首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 付费问答
    3. 发新帖
[旧帖] [原创][调查]Can you keygen me? 0.00雪花
发表于: 2013-7-23 21:01 5701

[旧帖] [原创][调查]Can you keygen me? 0.00雪花

hmlky 活跃值
2013-7-23 21:01
5701

原创的一个 keygen me,纯 c 编写,代码量很少(不足 500)!
生成的 x86 程序没有加壳,没有花指令和代码混淆,没有自校验,硬软件断点可以随便加,也没有调试器检测()………………

任务就是分析出注册种子 Seed 和注册码 Key 之间的映射关系,并用 C 写出注册机源码;不允许爆破,patch()。

这个东西就是一个测试,主要就是保护程序主核心的算法用的,看看能挺多长时间(这里大牛多,可能 1 分钟都挺不住),如果满意的话,我就用它……

进来的同志帮忙都吱个声,哪管放弃了也好,都说说自己分析了多长时间()!


[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

上传的附件:
收藏
免费 5
支持
分享
最新回复 (15)
hmlky
雪    币: 65
活跃值: (60)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
2
程序很简单的,载入 IDA 分析图:


看看白天能来一些愿意分析这个 KeyGen Me 的没有,可能是我发的时间是晚上的问题!
上传的附件:
2013-7-24 08:42
0
hmlky
雪    币: 65
活跃值: (60)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
3
成功存活 72 小时无人破解!
2013-7-24 21:17
0
hiangell
雪    币: 282
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
1分钟内搞定,但是注册机不会写。。。
2013-7-27 10:39
0
hmlky
雪    币: 65
活跃值: (60)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
5
问题就是让你写出注册机啊,不写出注册机拦截函数输出结果或者爆破,连最基本的初学者都会……
2013-7-27 14:21
0
谁懂易经
雪    币: 95
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
6
大神、有空写个破文吧!小弟用OD跟了两个小时,毛都没跟到...
2013-7-31 22:57
0
hmlky
雪    币: 65
活跃值: (60)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
7
比起破文来,我还是喜欢放 KeyGenMe 的源代码!
源码我一定是会发的,但是还要等等,应该有其他的人还在破解当中…………

给你一些小提示:



上面有一处选中的调用,CALL EAX。想想 EAX 是根据什么决定的?
你不要总把很大的精力放在代码段上,也可以想想一些常量段或者数据段的里面的数据!
另外,如果你会用 IDA Pro 分析,会帮助你很多,由于我的这个程序
没有进行指令膨胀,变形等,多以说反编译是对抗它的利器!

另外 CALL EAX 调用的函数,它的功能不必多跟,直接从函数头执行到返回,看看它
改变的数据,符合什么变换,它就是什么变换,直接猜测就可以了。

注:整个注册机的核心部分用 C 写(去空行)整整 8 行…………
上传的附件:
2013-8-1 07:06
0
hmlky
雪    币: 65
活跃值: (60)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
8
考虑到这个 KeyGenMe 这么长时间没有人破解,发一部分源代码:

typedef enum _SVM_HANDLER_LIST {
    SVM_HANDLER_NOP,
    SVM_HANDLER_EXIT,
    SVM_HANDLER_MOVE,
    SVM_HANDLER_ADD,
    SVM_HANDLER_MUL,
    SVM_HANDLER_DIV,
    SVM_HANDLER_NOR,
    SVM_HANDLER_SHL,
    SVM_HANDLER_SHR,
    SVM_HANDLER_ZTEST,
    SVM_HANDLER_LOADC,
    SVM_HANDLER_INVK,
    SVM_HANDLER_LOADR,
    SVM_HANDLER_STORER,
    SVM_HANDLER_LIMM,
    SVM_HANDLER_TOTAL_COUNT
} SVM_HANDLER_LIST;

static const SVM_Handler_Proc
    SVM_Dispatcher[SVM_HANDLER_TOTAL_COUNT] = {
        &SVM_Handler_Nop,
        &SVM_Handler_Exit,
        &SVM_Handler_Move,
        &SVM_Handler_Add,
        &SVM_Handler_Mul,
        &SVM_Handler_Div,
        &SVM_Handler_Nor,
        &SVM_Handler_Shl,
        &SVM_Handler_Shr,
        &SVM_Handler_ZTest,
        &SVM_Handler_LoadC,
        &SVM_Handler_Invk,
        &SVM_Handler_LoadR,
        &SVM_Handler_StoreR,
        &SVM_Handler_LImm
};


什么类型的保护已经彻底暴露了…………
2013-8-1 07:19
0
junhaha
雪    币: 37
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
9
分析代码跟踪的头大,索性不跟踪了,最后还是修改你的程序变成注册机。
注册机我写出来 ,就是在你程序的基础上改了下。
基本上用了1天时间弄出来。

Seed和key在内存中连续存放的,seed之后的四个字节就是key
我的注册机原理是,在原来程序输入内容之后,把输入的内容填充到seed里面(当然需要写一点代码把字符串转换成长整Seed)。Seed的地址是输入内容时候的[edi]+4,输入的内容存到这里面后,程序继续运行,计算出Key之后自动放到Seed之后,程序在输入错误的时候还把正确的Key输出,利用这一点,把Error什么的字符串修改一下或者去掉,就输出正确的Key了。
注册机就这么实现了。
过程中我的代码写到代码段最后,OD老是保存不了修改后的内容,干脆新添加一个节,用ZeroAdd软件添加一个新节后,把我的代码写进去执行。
全部弄好之后发现我的注册机程序4M多,比源程序50K大太多了,可是我的代码就那几行,4M不合理,我菜鸟一个,还不明白为啥大了这么多。这些软件都是头一次用,上网又搜了一个exe压缩软件PECompact2,压缩后29K,终于可以方便上传过来供大家查看了。
我的注册机,没有源代码,属于比较笨的办法弄成的,呵呵。
好歹算是实现了注册机的功能吧,我这辈子第一个注册机,希望大家鼓励鼓励啊。哈哈。
上传的附件:
2013-8-3 12:40
0
hmlky
雪    币: 65
活跃值: (60)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
10
鼓励,当然得鼓励,您能花时间分析我这个 KeyGenMe 我已经是非常感激了,更何况你把第一次献给了我(注册机)。虽然没有逆向出算法源码,也已经非常不错了。

祝你和其他参与破解本 KeyGenMe 的人身体健康,万事如意!!!
2013-8-3 18:49
0
hmlky
雪    币: 65
活跃值: (60)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
11
已经有人干掉保护了,放出 KeyGenMe 源代码。
另外这个 KeyGenMe 的主要思想是保护算法,我将来不用它保护注册码……

#define _CRT_SECURE_NO_WARNINGS

#include <stdio.h>
#include <conio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>

typedef enum _SVM_STATUS {
    SVM_SUCCESS_NORMAL,
    SVM_SUCCESS_EXIT,
    SVM_ERR_OUT_OF_CODE_RANGE,
    SVM_ERR_UNKNOWN_INSTRUCTION,
    SVM_ERR_INTEGER_DIVIDE_BY_ZERO,
    SVM_ERR_INTEGER_OVERFLOW
} SVM_STATUS;

#define SVM_REG_COUNT               (UINT8_MAX + 1)
#define SVM_REG_SIZE                (sizeof(uint32_t) * SVM_REG_COUNT)

#define SVM_REG_PC                  0

typedef struct _SVM_CONTEXT         SVM_CONTEXT;

typedef uint32_t (*SVM_Handler_Proc)(SVM_CONTEXT *);
typedef void (*SVM_Invoke_Proc)(SVM_CONTEXT *);

struct _SVM_CONTEXT {
    uint32_t *lpRegister;
    uint8_t *lpCodeChunk;
    uint32_t nCodeLength;
    SVM_STATUS nStatus;
    SVM_Invoke_Proc lpInvoke;
};

static uint8_t *SVM_ReadCode(SVM_CONTEXT *lpThis, uint32_t nIndex, uint32_t nLength)
{
    if (nIndex + nLength > lpThis->nCodeLength)
    {
        lpThis->nStatus = SVM_ERR_OUT_OF_CODE_RANGE;
        return NULL;
    }

    return lpThis->lpCodeChunk + nIndex;
}

static uint8_t *SVM_ReadCodeAtPC(SVM_CONTEXT *lpThis, uint32_t nLength)
{
    return SVM_ReadCode(lpThis, lpThis->lpRegister[SVM_REG_PC], nLength);
}

static uint32_t SVM_Handler_Nop(SVM_CONTEXT *lpThis)
{
    return 1;
}

static uint32_t SVM_Handler_Exit(SVM_CONTEXT *lpThis)
{
    lpThis->nStatus = SVM_SUCCESS_EXIT;
    return 1;
}

static uint32_t SVM_Handler_Move(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 3);

    if (NULL == lpOperand) { return 0; }

    lpThis->lpRegister[lpOperand[1]] = lpThis->lpRegister[lpOperand[2]];
    return 3;
}

static uint32_t SVM_Handler_Add(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 4);
    uint32_t nAdd1, nAdd2;

    if (NULL == lpOperand) { return 0; }

    nAdd1 = lpThis->lpRegister[lpOperand[2]];
    nAdd2 = lpThis->lpRegister[lpOperand[3]];

    lpThis->lpRegister[lpOperand[1]] = nAdd1 + nAdd2;
    return 4;
}

static uint32_t SVM_Handler_Mul(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 5);
    uint64_t nResult, nMul1, nMul2;

    if (NULL == lpOperand) { return 0; }

    nMul1 = lpThis->lpRegister[lpOperand[3]];
    nMul2 = lpThis->lpRegister[lpOperand[4]];
    nResult = nMul1 * nMul2;

    lpThis->lpRegister[lpOperand[1]] = (uint32_t)(nResult >> 32);
    lpThis->lpRegister[lpOperand[2]] = (uint32_t)(nResult);
    return 5;
}

static uint32_t SVM_Handler_Div(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 6);
    uint64_t nDividend, nDivisor, nQuotient, nRemainder;
    uint32_t nHigh, nLow;

    if (NULL == lpOperand) { return 0; }

    nHigh = lpThis->lpRegister[lpOperand[3]];
    nLow = lpThis->lpRegister[lpOperand[4]];
    nDividend = ((uint64_t)nHigh << 32) | (uint64_t)nLow;
    nDivisor = (uint64_t)lpThis->lpRegister[lpOperand[5]];

    if (0 == nDivisor)
    {
        lpThis->nStatus = SVM_ERR_INTEGER_DIVIDE_BY_ZERO;
        return 0;
    }

    nQuotient = nDividend / nDivisor;
    nRemainder = nDividend % nDivisor;

    if (nQuotient > UINT32_MAX)
    {
        lpThis->nStatus = SVM_ERR_INTEGER_OVERFLOW;
        return 0;
    }

    lpThis->lpRegister[lpOperand[1]] = (uint32_t)nQuotient;
    lpThis->lpRegister[lpOperand[2]] = (uint32_t)nRemainder;
    return 6;
}

static uint32_t SVM_Handler_Nor(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 4);
    uint32_t nNor1, nNor2;

    if (NULL == lpOperand) { return 0; }

    nNor1 = lpThis->lpRegister[lpOperand[2]];
    nNor2 = lpThis->lpRegister[lpOperand[3]];

    lpThis->lpRegister[lpOperand[1]] = ~(nNor1 | nNor2);
    return 4;
}

static uint32_t SVM_Handler_Shl(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 4);
    uint32_t nShift1, nShift2;

    if (NULL == lpOperand) { return 0; }

    nShift1 = lpThis->lpRegister[lpOperand[2]];
    nShift2 = lpThis->lpRegister[lpOperand[3]];

    lpThis->lpRegister[lpOperand[1]] = nShift1 << (nShift2 & 0x1F);
    return 4;
}

static uint32_t SVM_Handler_Shr(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 4);
    uint32_t nShift1, nShift2;

    if (NULL == lpOperand) { return 0; }

    nShift1 = lpThis->lpRegister[lpOperand[2]];
    nShift2 = lpThis->lpRegister[lpOperand[3]];

    lpThis->lpRegister[lpOperand[1]] = nShift1 >> (nShift2 & 0x1F);
    return 4;
}

static uint32_t SVM_Handler_ZTest(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 3);

    if (NULL == lpOperand) { return 0; }

    if (0 == lpThis->lpRegister[lpOperand[2]])
    {
        lpThis->lpRegister[lpOperand[1]] = 0;
        return 3;
    }

    lpThis->lpRegister[lpOperand[1]] = 0xFFFFFFFF;
    return 3;
}

static uint32_t SVM_Handler_LoadC(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 3);
    uint32_t nIndex, *lpResult;

    if (NULL == lpOperand) { return 0; }

    nIndex = lpThis->lpRegister[lpOperand[2]];

    lpResult = (uint32_t *)SVM_ReadCode(lpThis, nIndex,
        sizeof(uint32_t) / sizeof(uint8_t));

    if (NULL == lpResult) { return 0; }

    lpThis->lpRegister[lpOperand[1]] = *lpResult;
    return 3;
}

static uint32_t SVM_Handler_Invk(SVM_CONTEXT *lpThis)
{
    (*lpThis->lpInvoke)(lpThis);
    return 1;
}

static uint32_t SVM_Handler_LoadR(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 3);
    uint32_t nIndex, nResult;

    if (NULL == lpOperand) { return 0; }

    nIndex = lpThis->lpRegister[lpOperand[2]];
    nResult = lpThis->lpRegister[(uint8_t)nIndex];

    lpThis->lpRegister[lpOperand[1]] = nResult;
    return 3;
}

static uint32_t SVM_Handler_StoreR(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 3);
    uint32_t nIndex, nData;

    if (NULL == lpOperand) { return 0; }

    nIndex = lpThis->lpRegister[lpOperand[1]];
    nData = lpThis->lpRegister[lpOperand[2]];

    lpThis->lpRegister[(uint8_t)nIndex] = nData;
    return 3;
}

static uint32_t SVM_Handler_LImm(SVM_CONTEXT *lpThis)
{
    uint8_t *lpOperand = SVM_ReadCodeAtPC(lpThis, 6);
    uint32_t *lpResult;

    if (NULL == lpOperand) { return 0; }

    lpResult = (uint32_t *)(&lpOperand[2]);

    lpThis->lpRegister[lpOperand[1]] = *lpResult;
    return 6;
}

typedef enum _SVM_HANDLER_LIST {
    SVM_HANDLER_NOP,
    SVM_HANDLER_EXIT,
    SVM_HANDLER_MOVE,
    SVM_HANDLER_ADD,
    SVM_HANDLER_MUL,
    SVM_HANDLER_DIV,
    SVM_HANDLER_NOR,
    SVM_HANDLER_SHL,
    SVM_HANDLER_SHR,
    SVM_HANDLER_ZTEST,
    SVM_HANDLER_LOADC,
    SVM_HANDLER_INVK,
    SVM_HANDLER_LOADR,
    SVM_HANDLER_STORER,
    SVM_HANDLER_LIMM,
    SVM_HANDLER_TOTAL_COUNT
} SVM_HANDLER_LIST;

static const SVM_Handler_Proc
    SVM_Dispatcher[SVM_HANDLER_TOTAL_COUNT] = {
        &SVM_Handler_Nop,
        &SVM_Handler_Exit,
        &SVM_Handler_Move,
        &SVM_Handler_Add,
        &SVM_Handler_Mul,
        &SVM_Handler_Div,
        &SVM_Handler_Nor,
        &SVM_Handler_Shl,
        &SVM_Handler_Shr,
        &SVM_Handler_ZTest,
        &SVM_Handler_LoadC,
        &SVM_Handler_Invk,
        &SVM_Handler_LoadR,
        &SVM_Handler_StoreR,
        &SVM_Handler_LImm
};

static void SVM_Execute(SVM_CONTEXT *lpThis)
{
    uint32_t nLastPC, nInstLength;
    uint8_t *lpOpcode;

    for (; NULL != (lpOpcode = SVM_ReadCodeAtPC(lpThis, 1));)
    {
        nLastPC = lpThis->lpRegister[SVM_REG_PC];

        if (*lpOpcode >= SVM_HANDLER_TOTAL_COUNT)
        {
            lpThis->nStatus = SVM_ERR_UNKNOWN_INSTRUCTION;
            break;
        }

        nInstLength = (*SVM_Dispatcher[*lpOpcode])(lpThis);

        if (SVM_SUCCESS_NORMAL != lpThis->nStatus)
            break;

        if (nLastPC == lpThis->lpRegister[SVM_REG_PC])
            lpThis->lpRegister[SVM_REG_PC] += nInstLength;
    }
}

#define CODE_LENGTH             203

const uint8_t g_VMCodes[CODE_LENGTH] = {

    // Data 0x0000C203 And R194 = 0:
    SVM_HANDLER_ADD, 194, 0x00, 0x00,

    // R9 = 0x3E8B8105:
    SVM_HANDLER_LIMM, 15, 0x8D, 0x2A, 0x57, 0x2C,
    SVM_HANDLER_ADD, 9, 15, 252,

    // R8 = R1(Input):
    SVM_HANDLER_MOVE, 8, 1,
    SVM_HANDLER_NOP,

    // Loop: R10 = R8 * 0xC203:
    SVM_HANDLER_NOP,
    SVM_HANDLER_LOADC, 14, 194,
    SVM_HANDLER_MUL, 17, 10, 8, 14,

    // R11 = GetSalt(R9):
    SVM_HANDLER_MOVE, 254, 9,
    SVM_HANDLER_INVK,
    SVM_HANDLER_ADD, 12, 10, 17,
    SVM_HANDLER_MOVE, 11, 255,

    // R12 = R10 ^ R11:
    SVM_HANDLER_NOR, 13, 11, 194,
    SVM_HANDLER_MUL, 16, 14, 15, 17,
    SVM_HANDLER_NOR, 14, 10, 13,
    SVM_HANDLER_MOVE, 17, 194,
    SVM_HANDLER_MUL, 16, 15, 17, 14,
    SVM_HANDLER_ADD, 17, 16, 12,
    SVM_HANDLER_ADD, 16, 14, 15,
    SVM_HANDLER_NOR, 17, 14, 15,
    SVM_HANDLER_MOVE, 15, 16,
    SVM_HANDLER_MOVE, 14, 16,
    SVM_HANDLER_NOR, 15, 10, 194,
    SVM_HANDLER_LIMM, 17, 16, 11, 13, 15,
    SVM_HANDLER_NOR, 16, 15, 11,
    SVM_HANDLER_ADD, 13, 17, 15,
    SVM_HANDLER_MOVE, 15, 17,
    SVM_HANDLER_NOR, 17, 14, 16,
    SVM_HANDLER_NOR, 12, 17, 194,
    SVM_HANDLER_MUL, 17, 15, 11, 12,
    SVM_HANDLER_ADD, 16, 17, 15,
    SVM_HANDLER_NOR, 15, 12, 17,

    // R8 = R12:
    SVM_HANDLER_MOVE, 16, 194,
    SVM_HANDLER_ADD, 8, 12, 16,
    SVM_HANDLER_MOVE, 254, 17,
    SVM_HANDLER_INVK,
    SVM_HANDLER_ADD, 16, 255, 17,

    // R9 += 1:
    SVM_HANDLER_MOVE, 15, 9,
    SVM_HANDLER_SHL, 16, 194, 15,
    SVM_HANDLER_ADD, 9, 15, 253,
    SVM_HANDLER_SHR, 15, 16, 9,

    // R12 = 0xC1747EF6:
    SVM_HANDLER_LIMM, 11, 0xF6, 0x7E, 0x74, 0xC1,
    SVM_HANDLER_MOVE, 12, 11,
    SVM_HANDLER_NOR, 11, 15, 9,

    // R12 += R9:
    SVM_HANDLER_ADD, 13, 9, 12,
    SVM_HANDLER_ADD, 12, 13, 194,

    // R12 &= 0x80000000:
    SVM_HANDLER_LIMM, 11, 0xFF, 0xFF, 0xFF, 0x7F,
    SVM_HANDLER_NOR, 13, 12, 194,
    SVM_HANDLER_NOR, 12, 13, 11,

    // if (R12 != 0) goto loop:
    SVM_HANDLER_ZTEST, 17, 12,
    SVM_HANDLER_NOR, 16, 17, 194,
    SVM_HANDLER_NOR, 13, 16, 251,
    SVM_HANDLER_ADD, 0, 0, 13,

    // R2(Output) = R8:
    SVM_HANDLER_MOVE, 2, 8,
    SVM_HANDLER_EXIT
};

static void GetSalt(SVM_CONTEXT *lpThis)
{
    uint32_t r = 0;

    switch (lpThis->lpRegister[0xFE])
    {
        case 0x3E8B8105: r = 0x03B7A707; break;
        case 0x3E8B8106: r = 0x63FF1554; break;
        case 0x3E8B8107: r = 0xC23F35EF; break;
        case 0x3E8B8108: r = 0x7A5F1A89; break;
        case 0x3E8B8109: r = 0xA62CB6AE; break;
    }

    lpThis->lpRegister[0xFF] = r;
}

uint32_t g_VMRegister[SVM_REG_COUNT];

__declspec(noinline) void SVM_Init(SVM_CONTEXT *lpThis)
{
    uint8_t Rand[4];
    int i, j;

    lpThis->lpRegister = g_VMRegister;
    lpThis->nStatus = SVM_SUCCESS_NORMAL;
    lpThis->lpCodeChunk = (uint8_t *)g_VMCodes;
    lpThis->nCodeLength = CODE_LENGTH;
    lpThis->lpInvoke = &GetSalt;

    srand((unsigned int)time(NULL));

    for (i = 0; i < SVM_REG_COUNT; i++)
    {
        for (j = 0; j < 4; j++)
            Rand[j] = (uint8_t)rand();

        lpThis->lpRegister[i] = *(uint32_t *)Rand;
    }

    lpThis->lpRegister[SVM_REG_PC] = 0;
    lpThis->lpRegister[0xFD] = 1;
    lpThis->lpRegister[0xFC] = 0x12345678;
    lpThis->lpRegister[0xFB] = 176;
}

#if 0

void SVM_Debug_Print(SVM_CONTEXT *lpThis)
{
    int i;

    for (i = 0; i < 256; i++)
    {
        if (i % 6 == 0) printf("\r\n %.3d : ", i);
        printf("0x%.8X ", lpThis->lpRegister[i]);
    }

    printf("status = %ld\r\n", lpThis->nStatus);
    printf("codelen = %ld.\r\n", CODE_LENGTH);
}

#endif

int __cdecl main(void)
{
    SVM_CONTEXT svmc;
    char szKey[12];
    char szInput[12];

    SVM_Init(&svmc);

    printf("Seed = %.8X", svmc.lpRegister[1]);
    printf(", please enter your key.\r\nKey : ");
    scanf("%11s", szInput);

    SVM_Execute(&svmc);

    if (SVM_SUCCESS_EXIT == svmc.nStatus)
    {
        _ultoa(svmc.lpRegister[2], szKey, 16);
        szInput[11] = szKey[11] = '\0';

        if (_stricmp(szInput, szKey) == 0)
        {
            printf("------------------\r\n");
            printf("Your key is right!\r\n");
            printf("Good job !!!!!!!!!\r\n");
            printf("------------------\r\n");
        }
        else
        {
            printf("Your Key is wrong!\r\n");
            printf("Right Key = %s.\r\n", szKey);
        }
    }
    else
    {
        printf("Error !\r\n");
    }

    printf("Press any key to exit.\r\n");
    _getch();
    return 0;
}


注册机中的核心算法:

#include <stdint.h>

#define ROUND               5

const uint32_t g_Salt[ROUND] = {
    0x03B7A707, 0x63FF1554, 0xC23F35EF,
    0x7A5F1A89, 0xA62CB6AE
};

uint32_t GetKey(uint32_t nSeed)
{
    int i;

    for (i = 0; i < ROUND; i++)
        nSeed = (nSeed * 49667) ^ g_Salt[i];

    return nSeed;
}


-------------------- 以上 --------------------
2013-8-3 18:57
0
dINO
雪    币: 239
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
12
國人經常性放錯重點,哎~
2013-8-3 21:04
0
hmlky
雪    币: 65
活跃值: (60)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
13
对我生活上来说,我吃到了什么,喝到了什么,是否开心是重点;
知识性方面对我来说,基础知识和我不会的是重点。
不知道你对重点是怎么理解的,突然冒出这句话我有一点摸不着头脑。
2013-8-4 15:58
0
dINO
雪    币: 239
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
14
1. 請不要在意別人的評價,網絡是個言論自由的地方
2. 有方向就堅持走下去,怎麼爽怎麼來,關他人屁事
3. 祝你好運 ;-)
2013-8-4 17:26
0
sunnysab
雪    币: 80
活跃值: (109)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
15
没写过注册机,只晓得把JNZ改成JZ
很想学破解
2013-8-4 17:58
0
shenger
雪    币: 45
活跃值: (55)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
16
虚拟机的CrackMe? 这个要收藏下 有时间来破
2013-8-4 19:20
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//