|
|
|
*已破*[PEDIY Crackme 竞赛 2007] [第七回] 第 3 队 – 断水流
学习各位牛牛, 57.28-26.15-21.14 pediy 58.87 158.65 -109.55 pediy 56.27-55.27-54.27-53.26-52.26-51.26-50.26-49.26-48.26-47.26-46.26-45.26-44.26-43.26-42.26-41.26-40.26-39.26-38.26-37.26-36.26-35.26-34.26-33.26-32.26-31.25-30.24-29.23-28.22-27.21-26.20-26.19-26.18-26.17-26.16-26.15-25.14-24.14-23.14-22.14-21.14 |
|
*已破*[PEDIY Crackme 竞赛 2007] [第七回] 第 3 队 – 断水流
seed里16进制形式 |
|
|
|
*已破*[PEDIY Crackme 竞赛 2007] [第六回] 第 9 队 – acafeel (队长 vxin)
2000-1272-8080-1920 |
|
|
|
*已破*[PEDIY Crackme 竞赛 2007] [第六回] 第 9 队 – acafeel (队长 vxin)
沙发................ |
|
[讨论]STARFORCE破解遐想
膜拜.... |
|
*已破* [PEDIY Crackme 竞赛 2007] [第四回] 第 2 队 - 不懂算法
也对哦,应该是找错地方了。 |
|
*已破* [PEDIY Crackme 竞赛 2007] [第四回] 第 2 队 - 不懂算法
那么方程怎么得出来的?不是注册码长度是16位吗? 00401C8E 8379 F8 10 CMP DWORD PTR DS:[ECX-8],10 00401C92 0F85 AC000000 JNZ 47F6_.00401D44 00402216 E8 95020000 CALL 47F6_.004024B0 随机生成32个数 0040221B 90 NOP 00402228 8BCE MOV ECX,ESI 0040222A E8 41FBFFFF CALL 47F6_.00401D70 //检测 0040222F 90 NOP 0040223C 8BCE MOV ECX,ESI 0040223E E8 9DFDFFFF CALL 47F6_.00401FE0 //检测 00402243 84C0 TEST AL,AL 00402245 0F84 1C020000 JE 47F6_.00402467 0040224B 8BCE MOV ECX,ESI 0040224D E8 3EFDFFFF CALL 47F6_.00401F90 //is debugger present 00402252 84C0 TEST AL,AL 00402254 90 NOP 00402267 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24] code 0040226A 33D2 XOR EDX,EDX edx=0 0040226C 83C1 0F ADD ECX,0F 0040226F C745 D8 09000000 MOV DWORD PTR SS:[EBP-28],9 a1=9 00402276 8D75 8C LEA ESI,DWORD PTR SS:[EBP-74] 00402279 894D DC MOV DWORD PTR SS:[EBP-24],ECX 0040227C 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 0040227F 8B40 F8 MOV EAX,DWORD PTR DS:[EAX-8] 00402282 83F8 10 CMP EAX,10 00402285 7C 05 JL SHORT 47F6_.0040228C 00402287 B8 10000000 MOV EAX,10 0040228C 3BD0 /CMP EDX,EAX 0040228E 0F8D C9000000 | JGE 47F6_.0040235D 00402294 90 NOP 004022A1 8B4D D0 MOV ECX,DWORD PTR SS:[EBP-30] 004022A4 0FBE040A MOVSX EAX,BYTE PTR DS:[EDX+ECX] name[edx] 004022A8 0FAF46 C0 IMUL EAX,DWORD PTR DS:[ESI-40] T32[edx] 004022AC 0FAFC2 IMUL EAX,EDX 004022AF 90 NOP 004022E3 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24] 004022E6 0FBE09 MOVSX ECX,BYTE PTR DS:[ECX] code[ecx] ecx从0xF开始递减 004022E9 0FAF0E IMUL ECX,DWORD PTR DS:[ESI] T32[16] 从16开始递增 004022EC 0FAF4D D8 IMUL ECX,DWORD PTR SS:[EBP-28] ecx*a1 004022F0 90 NOP 00402317 8D1CC5 00000000 LEA EBX,DWORD PTR DS:[EAX*8] ebx=eax*8 0040231E 8D3C8D 00000000 LEA EDI,DWORD PTR DS:[ECX*4] edi=ecx*4 00402325 2BD8 SUB EBX,EAX 00402327 03C0 ADD EAX,EAX 00402329 2BDF SUB EBX,EDI 0040232B 2BD8 SUB EBX,EAX 0040232D 03D9 ADD EBX,ECX 0040232F 8BCB MOV ECX,EBX 00402331 8B5D D4 MOV EBX,DWORD PTR SS:[EBP-2C] ebx=a2 00402334 03D9 ADD EBX,ECX ebx=ebx+ecx 00402336 895D D4 MOV DWORD PTR SS:[EBP-2C],EBX a2=ebx 00402339 90 NOP 00402346 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24] 00402349 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] a1 0040234C 42 INC EDX 0040234D 83C6 04 ADD ESI,4 00402350 49 DEC ECX 00402351 48 DEC EAX a1=a1-1 00402352 894D DC MOV DWORD PTR SS:[EBP-24],ECX 00402355 8945 D8 | MOV DWORD PTR SS:[EBP-28],EAX 00402358 ^E9 1FFFFFFF \JMP 47F6_.0040227C 0040235D 90 NOP 0040236A 33D2 XOR EDX,EDX 0040236C C645 E0 00 MOV BYTE PTR SS:[EBP-20],0 00402370 8955 E1 MOV DWORD PTR SS:[EBP-1F],EDX 00402373 8955 E5 MOV DWORD PTR SS:[EBP-1B],EDX 00402376 8955 E9 MOV DWORD PTR SS:[EBP-17],EDX 00402379 8955 ED MOV DWORD PTR SS:[EBP-13],EDX 0040237C 66:8955 F1 MOV WORD PTR SS:[EBP-F],DX 00402380 8855 F3 MOV BYTE PTR SS:[EBP-D],DL 00402383 90 NOP 00402390 8BC3 MOV EAX,EBX ebx从上面得来 00402392 99 CDQ 00402393 33C2 XOR EAX,EDX 00402395 2BC2 SUB EAX,EDX 例:eax=ebx补码=(8C90DD2)147394002 00402397 50 PUSH EAX 00402398 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20] 0040239B 68 087B4000 PUSH 47F6_.00407B08 ; %d 004023A0 50 PUSH EAX 004023A1 FF15 60524000 CALL DWORD PTR DS:[<&msvcrt.sprintf>] ; msvcrt.sprintf 004023A7 83C4 0C ADD ESP,0C 004023AA 90 NOP 004023B7 8D7D E0 LEA EDI,DWORD PTR SS:[EBP-20] 004023BA 83C9 FF OR ECX,FFFFFFFF 004023BD 33C0 XOR EAX,EAX eax=0 004023BF 33F6 XOR ESI,ESI esi=0 004023C1 F2:AE REPNE SCAS BYTE PTR ES:[EDI] 004023C3 F7D1 NOT ECX 004023C5 49 DEC ECX str="147394002" 004023C6 85C9 TEST ECX,ECX ecx=strlen(str) 004023C8 7E 3F JLE SHORT 47F6_.00402409 ebx=F736F22E 004023CA 90 NOP 004023D7 0FBE4C35 E0 /MOVSX ECX,BYTE PTR SS:[EBP+ESI-20] ecx=str[i] 004023DC 03D9 | ADD EBX,ECX 004023DE 90 NOP 004023EB 8BC3 MOV EAX,EBX 004023ED B9 12000000 MOV ECX,12 004023F2 99 CDQ 004023F3 F7F9 IDIV ECX 004023F5 8D7D E0 LEA EDI,DWORD PTR SS:[EBP-20] 004023F8 83C9 FF OR ECX,FFFFFFFF ecx=FFFFFFFF 004023FB 33C0 XOR EAX,EAX eax=0 004023FD 46 INC ESI esi++ 004023FE F2:AE REPNE SCAS BYTE PTR ES:[EDI] 00402400 F7D1 NOT ECX 00402402 49 DEC ECX 00402403 3BF1 CMP ESI,ECX ecx=strlen(str) 00402405 8BDA | MOV EBX,EDX 00402407 ^7C C1 \JL SHORT 47F6_.004023CA 00402409 90 NOP 00402416 83FB 11 CMP EBX,11 00402419 75 3D JNZ SHORT 47F6_.00402458 关键跳转,不跳则成功 你们讨论的方程哪来的?? |
|
|
|
|
|
|
|
|
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值