首先运行程序,然后任意输入,提示error !, ida中关键字查找,定位到验证模块,代码如下
ext:00401216 call ds:Sleep
.text:0040121C lea eax, [ebp-1Ch]
.text:0040121F push eax
.text:00401220 call _strlen
.text:00401225 cmp eax, 4 ; strlen(key) == 4
.text:00401228 pop ecx
.text:00401229 jnz loc_4012CF
.text:0040122F push 30h
.text:00401231 pop ecx
.text:00401232 cmp [ebp-1Ch], cl
.text:00401235 jz loc_4012CF
.text:0040123B cmp [ebp-1Bh], cl
.text:0040123E jz loc_4012CF
.text:00401244 cmp [ebp-1Ah], cl
.text:00401247 jz loc_4012CF
.text:0040124D cmp [ebp-19h], cl
.text:00401250 jz short loc_4012CF
.text:00401252 cmp byte ptr [ebp-1Ch], 31h ; key[0]
.text:00401256 jnz short loc_4012CF
.text:00401258 cmp byte ptr [ebp-1Bh], 35h ; key[1]
.text:0040125C jnz short loc_4012CF
.text:0040125E jz short loc_401263
.text:00401260 jnz short loc_401263
不难发现,key由4个数字组成,key[0] = 1, key[1] =5 , 剩下两位爆破就很快了,最多100次,爆出来是1555
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!