160cracked-1
来源:互联网 发布:vr反畸变算法 编辑:程序博客网 时间:2024/05/22 16:57
serial/name 突破
输入test/test1234
停留在MessageBox判断错误页面上 看栈回溯 找到用户态代码下的 MessageBox处下断 找到关键call
0042FAE0 |. BA 05000000 mov edx,0x50042FAE5 |. E8 C23EFDFF call Acid_bur.004039AC0042FAEA |. 8D55 F0 lea edx,[local.4]0042FAED |. 8B83 E0010000 mov eax,dword ptr ds:[ebx+0x1E0]0042FAF3 |. E8 60AFFEFF call Acid_bur.0041AA580042FAF8 |. 8B55 F0 mov edx,[local.4]0042FAFB |. 8B45 F4 mov eax,[local.3]0042FAFE |. E8 F93EFDFF call Acid_bur.004039FC ; 关键call 字符串比较 决定是否通过 要返回00042FB03 |. 75 1A jnz short Acid_bur.0042FB1F0042FB05 |. 6A 00 push 0x00042FB07 |. B9 CCFB4200 mov ecx,Acid_bur.0042FBCC ; ASCII "Congratz !!"0042FB0C |. BA D8FB4200 mov edx,Acid_bur.0042FBD8 ; ASCII "Good job dude =)"0042FB11 |. A1 480A4300 mov eax,dword ptr ds:[0x430A48]0042FB16 |. 8B00 mov eax,dword ptr ds:[eax]观察关键call时 寄存器状态EAX 013FA528 ASCII "CW-9512-CRACKED"EDX 013FA544 ASCII "test1234"显然此时真正的序列号已经出来了 此call为字符串比较函数
回到关键call所在函数 网上找 观察 产生注册码过程
0042FA4D |. A1 6C174300 mov eax,dword ptr ds:[0x43176C]0042FA52 |. E8 D96EFDFF call Acid_bur.00406930 ; 判断serial 是否合格0042FA57 |. 83F8 04 cmp eax,0x4 ; 50042FA5A |. 7D 1D jge short Acid_bur.0042FA79 ; 这里大于等于成立0042FA5C |. 6A 00 push 0x00042FA5E |. B9 74FB4200 mov ecx,Acid_bur.0042FB74 ; ASCII "Try Again!"0042FA63 |. BA 80FB4200 mov edx,Acid_bur.0042FB80 ; ASCII "Sorry , The serial is incorect !"0042FA68 |. A1 480A4300 mov eax,dword ptr ds:[0x430A48]0042FA6D |. 8B00 mov eax,dword ptr ds:[eax]0042FA6F |. E8 FCA6FFFF call Acid_bur.0042A1700042FA74 |. E9 BE000000 jmp Acid_bur.0042FB370042FA79 |> 8D55 F0 lea edx,[local.4]0042FA7C |. 8B83 DC010000 mov eax,dword ptr ds:[ebx+0x1DC]0042FA82 |. E8 D1AFFEFF call Acid_bur.0041AA580042FA87 |. 8B45 F0 mov eax,[local.4] ; eax local.4 test的地址0042FA8A |. 0FB600 movzx eax,byte ptr ds:[eax] ; eax 第一个字母0042FA8D |. F72D 50174300 imul dword ptr ds:[0x431750] ; eax*0x290042FA93 |. A3 50174300 mov dword ptr ds:[0x431750],eax0042FA98 |. A1 50174300 mov eax,dword ptr ds:[0x431750]0042FA9D |. 0105 50174300 add dword ptr ds:[0x431750],eax ; eax+=eax 此时eax为9512 是注册码的一部分0042FAA3 |. 8D45 FC lea eax,[local.1]0042FAA6 |. BA ACFB4200 mov edx,Acid_bur.0042FBAC ; ASCII "CW"0042FAAB |. E8 583CFDFF call Acid_bur.004037080042FAB0 |. 8D45 F8 lea eax,[local.2]0042FAB3 |. BA B8FB4200 mov edx,Acid_bur.0042FBB8 ; ASCII "CRACKED"0042FAB8 |. E8 4B3CFDFF call Acid_bur.004037080042FABD |. FF75 FC push [local.1] ; Acid_bur.0042FBAC0042FAC0 |. 68 C8FB4200 push Acid_bur.0042FBC80042FAC5 |. 8D55 E8 lea edx,[local.6]0042FAC8 |. A1 50174300 mov eax,dword ptr ds:[0x431750]0042FACD |. E8 466CFDFF call Acid_bur.004067180042FAD2 |. FF75 E8 push [local.6]0042FAD5 |. 68 C8FB4200 push Acid_bur.0042FBC80042FADA |. FF75 F8 push [local.2] ; Acid_bur.0042FBB80042FADD |. 8D45 F4 lea eax,[local.3]0042FAE0 |. BA 05000000 mov edx,0x50042FAE5 |. E8 C23EFDFF call Acid_bur.004039AC0042FAEA |. 8D55 F0 lea edx,[local.4]0042FAED |. 8B83 E0010000 mov eax,dword ptr ds:[ebx+0x1E0]0042FAF3 |. E8 60AFFEFF call Acid_bur.0041AA580042FAF8 |. 8B55 F0 mov edx,[local.4]0042FAFB |. 8B45 F4 mov eax,[local.3]0042FAFE |. E8 F93EFDFF call Acid_bur.004039FC ; 关键call 字符串比较 决定是否通过 要返回00042FB03 |. 75 1A jnz short Acid_bur.0042FB1F0042FB05 |. 6A 00 push 0x00042FB07 |. B9 CCFB4200 mov ecx,Acid_bur.0042FBCC ; ASCII "Congratz !!"0042FB0C |. BA D8FB4200 mov edx,Acid_bur.0042FBD8 ; ASCII "Good job dude =)"0042FB11 |. A1 480A4300 mov eax,dword ptr ds:[0x430A48]0042FB16 |. 8B00 mov eax,dword ptr ds:[eax]0042FB18 |. E8 53A6FFFF call Acid_bur.0042A170
分析过程 写出注册机
“`
include
0 0
- 160cracked-1
- 160cracked-2
- 160cracked-4
- Cracked
- Visual CertExam Suite v3 0 1 Cracked-BLiZZARD
- parallels desktop cracked
- Nspack3.7 Cracked by linex
- [news]Vista have been cracked.
- cracked me.1. Acid burn
- Unity3D(Cracked version of Mac)
- EXCryptor v2.3.9.0 Demo Cracked
- Armadillo v4.44 Public Build Cracked
- ResScope 1.96 Final Cracked by wynney
- VBto.Converter.v2.36.Cracked-KuNgBiM
- VBto.Converter.v2.37.Cracked by KuNgBiM
- High Power Encryption 4.0 Cracked by KuNgBiM
- Xchat.v2.8.5e.Cracked-NoPE
- Game Editor 1.3.8 cracked by Flashback
- 戴尔N5110装WIN10的体验
- 【编程基础】.net程序命名规则
- Android资源文件详解
- Dubbo粗浅记录
- javascript-页面跳转-(咋个办呢-zgbn)
- 160cracked-1
- 概率论与数理统计(随机变量及概率分布)
- RabbitMQ消息应答------ack机制
- Sipdroid源码初探(一):用户注册(RegisterAgent)
- poj 1190(剪枝)
- 电脑绣花制版-仿版的过程与注意事项
- Codeforces Round #342 (Div. 2)-A. Guest From the Past
- 知识树
- 延迟渲染(Deferred Shading)