今天暴力破解了pdf加密器,无论输入任何注册号都可以提示“注册成功”。
破解代码如下:
原代码:
004B5171 |. BA 30524B00 MOV EDX,PDFEncry.004B5230 ; test
004B5176 |. E8 61F8F4FF CALL PDFEncry.004049DC
004B517B |. 74 6D JE SHORT PDFEncry.004B51EA
004B517D |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004B5180 |. 8B83 4C030000 MOV EAX,DWORD PTR DS:[EBX+34C]
004B5186 |. E8 F579F9FF CALL PDFEncry.0044CB80
004B518B |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004B518E |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
004B5191 |. E8 F235F5FF CALL PDFEncry.00408788
004B5196 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004B5199 |. E8 F2F6F4FF CALL PDFEncry.00404890
004B519E |. 83F8 20 CMP EAX,20
004B51A1 |. 74 0C JE SHORT PDFEncry.004B51AF
004B51A3 |. B8 40524B00 MOV EAX,PDFEncry.004B5240 ; 注册码错误
004B51A8 |. E8 67A2F7FF CALL PDFEncry.0042F414
004B51AD |. EB 3B JMP SHORT PDFEncry.004B51EA
004B51AF |> 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004B51B2 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004B51B5 |. E8 A644FEFF CALL PDFEncry.00499660
004B51BA |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004B51BD |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
004B51C0 |. E8 0F45FEFF CALL PDFEncry.004996D4
004B51C5 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004B51C8 |. BA 54524B00 MOV EDX,PDFEncry.004B5254
004B51CD |. E8 0AF8F4FF CALL PDFEncry.004049DC
004B51D2 |. 74 0C JE SHORT PDFEncry.004B51E0
004B51D4 |. B8 40524B00 MOV EAX,PDFEncry.004B5240
004B51D9 |. E8 36A2F7FF CALL PDFEncry.0042F414
004B51DE |. EB 0A JMP SHORT PDFEncry.004B51EA
004B51E0 |> B8 80524B00 MOV EAX,PDFEncry.004B5280
004B51E5 |. E8 2AA2F7FF CALL PDFEncry.0042F414
004B51EA |> 33C0 XOR EAX,EAX
破解后代码:
004B5171 |. BA 30524B00 MOV EDX,PDFEncry.004B5230 ; test
004B5176 |. E8 61F8F4FF CALL PDFEncry.004049DC
004B517B |. 74 6D JE SHORT PDFEncry.004B51EA
004B517D |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004B5180 |. 8B83 4C030000 MOV EAX,DWORD PTR DS:[EBX+34C]
004B5186 |. E8 F579F9FF CALL PDFEncry.0044CB80
004B518B |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004B518E |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
004B5191 |. E8 F235F5FF CALL PDFEncry.00408788
004B5196 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004B5199 |. E8 F2F6F4FF CALL PDFEncry.00404890
004B519E |. 83F8 20 CMP EAX,20
004B51A1 |. EB 0C JE SHORT PDFEncry.004B51AF
004B51A3 |. B8 40524B00 MOV EAX,PDFEncry.004B5240 ; 注册码错误
004B51A8 |. E8 67A2F7FF CALL PDFEncry.0042F414
004B51AD |. EB 3B JMP SHORT PDFEncry.004B51EA
004B51AF |> 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004B51B2 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004B51B5 |. E8 A644FEFF CALL PDFEncry.00499660
004B51BA |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004B51BD |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
004B51C0 |. E8 0F45FEFF CALL PDFEncry.004996D4
004B51C5 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004B51C8 |. BA 54524B00 MOV EDX,PDFEncry.004B5254
004B51CD |. E8 0AF8F4FF CALL PDFEncry.004049DC
004B51D2 |. EB 0C JE SHORT PDFEncry.004B51E0
004B51D4 |. B8 40524B00 MOV EAX,PDFEncry.004B5240
004B51D9 |. E8 36A2F7FF CALL PDFEncry.0042F414
004B51DE |. EB 0A JMP SHORT PDFEncry.004B51EA
004B51E0 |> B8 80524B00 MOV EAX,PDFEncry.004B5280
004B51E5 |. E8 2AA2F7FF CALL PDFEncry.0042F414
004B51EA |> 33C0 XOR EAX,EAX
但是,破解还不完全,生成的加密文件还是会有水印提示。不知道怎么才能吧水印提示去掉!!!高手帮帮忙!!!!!!!!!!!
[课程]Android-CTF解题方法汇总!
