今天无聊去crackme.de下了一的最低级的crackme..想看看自己能不能看出算法.
这里 下载crackme
OK开始把.
先试用一下,错误提示"Not A correct serial"
打开OD,所有字串看一下,找到,打开引用..
如下:
0040159C |. C74424 04 9313>MOV DWORD PTR SS:[ESP+4],Crackme_.004013>; ASCII "###########################
"
004015A4 |. C70424 B075430>MOV DWORD PTR SS:[ESP],Crackme_.004375B0
004015AB |. E8 300A0300 CALL Crackme_.00431FE0
004015B0 |. C74424 04 B013>MOV DWORD PTR SS:[ESP+4],Crackme_.004013>; ASCII "# My First C++ Crackme #
"
004015B8 |. C70424 B075430>MOV DWORD PTR SS:[ESP],Crackme_.004375B0
004015BF |. E8 1C0A0300 CALL Crackme_.00431FE0
004015C4 |. C74424 04 CD13>MOV DWORD PTR SS:[ESP+4],Crackme_.004013>; ASCII "# Should be very easy 4 U!#
"
004015CC |. C70424 B075430>MOV DWORD PTR SS:[ESP],Crackme_.004375B0
004015D3 |. E8 080A0300 CALL Crackme_.00431FE0
004015D8 |. C74424 04 EA13>MOV DWORD PTR SS:[ESP+4],Crackme_.004013>; ASCII "# if not -> noobed by me #
"
004015E0 |. C70424 B075430>MOV DWORD PTR SS:[ESP],Crackme_.004375B0
004015E7 |. E8 F4090300 CALL Crackme_.00431FE0
004015EC |. C74424 04 0714>MOV DWORD PTR SS:[ESP+4],Crackme_.004014>; ASCII "# (C) by LuCiFeR #
"
004015F4 |. C70424 B075430>MOV DWORD PTR SS:[ESP],Crackme_.004375B0
004015FB |. E8 E0090300 CALL Crackme_.00431FE0
00401600 |. C74424 04 3014>MOV DWORD PTR SS:[ESP+4],Crackme_.004014>; ASCII "###########################
"
00401608 |. C70424 B075430>MOV DWORD PTR SS:[ESP],Crackme_.004375B0
0040160F |. E8 CC090300 CALL Crackme_.00431FE0
00401614 |. C74424 04 4F14>MOV DWORD PTR SS:[ESP+4],Crackme_.004014>; ASCII "Your Name: "
0040161C |. C70424 B075430>MOV DWORD PTR SS:[ESP],Crackme_.004375B0
00401623 |. E8 B8090300 CALL Crackme_.00431FE0
00401628 |. 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108]
0040162E |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX
00401632 |. C70424 1075430>MOV DWORD PTR SS:[ESP],Crackme_.00437510
00401639 |. E8 42120300 CALL Crackme_.00432880
0040163E |. C74424 04 5B14>MOV DWORD PTR SS:[ESP+4],Crackme_.004014>; ASCII "Your Serial: "
00401646 |. C70424 B075430>MOV DWORD PTR SS:[ESP],Crackme_.004375B0
0040164D |. E8 8E090300 CALL Crackme_.00431FE0
00401652 |. 8D85 F8FDFFFF LEA EAX,DWORD PTR SS:[EBP-208]
00401658 |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX
0040165C |. C70424 1075430>MOV DWORD PTR SS:[ESP],Crackme_.00437510
00401663 |. E8 18120300 CALL Crackme_.00432880
00401668 |. 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108] ; |
0040166E |. 890424 MOV DWORD PTR SS:[ESP],EAX ; |
00401671 |. E8 5AF60000 CALL <JMP.&msvcrt.strlen> ; \strlen//顾名思义啊,就是用户名的长度
00401676 |. 89C2 MOV EDX,EAX
00401678 |. 69D2 CD750800 IMUL EDX,EDX,875CD
0040167E |. B8 1F85EB51 MOV EAX,51EB851F
00401683 |. F7E2 MUL EDX
00401685 |. 89D0 MOV EAX,EDX
00401687 |. C1E8 05 SHR EAX,5
0040168A |. 69C0 90FCFFFF IMUL EAX,EAX,-370//运算完毕,以下是浮点操作
00401690 |. BA 00000000 MOV EDX,0
00401695 |. 52 PUSH EDX ; ||format => NULL
00401696 |. 50 PUSH EAX ; ||s
00401697 |. DF2C24 FILD QWORD PTR SS:[ESP] ; ||//长整扩展为浮点
0040169A |. 8D6424 08 LEA ESP,DWORD PTR SS:[ESP+8] ; ||
0040169E |. DD9D F0FBFFFF FSTP QWORD PTR SS:[EBP-410] ; ||
004016A4 |. DD85 F0FBFFFF FLD QWORD PTR SS:[EBP-410] ; ||
004016AA |. DD5C24 08 FSTP QWORD PTR SS:[ESP+8] ; ||//取扩展的数
004016AE |. C74424 04 6914>MOV DWORD PTR SS:[ESP+4],Crackme_.004014>; ||ASCII "%i-x019871"
004016B6 |. 8D85 F8FCFFFF LEA EAX,DWORD PTR SS:[EBP-308] ; ||
004016BC |. 890424 MOV DWORD PTR SS:[ESP],EAX ; ||
004016BF |. E8 FCF50000 CALL <JMP.&msvcrt.sprintf> ; |\sprintf//连接字串
004016C4 |. 8D85 F8FCFFFF LEA EAX,DWORD PTR SS:[EBP-308] ; |
004016CA |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
004016CE |. 8D85 F8FDFFFF LEA EAX,DWORD PTR SS:[EBP-208] ; |
004016D4 |. 890424 MOV DWORD PTR SS:[ESP],EAX ; |
004016D7 |. E8 D4F50000 CALL <JMP.&msvcrt.strcmp> ; \strcmp///哈哈,这里下个断就可以看到他正确注册码
004016DC |. 8985 ECFBFFFF MOV DWORD PTR SS:[EBP-414],EAX
004016E2 |. 83BD ECFBFFFF >CMP DWORD PTR SS:[EBP-414],0
004016E9 |. 74 2E JE SHORT Crackme_.00401719
004016EB |. C74424 04 9014>MOV DWORD PTR SS:[ESP+4],Crackme_.004014>; ASCII "Error :: Not a correct Serial
"
004016F3 |. C70424 B075430>MOV DWORD PTR SS:[ESP],Crackme_.004375B0
004016FA |. E8 E1080300 CALL Crackme_.00431FE0
004016FF |. C70424 AF14400>MOV DWORD PTR SS:[ESP],Crackme_.004014AF ; ||ASCII "pause"
00401706 |. E8 D5F50000 CALL <JMP.&msvcrt.system> ; |\system
0040170B |. C70424 8F13400>MOV DWORD PTR SS:[ESP],Crackme_.0040138F ; |ASCII "cls"
00401712 |. E8 C9F50000 CALL <JMP.&msvcrt.system> ; \system
00401717 |. EB 40 JMP SHORT Crackme_.00401759
00401719 |> C74424 04 B514>MOV DWORD PTR SS:[ESP+4],Crackme_.004014>; ASCII "Correct :: Good Work
"
程序很清晰..很利于菜鸟看..
我从这个学会了几个浮点指令
还有C内联汇编.对于编程和破解都有用.
如下是注册机C源码:
#include<string.h>
#include<stdio.h>
main(){
unsigned long num=0;
int len=4;
float sn;
char name[20];
printf("\tKeygen 4 Crackme v2 by LuCiFeR.exe\n\n");
printf("Please input ur name(<20 chrs):");
scanf("%s",name);
len=strlen(name);
__asm
{
MOV EDX,len
IMUL EDX,EDX,0x875CD
MOV EAX,0x51EB851F
MUL EDX
MOV EAX,EDX
SHR EAX,0x5
IMUL EAX,EAX,-0x370
MOV num,EAX//从OD直接COPY过来的,简单啊
}
sn=num;
printf("SN:%d-x019871\n",sn);
getch();
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)