-
-
[原创]一个keyfile型的crackme的拆解
-
发表于:
2006-8-10 19:26
5588
-
[原创]一个keyfile型的crackme的拆解
【文章标题】: 一个keyfile型的crackme的拆解
【下载地址】: 自己搜索下载
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
004265B2 837D FC 00 cmp dword ptr [ebp-4], 0
004265B6 75 15 jnz short 004265CD //判断KEY文件是否为空
004265B8 BA 64674200 mov edx, 00426764 ; key file is empty!
004265BD 8B83 B0010000 mov eax, [ebx+1B0]
00426616 8A1C16 mov bl, [esi+edx] //读取KEY文件
00426619 84DB test bl, bl
0042661B 74 29 je short 00426646 //当前字符为0时,认为用户名完
0042661D E8 16000000 call 00426638
00426622 52 push edx
00426623 F7E3 mul ebx //每位字符累乘
00426625 5A pop edx
00426626 35 326D5463 xor eax, 63546D32 //结果与定植异或
0042662B FEC2 inc dl
0042662D 39CA cmp edx, ecx
0042662F 74 42 je short 00426673 //判断文件是否读完
00426631 80FA FF cmp dl, 0FF
00426634 74 3D je short 00426673
00426636 ^ EB DE jmp short 00426616
0042664B 42 inc edx //认为用户名读完就跳到此处
0042664C 83C2 04 add edx, 4
0042664F 39D1 cmp ecx, edx
00426651 75 20 jnz short 00426673 //对KEY文件大小做验证,
00426653 83EA 04 sub edx, 4
00426656 85C0 test eax, eax
00426658 76 02 jbe short 0042665C
0042665A D1E8 shr eax, 1 //运算结果右移一位
0042665C 3B0416 cmp eax, [esi+edx] //右移后与KEY文件后四个字节比较
0042665F 75 09 jnz short 0042666A //后四个字节既所谓的注册码
00426661 B8 00000000 mov eax, 0
00426666 8907 mov [edi], eax
00426668 EB 10 jmp short 0042667A //相等则注册成功!!!
0042666A B8 01000000 mov eax, 1
0042666F 8907 mov [edi], eax
00426671 EB 07 jmp short 0042667A
00426673 B8 02000000 mov eax, 2
00426678 8907 mov [edi], eax
0042667A 5E pop esi
0042667B 5F pop edi
0042667C 5B pop ebx
0042667D 8A85 FBFFFEFF mov al, [ebp+FFFEFFFB]
00426683 2C 01 sub al, 1
00426685 72 08 jb short 0042668F
00426687 74 4A je short 004266D3
00426689 FEC8 dec al
0042668B 74 58 je short 004266E5
0042668D EB 66 jmp short 004266F5
0042668F BA 80674200 mov edx, 00426780 ; valid key file found!
00426694 8B83 B0010000 mov eax, [ebx+1B0]
0042669A E8 F5B5FEFF call 00411C94
0042669F BA A0674200 mov edx, 004267A0 ; registered to:
算法总结:
KEY文件包括三部分:1、用户名;2、字节00;3、注册码(一个双字)。用户名每位累加并与定植运算后得到的双字应与注册码相同。
KeyenMaker src(c语言实现):
/*************KeyenMaker src****************/
/************code by elance*****************/
/*******************************************/
#include "stdio.h"
#include "conio.h"
#include "math.h"
#include "string.h"
void main()
{
unsigned long cs1=0x63546D32;
unsigned long temp=0x1;
static char name[30];
char sn[6];
int name_len;
int sn_len;
int i;
FILE *kf;
printf("Please input your register name:\n");
gets(name);
name_len=strlen(name);
for(i=0;i<name_len;i++)
{
temp=temp*name[i]^cs1;
}
temp=temp>>1;
sn[0]=0;
sn[1]=temp;
sn[2]=temp>>8;
sn[3]=temp>>16;
sn[4]=temp>>24;
strcat(name,"");
name_len=strlen(name);
sn_len=strlen(sn);
if((kf=fopen("fcrackme.key","wt"))==NULL)
{
printf("error on creating KeyFile!!!");
getch();
exit(1);
}
else
{
fwrite(name,name_len,1,kf);
i=0;
while(i<5)
{
fputc(sn[i],kf);
i++;
}
printf("\n\n\nKeyFile has created!\n");
puts("Made By eLance");
}
getch();
}
--------------------------------------------------------------------------------
【版权声明】: 本文由elance原创, 转载请注明作者并保持文章的完整, 谢谢!
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
