[求助]网络验证问题-软件逆向-看雪-安全社区|安全招聘|kanxue.com

[求助]网络验证问题

发表于: 2011-3-29 17:19 3984

[求助]网络验证问题

lxsky

2011-3-29 17:19

3984

这几天一直在尝试破解某款网络验证的软件.
破前在论坛查看过很多方法，也尝试过很多方法,可是就是没成功
本来想网络验证转本地验证的,可惜没正确的帐号密码，没办法获取正确的信息
00514500  /$  83EC 10    sub esp,0x10
00514503  |.  56          push esi
00514504  |.  8BF1       mov esi,ecx
00514506  |.  8B06       mov eax,dword ptr ds:[esi]
00514508  |.  FF90 BC000000 call dword ptr ds:[eax+0xBC]
0051450E  |.  85C0       test eax,eax
00514510  |.  74 60       je Xdumped_.00514572
00514512  |.  8B4C24 1C    mov ecx,dword ptr ss:[esp+0x1C]
00514516  |.  8B5424 18    mov edx,dword ptr ss:[esp+0x18]
0051451A  |.  51          push ecx
0051451B  |.  8D4424 08    lea eax,dword ptr ss:[esp+0x8]
0051451F  |.  52          push edx
00514520  |.  50          push eax
00514521  |.  8BCE       mov ecx,esi
00514523  |.  E8 78FDFFFF call dumped_.005142A0
00514528  |.  85C0       test eax,eax
0051452A  |.  74 46       je Xdumped_.00514572
0051452C  |.  8B56 40    mov edx,dword ptr ds:[esi+0x40]
0051452F  |.  8D4C24 04    lea ecx,dword ptr ss:[esp+0x4]
00514533  |.  6A 10       push 0x10                               ; /AddrLen = 10 (16.)
00514535  |.  51          push ecx                               ; |pSockAddr
00514536  |.  52          push edx                               ; |Socket
00514537  |.  FF15 28777900 call dword ptr ds:[<&ws2_32.connect>] ; \connect
0051453D  |.  83F8 FF    cmp eax,-0x1
00514540  |.  74 29       je Xdumped_.0051456B
00514542  |.  8B46 1C    mov eax,dword ptr ds:[esi+0x1C]
00514545  |.  8B4E 40    mov ecx,dword ptr ds:[esi+0x40]
00514548  |.  6A 21       push 0x21                               ; /Events = FD_READ|FD_CLOSE
0051454A  |.  68 78800000 push 0x8078                            ; |Msg = 8078
0051454F  |.  50          push eax                               ; |hWnd
00514550  |.  51          push ecx                               ; |Socket
00514551  |.  FF15 3C777900 call dword ptr ds:[<&ws2_32.WSAAsyncSele>; \WSAAsyncSelect
00514557  |.  83F8 FF    cmp eax,-0x1
0051455A    74 0F       je Xdumped_.0051456B
0051455C  |.  B8 01000000 mov eax,0x1
00514561  |.  8946 48    mov dword ptr ds:[esi+0x48],eax
00514564  |.  5E          pop esi
00514565  |.  83C4 10    add esp,0x10
00514568  |.  C2 0800    retn 0x8
0051456B  |>  8BCE       mov ecx,esi
0051456D  |.  E8 5EFFFFFF call dumped_.005144D0
00514572  |>  33C0       xor eax,eax
00514574  |.  5E          pop esi
00514575  |.  83C4 10    add esp,0x10
00514578  \.  C2 0800    retn 0x8
*********************************************
这上面的是连接远程服务器的代码

00402056  /$  55          push ebp
00402057  |.  8BEC       mov ebp,esp
00402059  |.  8BC1       mov eax,ecx
0040205B  |.  40          inc eax
0040205C  |.  C1E0 02    shl eax,0x2
0040205F  |.  2BE0       sub esp,eax
00402061  |.  8D3C24       lea edi,dword ptr ss:[esp]
00402064  |.  51          push ecx
00402065  |.  C745 FC 01000>mov [local.1],0x1
0040206C  |.  8D75 08    lea esi,[arg.1]
0040206F  |>  8B1E       /mov ebx,dword ptr ds:[esi]
00402071  |.  83C6 04    |add esi,0x4
00402074  |.  51          |push ecx
00402075  |.  E8 71FFFFFF |call dumped_.00401FEB
0040207A  |.  59          |pop ecx
0040207B  |.  0145 FC    |add [local.1],eax
0040207E  |.  8907       |mov dword ptr ds:[edi],eax
00402080  |.  83C7 04    |add edi,0x4
00402083  |.  49          |dec ecx
00402084  |.^ 75 E9       \jnz Xdumped_.0040206F
00402086  |.  FF75 FC    push [local.1]
00402089  |.  E8 8AE70D00 call dumped_.004E0818
0040208E  |.  83C4 04    add esp,0x4
00402091  |.  8BF8       mov edi,eax
00402093  |.  58          pop eax
00402094  |.  8D1C24       lea ebx,dword ptr ss:[esp]
00402097  |.  57          push edi
00402098  |.  8D55 08    lea edx,[arg.1]
0040209B  |>  8B0B       mov ecx,dword ptr ds:[ebx]
0040209D  |.  83C3 04    add ebx,0x4
004020A0  |.  8B32       mov esi,dword ptr ds:[edx]
004020A2  |.  83C2 04    add edx,0x4
004020A5  |.  F3:A4       rep movs byte ptr es:[edi],byte ptr ds:[>
004020A7  |.  48          dec eax
004020A8  |.^ 75 F1       jnz Xdumped_.0040209B
004020AA  |.  C607 00    mov byte ptr ds:[edi],0x0
004020AD  |.  58          pop eax
004020AE  |.  8BE5       mov esp,ebp
004020B0  |.  5D          pop ebp
004020B1  \.  C3          retn

***********************************************
这上面部分是验证登陆帐号密码的,可惜算法不太会

*************************************************
0012FC00 004D3B5F  返回到 dumped_.004D3B5F 来自 dumped_.00402056
0012FC04 005A1174  dumped_.005A1174
0012FC08 001B24B8  ASCII "111111111"    //自己输入的帐号
0012FC0C 00598A38  ASCII "
"
0012FC10 001B2428  ASCII "1111111111"  //自己输入的密码
0012FC14 00598A38  ASCII "
"
0012FC18 001B1380  ASCII "513"
0012FC1C 005A116C  ASCII "
020
"
0012FC20 001B0C80  ASCII "BFEBFBFF-000006FD-00000000-00000000"
0012FC24 00598A38  ASCII "
"
0012FC28 001B0CC8  ASCII "WDC WD3200AAJS-00L7A0-WD-WCAV22008482"
0012FC2C 00598A38  ASCII "
"
0012FC30 005936F5  dumped_.005936F5

***********************************************
这部分是堆栈信息
恳请帮忙分析一下.登陆验证那无论怎么改都出错...郁闷死了~

软件地址:http://u.115.com/file/t54a6f083f

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

#调试逆向

收藏・1

免费・0

支持