-
-
[原创]签到题:乱世鬼雄
-
发表于:
2019-9-16 21:39
3036
-
程序首先转换输入,按照字符所表示的字面值保存
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | i = 0;
do
{
c = my_serial[2 * i];
v3 = c - '7';
if ( c <= '9' )
v3 = my_serial[2 * i];
real_serial_4212F8[i] = my_serial[2 * i + 1] + 16 * v3 - (my_serial[2 * i + 1] > '9' ? '7' : '0');
++i;
}
while ( i < 16 );
v4 = 0;
s_ptr = &temp;
do
{
sub_401990(s_ptr, "%02X", real_serial_4212F8[v4++]);
s_ptr = (s_ptr + 2);
}
while ( v4 < 16 );
v6 = strcmp(my_serial, &temp);
if ( v6 )
v6 = -(v6 < 0) | 1;
if ( v6 )
{
print_401910(" * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\n");
print_401910("【请输入合法序列号!】\n\n");
}
|
序列号需要是大写十六进制字符串,32位,表示16字节
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | i = 0;
do
{
c = my_serial[2 * i];
v3 = c - '7';
if ( c <= '9' )
v3 = my_serial[2 * i];
real_serial_4212F8[i] = my_serial[2 * i + 1] + 16 * v3 - (my_serial[2 * i + 1] > '9' ? '7' : '0');
++i;
}
while ( i < 16 );
v4 = 0;
s_ptr = &temp;
do
{
sub_401990(s_ptr, "%02X", real_serial_4212F8[v4++]);
s_ptr = (s_ptr + 2);
}
while ( v4 < 16 );
v6 = strcmp(my_serial, &temp);
if ( v6 )
v6 = -(v6 < 0) | 1;
if ( v6 )
{
print_401910(" * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\n");
print_401910("【请输入合法序列号!】\n\n");
}
|
序列号需要是大写十六进制字符串,32位,表示16字节
下面便是进行md5运算,将用户名异或注册码的结果进行md5加密,最后进行固定md5值的比较
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | else
{
a1 = 0;
v23 = 0;
v24 = 0x67452301;
v25 = 0xEFCDAB89;
*a2 = _mm_xor_si128(*my_name_42130C, *real_serial_4212F8);
v26 = 0x98BADCFE;
v27 = 0x10325476;
v29 = 0i64;
sub_401000(&a1, a2, 0x10u);
v7 = (a1 >> 3) & 0x3F;
v8 = 0x78 - v7;
v9 = 0x38 - v7;
v10 = v7 < 0x38;
v11 = &a1 + 1;
if ( !v10 )
v9 = v8;
v12 = 0;
do
{
v13 = *(v11 - 1);
v11 += 4;
LOBYTE(a2[v12]) = v13;
BYTE1(a2[v12]) = *(v11 - 4);
BYTE2(a2[v12]) = *(v11 - 3);
HIBYTE(a2[v12]) = *(v11 - 2);
++v12;
}
while ( v12 < 2 );
sub_401000(&a1, &::a2, v9);
sub_401000(&a1, a2, 8u);
v14 = &v24 + 1;
v15 = 0;
do
{
v16 = *(v14 - 1);
v14 += 4;
*(&v29 + v15) = v16;
*(&v29 + v15 + 1) = *(v14 - 4);
*(&v29 + v15 + 2) = *(v14 - 3);
*(&v29 + v15 + 3) = *(v14 - 2);
v15 += 4;
}
while ( v15 < 0x10 );
v17 = &v29;
v18 = byte_4208B0;
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | else
{
a1 = 0;
v23 = 0;
v24 = 0x67452301;
v25 = 0xEFCDAB89;
*a2 = _mm_xor_si128(*my_name_42130C, *real_serial_4212F8);
v26 = 0x98BADCFE;
v27 = 0x10325476;
v29 = 0i64;
sub_401000(&a1, a2, 0x10u);
v7 = (a1 >> 3) & 0x3F;
v8 = 0x78 - v7;
v9 = 0x38 - v7;
v10 = v7 < 0x38;
v11 = &a1 + 1;
if ( !v10 )
v9 = v8;
v12 = 0;
do
{
v13 = *(v11 - 1);
v11 += 4;
LOBYTE(a2[v12]) = v13;
BYTE1(a2[v12]) = *(v11 - 4);
BYTE2(a2[v12]) = *(v11 - 3);
HIBYTE(a2[v12]) = *(v11 - 2);
++v12;
}
while ( v12 < 2 );
sub_401000(&a1, &::a2, v9);
sub_401000(&a1, a2, 8u);
v14 = &v24 + 1;
v15 = 0;
do
{
v16 = *(v14 - 1);
v14 += 4;
*(&v29 + v15) = v16;
*(&v29 + v15 + 1) = *(v14 - 4);
*(&v29 + v15 + 2) = *(v14 - 3);
*(&v29 + v15 + 3) = *(v14 - 2);
v15 += 4;
}
while ( v15 < 0x10 );
v17 = &v29;
v18 = byte_4208B0;
|
所以只要根据给出的公开用户名及序列号算出异或值,进而异或我们的用户名‘KCTF’,便可得到序列号:
[注意]看雪招聘,专注安全领域的专业人才平台!
