PE之前的设置
- MySQL数据库的优化详解
- centos7 jenkins无网络搭建(包括插件安装 个人用)
- 160个练手CrackMe-034
- openstack报错The request you have made requires authentication. (HTTP 401)
- Hibernate的学习之路二十五(cascade和inverse的区别)
- 基于R语言的用户征信行为分类预测模型搭建总结
- C语言 inf和nan
- android studio 发布项目的流程
- Linux下清空缓冲区的方法
- 滚动的文字
- 酷比魔方 iwork10旗舰版恢复出厂设置遇到的问题