我不懂汇编,但还是尽量的分析,我想搞清楚他的算法.我认为这个地方就是算注册码的地方。
注:
00401ACB BE F8E04200 mov esi,kidhhsA-.0042E0F8 ; ASCII "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz"
Aa表示一个汉字.
Bb表示一个汉字,依次类推.
我为了分析用WinHex改了.
前两天,我已经找到了爆破的位置,但我实在想知道他是怎么算的.所以在这里希望大家可以帮忙看一下,说一下大概意思就行.
[代码部分]:
=====================================================================
00401ACB BE F8E04200 mov esi,kidhhsA-.0042E0F8 ; ASCII "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz"
00401AD0 8D7C24 2C lea edi,dword ptr ss:[esp+2C]
00401AD4 8B9C24 D4020000 mov ebx,dword ptr ss:[esp+2D4]
00401ADB F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[esi]
00401ADD 8D9424 DC000000 lea edx,dword ptr ss:[esp+DC]
00401AE4 8BC3 mov eax,ebx
00401AE6 A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00401AE7 2BD3 sub edx,ebx
00401AE9 8A08 mov cl,byte ptr ds:[eax]
00401AEB 880C02 mov byte ptr ds:[edx+eax],cl
00401AEE 40 inc eax
00401AEF 84C9 test cl,cl
00401AF1 ^ 75 F6 jnz short kidhhsA-.00401AE9
00401AF3 B8 60234300 mov eax,kidhhsA-.00432360
00401AF8 8B5424 28 mov edx,dword ptr ss:[esp+28]
00401AFC 8A08 mov cl,byte ptr ds:[eax]
00401AFE 880C02 mov byte ptr ds:[edx+eax],cl
00401B01 40 inc eax
00401B02 84C9 test cl,cl
00401B04 ^ 75 F2 jnz short kidhhsA-.00401AF8
00401B06 8DBC24 DC000000 lea edi,dword ptr ss:[esp+DC]
00401B0D 83C9 FF or ecx,FFFFFFFF
00401B10 33C0 xor eax,eax
00401B12 33D2 xor edx,edx
00401B14 F2:AE repne scas byte ptr es:[edi]
00401B16 F7D1 not ecx
00401B18 49 dec ecx
00401B19 74 7D je short kidhhsA-.00401B98
00401B1B 8A8414 DC000000 mov al,byte ptr ss:[esp+edx+DC]
00401B22 3C 41 cmp al,41
00401B24 7C 22 jl short kidhhsA-.00401B48
00401B26 3C 5A cmp al,5A
00401B28 7F 1E jg short kidhhsA-.00401B48
00401B2A 33C9 xor ecx,ecx
00401B2C 894C24 14 mov dword ptr ss:[esp+14],ecx
00401B30 0FBEC0 movsx eax,al
00401B33 894C24 18 mov dword ptr ss:[esp+18],ecx
00401B37 66:894C24 1C mov word ptr ss:[esp+1C],cx
00401B3C 66:8B4C44 AA mov cx,word ptr ss:[esp+eax*2-56]
00401B41 66:894C24 14 mov word ptr ss:[esp+14],cx
00401B46 EB 13 jmp short kidhhsA-.00401B5B
00401B48 33C9 xor ecx,ecx
00401B4A 894C24 14 mov dword ptr ss:[esp+14],ecx
00401B4E 884424 14 mov byte ptr ss:[esp+14],al
00401B52 894C24 18 mov dword ptr ss:[esp+18],ecx
00401B56 66:894C24 1C mov word ptr ss:[esp+1C],cx
00401B5B 33C0 xor eax,eax
00401B5D 8D7C24 14 lea edi,dword ptr ss:[esp+14]
00401B61 83C9 FF or ecx,FFFFFFFF
00401B64 F2:AE repne scas byte ptr es:[edi]
00401B66 F7D1 not ecx
00401B68 2BF9 sub edi,ecx
00401B6A 8BF7 mov esi,edi
00401B6C 8BE9 mov ebp,ecx
00401B6E 8BFB mov edi,ebx
00401B70 83C9 FF or ecx,FFFFFFFF
00401B73 F2:AE repne scas byte ptr es:[edi]
00401B75 8BCD mov ecx,ebp
00401B77 4F dec edi
00401B78 C1E9 02 shr ecx,2
00401B7B F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[esi]
00401B7D 8BCD mov ecx,ebp
00401B7F 83E1 03 and ecx,3
00401B82 42 inc edx
00401B83 F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[esi]
00401B85 8DBC24 DC000000 lea edi,dword ptr ss:[esp+DC]
00401B8C 83C9 FF or ecx,FFFFFFFF
00401B8F F2:AE repne scas byte ptr es:[edi]
00401B91 F7D1 not ecx
00401B93 49 dec ecx
00401B94 3BD1 cmp edx,ecx
00401B96 ^ 72 83 jb short kidhhsA-.00401B1B
00401B98 5F pop edi
00401B99 5E pop esi
00401B9A 5D pop ebp
00401B9B 33C0 xor eax,eax
00401B9D 5B pop ebx
00401B9E 81C4 C0020000 add esp,2C0
=====================================================================
[课程]Android-CTF解题方法汇总!