-
-
[讨论][原创]自己写的一个crackme,希望高手能给点建议,附件已OK!
-
发表于: 2009-4-19 10:28
-
|
|
|---|---|
|
|
不能运行啊!
 
|
|
|
|
|
|
|
|
|
还是一样啊!我想是你的问题多!三楼写的CM就是用C来写的啊!他没装么?
|
|
|
|
|
|
|
|
|
终于可以了!
|
|
|
先来个战利图:
机器码:12FE7C 用户名:hanyu 注册码:50BAAACBCE2F1ABB09AEA57741AB2051 
|
|
|
|
|
|
关键算法相当BT:
怀疑是一种加密算法,需要两个常数,一个是固定的另一个是机器码变的; 00401DF0 /$ 6A FF PUSH -1 00401DF2 |. 68 47354200 PUSH crackme1.00423547 ; SE 处理程序安装 00401DF7 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 00401DFD |. 50 PUSH EAX 00401DFE |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP 00401E05 |. 83EC 74 SUB ESP,74 00401E08 |. 56 PUSH ESI 00401E09 |. C74424 08 000>MOV DWORD PTR SS:[ESP+8],0 00401E11 |. 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20] 00401E15 |. C78424 800000>MOV DWORD PTR SS:[ESP+80],1 00401E20 |. 50 PUSH EAX 00401E21 |. E8 3AF4FFFF CALL crackme1.00401260 00401E26 |. 8B8424 900000>MOV EAX,DWORD PTR SS:[ESP+90] 00401E2D |. 8B48 F8 MOV ECX,DWORD PTR DS:[EAX-8] 00401E30 |. 51 PUSH ECX 00401E31 |. 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28] 00401E35 |. 50 PUSH EAX 00401E36 |. 51 PUSH ECX 00401E37 |. E8 54F4FFFF CALL crackme1.00401290 00401E3C |. 8D5424 30 LEA EDX,DWORD PTR SS:[ESP+30] 00401E40 |. 8D4424 1C LEA EAX,DWORD PTR SS:[ESP+1C] 00401E44 |. 52 PUSH EDX 00401E45 |. 50 PUSH EAX 00401E46 |. E8 F5F4FFFF CALL crackme1.00401340 00401E4B |. 8B0D 20E34200 MOV ECX,DWORD PTR DS:[42E320] ; crackme1.0042E334 00401E51 |. 83C4 18 ADD ESP,18 00401E54 |. 894C24 04 MOV DWORD PTR SS:[ESP+4],ECX 00401E58 |. 8B5424 1B MOV EDX,DWORD PTR SS:[ESP+1B] 00401E5C |. 8B4424 1A MOV EAX,DWORD PTR SS:[ESP+1A] 00401E60 |. 8B4C24 19 MOV ECX,DWORD PTR SS:[ESP+19] 00401E64 |. 81E2 FF000000 AND EDX,0FF 00401E6A |. 52 PUSH EDX 00401E6B |. 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C] 00401E6F |. 25 FF000000 AND EAX,0FF 00401E74 |. 81E1 FF000000 AND ECX,0FF 00401E7A |. 50 PUSH EAX 00401E7B |. 8B4424 1F MOV EAX,DWORD PTR SS:[ESP+1F] 00401E7F |. 81E2 FF000000 AND EDX,0FF 00401E85 |. 51 PUSH ECX 00401E86 |. 8B4C24 22 MOV ECX,DWORD PTR SS:[ESP+22] 00401E8A |. 52 PUSH EDX 00401E8B |. 8B5424 25 MOV EDX,DWORD PTR SS:[ESP+25] 00401E8F |. 25 FF000000 AND EAX,0FF 00401E94 |. 81E1 FF000000 AND ECX,0FF 00401E9A |. 50 PUSH EAX 00401E9B |. 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+28] 00401E9F |. 81E2 FF000000 AND EDX,0FF 00401EA5 |. 51 PUSH ECX 00401EA6 |. 8B4C24 2B MOV ECX,DWORD PTR SS:[ESP+2B] 00401EAA |. 52 PUSH EDX 00401EAB |. 8B5424 2E MOV EDX,DWORD PTR SS:[ESP+2E] 00401EAF |. 25 FF000000 AND EAX,0FF 00401EB4 |. 81E1 FF000000 AND ECX,0FF 00401EBA |. 50 PUSH EAX 00401EBB |. 8B4424 31 MOV EAX,DWORD PTR SS:[ESP+31] 00401EBF |. 81E2 FF000000 AND EDX,0FF 00401EC5 |. 51 PUSH ECX 00401EC6 |. 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+34] 00401ECA |. 52 PUSH EDX 00401ECB |. 8B5424 37 MOV EDX,DWORD PTR SS:[ESP+37] 00401ECF |. 25 FF000000 AND EAX,0FF 00401ED4 |. 81E1 FF000000 AND ECX,0FF 00401EDA |. 50 PUSH EAX 00401EDB |. 8B4424 3A MOV EAX,DWORD PTR SS:[ESP+3A] 00401EDF |. 81E2 FF000000 AND EDX,0FF 00401EE5 |. 51 PUSH ECX 00401EE6 |. 8B4C24 3D MOV ECX,DWORD PTR SS:[ESP+3D] 00401EEA |. 52 PUSH EDX 00401EEB |. 8B5424 40 MOV EDX,DWORD PTR SS:[ESP+40] 00401EEF |. 25 FF000000 AND EAX,0FF 00401EF4 |. 81E1 FF000000 AND ECX,0FF 00401EFA |. 50 PUSH EAX 00401EFB |. 81E2 FF000000 AND EDX,0FF 00401F01 |. 51 PUSH ECX 00401F02 |. 52 PUSH EDX 00401F03 |. 8D4424 44 LEA EAX,DWORD PTR SS:[ESP+44] 00401F07 |. 68 00E14200 PUSH crackme1.0042E100 ; %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X 00401F0C |. 50 PUSH EAX 00401F0D |. C68424 C80000>MOV BYTE PTR SS:[ESP+C8],2 00401F15 |. E8 B55B0100 CALL crackme1.00417ACF |
|
|
|
|
|
没有了我那么菜那里能看出你那牛的算法啊,只是你在擦程序运行时定义了一个静态变量;我在那里看到明码了!
|
|
|
明码没找到,先爆个,继续找,
窗口还没运行出来,明码就出来了 461E49C953E60DC36DF6E6FA795A6BEA  |
|
|
C482115C
dzhsurf 547C18D6ACA87286FA4FCA8BCD27CE15  |
|
|
|
|
|
我不是在11楼那里贴出了明码出现的位置么?那好多个%后就有了!
|
|
|
|
|
|
真晕,搞了那么久才找到。。。。
机器码:6E41209C 用户名:keheng 注册码:6D5E8693A206AB1FCE5B8E84EC283428  |
