00454E3C /$ 55 PUSH EBP
00454E3D |. 8BEC MOV EBP,ESP
00454E3F |. 51 PUSH ECX
00454E40 |. B9 06000000 MOV ECX,6
00454E45 |> 6A 00 /PUSH 0
00454E47 |. 6A 00 |PUSH 0
00454E49 |. 49 |DEC ECX
00454E4A |.^ 75 F9 \JNZ SHORT Registra.00454E45
00454E4C |. 51 PUSH ECX
00454E4D |. 874D FC XCHG DWORD PTR SS:[EBP-4],ECX
00454E50 |. 53 PUSH EBX
00454E51 |. 56 PUSH ESI
00454E52 |. 57 PUSH EDI
00454E53 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
00454E56 |. 8BDA MOV EBX,EDX
00454E58 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00454E5B |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00454E5E |. E8 21F6FAFF CALL Registra.00404484
00454E63 |. 33C0 XOR EAX,EAX
00454E65 |. 55 PUSH EBP
00454E66 |. 68 79504500 PUSH Registra.00455079
00454E6B |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00454E6E |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00454E71 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
00454E74 |. 8BD3 MOV EDX,EBX
00454E76 |. E8 F1F1FAFF CALL Registra.0040406C
00454E7B |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00454E7E |. E8 11F4FAFF CALL Registra.00404294
00454E83 |. 25 01000080 AND EAX,80000001
00454E88 |. 79 05 JNS SHORT Registra.00454E8F
00454E8A |. 48 DEC EAX
00454E8B |. 83C8 FE OR EAX,FFFFFFFE
00454E8E |. 40 INC EAX
00454E8F |> 48 DEC EAX
00454E90 75 0F JNZ SHORT Registra.00454EA1
00454E92 |. B8 94504500 MOV EAX,Registra.00455094 ; 错误!////////这里有暗桩
00454E97 |. E8 9428FDFF CALL Registra.00427730
00454E9C |. E9 A8010000 JMP Registra.00455049
00454EA1 |> 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
00454EA4 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00454EA7 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00454EAA |. E8 8DFDFFFF CALL Registra.00454C3C
00454EAF |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
00454EB2 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
00454EB5 |. E8 B2F1FAFF CALL Registra.0040406C
00454EBA |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
00454EBD |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
00454EC0 |. E8 A7F1FAFF CALL Registra.0040406C
00454EC5 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
00454EC8 |. E8 C7F3FAFF CALL Registra.00404294
00454ECD |. 8BF0 MOV ESI,EAX
00454ECF |. D1FE SAR ESI,1
00454ED1 |. 79 03 JNS SHORT Registra.00454ED6
00454ED3 |. 83D6 00 ADC ESI,0
00454ED6 |> 83FE 01 CMP ESI,1
00454ED9 |. 0F8C 5C010000 JL Registra.0045503B
00454EDF |> 8B45 F0 /MOV EAX,DWORD PTR SS:[EBP-10]
00454EE2 |. E8 ADF3FAFF |CALL Registra.00404294
00454EE7 |. D1F8 |SAR EAX,1
00454EE9 |. 79 03 |JNS SHORT Registra.00454EEE
00454EEB |. 83D0 00 |ADC EAX,0
00454EEE |> 3BF0 |CMP ESI,EAX
00454EF0 |. 74 0B |JE SHORT Registra.00454EFD
00454EF2 |. 8D45 EC |LEA EAX,DWORD PTR SS:[EBP-14]
00454EF5 |. 8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18]
00454EF8 |. E8 6FF1FAFF |CALL Registra.0040406C
00454EFD |> 8D45 E8 |LEA EAX,DWORD PTR SS:[EBP-18]
00454F00 |. E8 CFF0FAFF |CALL Registra.00403FD4
00454F05 |. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
00454F08 |. E8 87F3FAFF |CALL Registra.00404294
00454F0D |. 8BF8 |MOV EDI,EAX
00454F0F |. D1FF |SAR EDI,1
00454F11 |. 79 03 |JNS SHORT Registra.00454F16
00454F13 |. 83D7 00 |ADC EDI,0
00454F16 |> 85FF |TEST EDI,EDI
00454F18 |. 0F8E 14010000 |JLE Registra.00455032
00454F1E |. BB 01000000 |MOV EBX,1
00454F23 |> BA 9C504500 |/MOV EDX,Registra.0045509C
00454F28 |. 8D45 DC ||LEA EAX,DWORD PTR SS:[EBP-24]
00454F2B |. E8 54DCFAFF ||CALL Registra.00402B84
00454F30 |. 8D45 D8 ||LEA EAX,DWORD PTR SS:[EBP-28]
00454F33 |. 8BD3 ||MOV EDX,EBX
00454F35 |. 03D2 ||ADD EDX,EDX
00454F37 |. 8B4D EC ||MOV ECX,DWORD PTR SS:[EBP-14]
00454F3A |. 8A5411 FE ||MOV DL,BYTE PTR DS:[ECX+EDX-2]
00454F3E |. 8850 01 ||MOV BYTE PTR DS:[EAX+1],DL
00454F41 |. C600 01 ||MOV BYTE PTR DS:[EAX],1
00454F44 |. 8D55 D8 ||LEA EDX,DWORD PTR SS:[EBP-28]
00454F47 |. 8D45 DC ||LEA EAX,DWORD PTR SS:[EBP-24]
///////////中间省略很多//////////////////
00455245 |. B9 90524500 MOV ECX,Registra.00455290 ; diskid////显示硬盘序列号
0045524A |. BA A0524500 MOV EDX,Registra.004552A0 ; userpass/////显示注册密码
0045524F |. A1 008C4500 MOV EAX,DWORD PTR DS:[458C00]
00455254 |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
00455256 |. FF16 CALL DWORD PTR DS:[ESI]
00455258 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0045525B |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
00455261 |. E8 86EBFDFF CALL Registra.00433DEC
00455266 |. 33C0 XOR EAX,EAX
00455268 |. 5A POP EDX
00455269 |. 59 POP ECX
0045526A |. 59 POP ECX
0045526B |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0045526E |. 68 83524500 PUSH Registra.00455283
00455273 |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
00455276 |. E8 59EDFAFF CALL Registra.00403FD4
0045527B \. C3 RETN
0045527C .^ E9 57E7FAFF JMP Registra.004039D8
00455281 .^ EB F0 JMP SHORT Registra.00455273
00455283 . 5E POP ESI
00455284 . 5B POP EBX
00455285 . 59 POP ECX
00455286 . 5D POP EBP
00455287 . C3 RETN
00455288 . FFFFFFFF DD FFFFFFFF
0045528C . 06000000 DD 00000006
00455290 . 64 69 73 6B 6>ASCII "diskid",0
00455297 00 DB 00
00455298 . FFFFFFFF DD FFFFFFFF
0045529C . 08000000 DD 00000008
004552A0 . 75 73 65 72 7>ASCII "userpass",0
004552A9 00 DB 00
004552AA 00 DB 00
004552AB 00 DB 00
004552AC /. 55 PUSH EBP
004552AD |. 8BEC MOV EBP,ESP
004552AF |. 33C9 XOR ECX,ECX
004552B1 |. 51 PUSH ECX
004552B2 |. 51 PUSH ECX
004552B3 |. 51 PUSH ECX
004552B4 |. 51 PUSH ECX
004552B5 |. 51 PUSH ECX
004552B6 |. 51 PUSH ECX
004552B7 |. 53 PUSH EBX
004552B8 |. 8BD8 MOV EBX,EAX
004552BA |. 33C0 XOR EAX,EAX
004552BC |. 55 PUSH EBP
004552BD |. 68 B1534500 PUSH Registra.004553B1//////后面开始算法(我不明白)
004552C2 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004552C5 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004552C8 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
004552CB |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
004552D1 |. E8 E6EAFDFF CALL Registra.00433DBC
004552D6 |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
004552DA 0F84 95000000 JE Registra.00455375
004552E0 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004552E3 |. BA 048C4500 MOV EDX,Registra.00458C04
004552E8 |. B9 20000000 MOV ECX,20
004552ED |. E8 52EFFAFF CALL Registra.00404244
004552F2 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004552F5 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004552F8 |. E8 9B2AFBFF CALL Registra.00407D98
004552FD |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00455300 |. 50 PUSH EAX
00455301 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00455304 |. 50 PUSH EAX
00455305 |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
00455308 |. 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
0045530E |. E8 A9EAFDFF CALL Registra.00433DBC
00455313 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
00455316 |. B9 C8534500 MOV ECX,Registra.004553C8 ; bin
0045531B |. 8BC3 MOV EAX,EBX
0045531D |. E8 1AFBFFFF CALL Registra.00454E3C
00455322 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
00455325 |. 58 POP EAX
00455326 |. E8 B5F0FAFF CALL Registra.004043E0/////关键CALL
0045532B 75 3E JNZ SHORT Registra.0045536B//////关键跳转,不相等就跳往失败(后面)
0045532D |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
00455330 |. 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
00455336 |. E8 81EAFDFF CALL Registra.00433DBC
0045533B |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0045533E |. 50 PUSH EAX
0045533F |. B9 D4534500 MOV ECX,Registra.004553D4 ; sn
00455344 |. BA E0534500 MOV EDX,Registra.004553E0 ; userpass
00455349 |. A1 008C4500 MOV EAX,DWORD PTR DS:[458C00]
0045534E |. 8B18 MOV EBX,DWORD PTR DS:[EAX]
00455350 |. FF53 04 CALL DWORD PTR DS:[EBX+4]
00455353 |. B8 F4534500 MOV EAX,Registra.004553F4 ; 恭喜您获得正式版用户,您将得到所有的功能以及今后的免费升级!\n您将体验正式版的所有功能!
00455358 |. E8 D323FDFF CALL Registra.00427730
0045535D |. A1 E8704500 MOV EAX,DWORD PTR DS:[4570E8]
00455362 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00455364 |. E8 97E2FFFF CALL Registra.00453600
00455369 |. EB 0A JMP SHORT Registra.00455375
0045536B |> B8 54544500 MOV EAX,Registra.00455454 ; 注册码不正确!
00455370 |. E8 BB23FDFF CALL Registra.00427730
00455375 |> A1 E8704500 MOV EAX,DWORD PTR DS:[4570E8]
0045537A |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0045537C |. E8 7FE2FFFF CALL Registra.00453600
[课程]Android-CTF解题方法汇总!