-
-
*已破* [PEDIY Crackme 竞赛 2007] [第二回] 第 6 队 –Nooby
-
发表于: 2007-6-13 12:00
-
|
|
|---|---|
|
|
|
|
|
|
|
|
以邪秀才的一组为第 2 序号
|
|
|
|
|
|
晕啊,好想睡觉,全都是牛人...
|
|
|
|
|
|
为什么用它们注册正确的在OD里调试就不行?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
用20个r注册后程序会出错
 
|
|
|
|
|
|
|
|
|
|
|
|
偶又晚了,
还没看到crackme呢 |
|
|
// CM05Dlg.cpp : implementation file
// #include "stdafx.h" #include "CM05.h" #include "CM05Dlg.h" char txtBuf[] = "\x1f\nABCDEFGHabdcefghijklmnopqrsTuvwxyz`.~!@#$%^&*()_+|\\=-></?':;}{[ ]\n"; char txtBuf2[] = "\x1f\nabcdefghABCDEFGHIJKLMNOPQRStUVWXYZ`.~!@#$%^&*()_+|\\=-></?':;}{[ ]\n"; bool failed = false; bool exceed = false; 当中省略 void CCM05Dlg::OnOK() { // TODO: Add extra validation here //memcpy((void*)((long)txtBuf+10),str,90); if (!failed) { long time = 0; char* name = (char*)malloc(10); char* realname = (char*)malloc(20); GetDlgItemText(IDC_EDIT2,name,20); int i = sizeof(&name); int dummyval = 0; memcpy(realname,name,20); for(int j=0;j<i;j++) { dummyval+=i; dummyval+=dummyval; } char* key = (char*)malloc(20); GetDlgItemText(IDC_EDIT1,key,20); char* str = (char*)malloc(100); strcpy(str,realname); strcat(str,key); strcat(str,txtBuf); itoa(dummyval,name,4); strcat(str,name); strcpy(txtBuf,str); char tmpBuf[30] = ""; int sizemagic = sizeof(tmpBuf); this->GetDlgItemText(IDC_EDIT1, tmpBuf, sizemagic); i = 0; long ptr = (long)txtBuf; long ptr2; ptr+=20; ptr*=10; ptr-=100; ptr/=5; ptr-=20; ptr/=2; ptr--; time = GetTickCount(); if(memcmp((char*)(ptr2=ptr+sizemagic),&tmpBuf[i],1)==0) { if(exceed) goto err; if(GetTickCount()-time>1000) exceed = true; __try { i++; ptr*=2; ptr+=36; ptr/=2; ptr+=20; ptr*=10; ptr-=100; ptr/=5; ptr-=20; ptr/=2; time = GetTickCount(); i = IDC_EDIT1 / memcmp((char*)ptr,&tmpBuf[i],1); } __except(1) { if(exceed) goto err; if(GetTickCount()-time>1000) exceed = true; __try { i++; ptr++; ptr*=2; ptr/=2; ptr+=20; ptr*=10; ptr-=100; ptr/=5; ptr-=20; ptr/=2; time = GetTickCount(); i = IDC_EDIT1 / memcmp((char*)ptr,&tmpBuf[i],1); } __except(1) { if(exceed) goto err; if(GetTickCount()-time>1000) exceed = true; __try { i++; ptr2+=20; ptr2*=10; ptr2-=100; ptr2/=5; ptr2-=20; ptr2/=2; time = GetTickCount(); i = IDC_EDIT1 / memcmp((char*)--ptr2,&tmpBuf[i],1); } __except(1) { if(exceed) goto err; if(GetTickCount()-time>1000) exceed = true; __try { i++; ptr2+=30; ptr2*=2; ptr2+=16; ptr2/=2; time = GetTickCount(); i = IDC_EDIT1 / memcmp((char*)--ptr2,&tmpBuf[i],1); } __except(1) { if(exceed) goto err; if(GetTickCount()-time>1000) exceed = true; __try { i++; ptr+=20; ptr*=10; ptr-=100; ptr/=5; ptr-=20; ptr/=2; time = GetTickCount(); i = IDC_EDIT1 / memcmp((char*)--ptr,&tmpBuf[i],1); } __except(1) { if(exceed) goto err; if(GetTickCount()-time>1000) exceed = true; __try { i++; ptr-=7; ptr+=20; ptr*=10; ptr-=100; ptr/=5; ptr-=20; ptr/=2; time = GetTickCount(); i = IDC_EDIT1 / memcmp((char*)ptr,&tmpBuf[i],1); } __except(1) { if(exceed) goto err; if(GetTickCount()-time>1000) exceed = true; __try { i++; ptr+=2; ptr+=20; ptr*=10; ptr-=100; ptr/=5; ptr-=20; ptr/=2; time = GetTickCount(); i = IDC_EDIT1 / memcmp((char*)ptr,&tmpBuf[i],1); } __except(1) { if(exceed) goto err; if(GetTickCount()-time>1000) exceed = true; __try { i++; ptr+=20; ptr*=10; ptr-=100; ptr/=5; ptr-=40; ptr/=2; time = GetTickCount(); i = IDC_EDIT1 / memcmp((char*)ptr2,&tmpBuf[i],1); } __except(1) { if(exceed) goto err; if(GetTickCount()-time>1000) exceed = true; __try { i++; ptr2+=20; ptr2*=10; ptr2-=100; ptr2/=5; ptr2-=10; ptr2/=2; i = IDC_EDIT1 / memcmp((char*)--ptr,&tmpBuf[i],1); } __except(1) { if(exceed) goto err; char greeting[] = "\x1f\n恭喜你!"; char greeting2[] = "\x1f\n成功"; MessageBox(&greeting[2],&greeting2[2],0); CDialog::OnOK(); return; } } } } } } } } } } err: failed = true; } char greeting3[] = "\x1f\n继续努力"; char greeting4[] = "\x1f\n失败"; MessageBox(&greeting3[2],&greeting4[2],0); } Nooby eABc+AA1+o That's it. 
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
