附件:BruteMe.rar
Spider写的一个CRACKME,小弟已经找到核心算法,但是发现只有通过编程使用穷举法才可以破解。
高手可否看一下可有其它办法,因为穷举一个16位的序列号太耗时间了。
核心算法如下:
:0040149F 83F810 cmp eax,00000010 ;判断是否共16位
:004014A2 0F85F2000000 jne 0040159A
:004014A8 BAC0314000 mov edx, 004031C0;
:004014AD 91 xchg eax,ecx
:004014AE 8A4411FF mov al, byte ptr [ecx+edx-01]
:004014B2 3C46 cmp al, 46
:004014B4 0F87E0000000 ja 0040159A
:004014BA 3C30 cmp al, 30
:004014BC 0F82D8000000 jb 0040159A
:004014C2 3C41 cmp al, 41
:004014C4 7308 jnb 004014CE
:004014C6 3C39 cmp al, 39
:004014C8 0F87CC000000 ja 0040159A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004014C4(C)
|
:004014CE E2DE loop 004014AE ;判断是否是十六进制数
:004014D0 8B02 mov eax, dword ptr [edx]
:004014D2 0FC8 bswap eax
:004014D4 E88F010000 call 00401668
:004014D9 C1E010 shl eax, 10
:004014DC 91 xchg eax,ecx
:004014DD 8B4204 mov eax, dword ptr [edx+04]
:004014E0 0FC8 bswap eax
:004014E2 E881010000 call 00401668
:004014E7 0BC1 or eax, ecx
:004014E9 A3D4314000 mov dword ptr [004031D4], eax
:004014EE 3D0000001B cmp eax, 1B000000
:004014F3 0F83A1000000 jnb 0040159A
:004014F9 50 push eax
:004014FA 8B4208 mov eax, dword ptr [edx+08]
:004014FD 0FC8 bswap eax
:004014FF E864010000 call 00401668
:00401504 C1E010 shl eax, 10
:00401507 91 xchg eax,ecx
:00401508 8B420C mov eax, dword ptr [edx+0C]
:0040150B 0FC8 bswap eax
:0040150D E856010000 call 00401668
:00401512 0BC1 or eax, ecx
:00401514 A3D8314000 mov dword ptr [004031D8], eax
:00401519 59 pop ecx
:0040151A 03C1 add eax, ecx
:0040151C 35A769D998 xor eax, 98D969A7
:00401521 7577 jne 0040159A
:00401523 BB46154000 mov ebx, 00401546
:00401528 B96C154000 mov ecx, 0040156C
:0040152D 2BCB sub ecx, ebx
:0040152F C1E903 shr ecx, 03
:00401532 A1D4314000 mov eax, dword ptr [004031D4]
:00401537 3103 xor dword ptr [ebx], eax
:00401539 A1D8314000 mov eax, dword ptr [004031D8]
:0040153E 314304 xor dword ptr [ebx+04], eax
:00401541 83C308 add ebx, 00000008
:00401544 E2EC loop 00401532
:00401668 E8E6FFFFFF call 00401653
:0040166D C1C010 rol eax, 10
:00401670 E8DEFFFFFF call 00401653
:00401675 C1C010 rol eax, 10
:00401678 86E0 xchg al, ah
:0040167A C1E808 shr eax, 08
:0040167D C3 ret
* Referenced by a CALL at Addresses:
|:00401668 , :00401670
|
:00401653 662D3030 sub ax, 3030
:00401657 3C09 cmp al, 09
:00401659 7602 jbe 0040165D
:0040165B 2C07 sub al, 07
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401659(C)
|
:0040165D 80FC09 cmp ah, 09
:00401660 7603 jbe 00401665
:00401662 80EC07 sub ah, 07
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401660(C)
|
:00401665 D510 aad (base=16)
:00401667 C3 ret
阿里云助力开发者!2核2G 3M带宽不限流量!6.18限时价,开
发者可享99元/年,续费同价!