[原创]yaya's CrackMe-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

最新回复 (12)
kingstell 雪币： 215 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 52 粉丝 0 关注私信	kingstell 2 楼不会追码委琐的暴了下上传的附件： 1.jpg （28.87kb，107次下载） 2009-7-8 23:24 0
挂挂雪币： 46 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 189 粉丝 0 关注私信	挂挂 3 楼支持个！！！！ 2009-7-8 23:46 0
CuteSnail 雪币： 452 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 18 回帖 342 粉丝 0 关注私信	CuteSnail 2 4 楼一组KEY： zzzzzzzzzzzz1 - zzzzzzzzzzzz2 - ZZZZZ3 - ZZZZZ> 上传的附件： 1.gif （12.41kb，97次下载） 2009-7-9 10:54 0
CuteSnail 雪币： 452 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 18 回帖 342 粉丝 0 关注私信	CuteSnail 2 5 楼 00401EA9 \|> \8A8424 040400>mov al, byte ptr [esp+404] 00401EB0 \|. 33FF xor edi, edi 00401EB2 \|. 84C0 test al, al 00401EB4 \|. 8D8C24 040400>lea ecx, dword ptr [esp+404] 00401EBB \|. 74 0D je short 00401ECA 00401EBD \|> 0FBED0 /movsx edx, al ; KEY1 ASCII循环累加 00401EC0 \|. 8A41 01 \|mov al, byte ptr [ecx+1] 00401EC3 \|. 03FA \|add edi, edx ; EDI 00401EC5 \|. 41 \|inc ecx 00401EC6 \|. 84C0 \|test al, al 00401EC8 \|.^ 75 F3 \jnz short 00401EBD 00401ECA \|> 8A4424 14 mov al, byte ptr [esp+14] 00401ECE \|. 33ED xor ebp, ebp 00401ED0 \|. 84C0 test al, al 00401ED2 \|. 8D4C24 14 lea ecx, dword ptr [esp+14] 00401ED6 \|. 74 0D je short 00401EE5 00401ED8 \|> 0FBEC0 /movsx eax, al ; KEY2 ASCII循环累加 00401EDB \|. 03E8 \|add ebp, eax ; ebp 00401EDD \|. 8A41 01 \|mov al, byte ptr [ecx+1] 00401EE0 \|. 41 \|inc ecx 00401EE1 \|. 84C0 \|test al, al 00401EE3 \|.^ 75 F3 \jnz short 00401ED8 00401EE5 \|> 8A8424 0C0200>mov al, byte ptr [esp+20C] 00401EEC \|. 33F6 xor esi, esi 00401EEE \|. 84C0 test al, al 00401EF0 \|. 8D8C24 0C0200>lea ecx, dword ptr [esp+20C] 00401EF7 \|. 74 0D je short 00401F06 00401EF9 \|> 0FBED0 /movsx edx, al ; KEY3 ASCII循环累加 00401EFC \|. 8A41 01 \|mov al, byte ptr [ecx+1] 00401EFF \|. 03F2 \|add esi, edx ; esi 00401F01 \|. 41 \|inc ecx 00401F02 \|. 84C0 \|test al, al 00401F04 \|.^ 75 F3 \jnz short 00401EF9 00401F06 \|> 8A8424 FC0500>mov al, byte ptr [esp+5FC] 00401F0D \|. 33D2 xor edx, edx 00401F0F \|. 84C0 test al, al 00401F11 \|. 8D8C24 FC0500>lea ecx, dword ptr [esp+5FC] 00401F18 \|. 74 0D je short 00401F27 00401F1A \|> 0FBEC0 /movsx eax, al ; KEY4 ASCII循环累加 00401F1D \|. 03D0 \|add edx, eax ; edx 00401F1F \|. 8A41 01 \|mov al, byte ptr [ecx+1] 00401F22 \|. 41 \|inc ecx 00401F23 \|. 84C0 \|test al, al 00401F25 \|.^ 75 F3 \jnz short 00401F1A 00401F27 \|> 03FD add edi, ebp ; edi := edi + ebp (KEY1 + KEY2) 00401F29 \|. 03F2 add esi, edx ; esi := esi + edx (KEY3 + KEY4) 00401F2B \|. 81FF F4010000 cmp edi, 1F4 ; edi大于500 00401F31 0F8C E7010000 jl 0040211E 00401F37 \|. 81FF B0AD0100 cmp edi, 1ADB0 ; edi小于110000 00401F3D \|. 0F8F DB010000 jg 0040211E 00401F43 \|. 81FE F4010000 cmp esi, 1F4 ; esi大于500 00401F49 0F8C CF010000 jl 0040211E 00401F4F \|. 81FE B0AD0100 cmp esi, 1ADB0 ; esi小于110000 00401F55 \|. 0F8F C3010000 jg 0040211E 00401F5B \|. 56 push esi 00401F5C \|. 57 push edi 00401F5D \|. E8 CE010000 call 00402130 00401F62 \|. 57 push edi 00401F63 \|. 56 push esi 00401F64 \|. 8BE8 mov ebp, eax ; ebp := eax; 上面的结果 00401F66 \|. E8 C5010000 call 00402130 00401F6B \|. 83C4 10 add esp, 10 00401F6E \|. 83FD 01 cmp ebp, 1 00401F71 \|. 74 09 je short 00401F7C 00401F73 \|. 83F8 01 cmp eax, 1 00401F76 0F85 A2010000 jnz 0040211E 00401F7C \|> 68 30314100 push 00413130 ; 正确了耶！进入算法中： 00402130 /$ DB4424 04 fild dword ptr [esp+4] ; KEY1 + KEY2 00402134 \|. 53 push ebx 00402135 \|. 56 push esi 00402136 \|. 57 push edi 00402137 \|. BF 01000000 mov edi, 1 ; edi := 1; 0040213C \|. D9FA fsqrt ; 开方 0040213E \|. E8 6D3F0000 call 004060B0 ; 结果回eax 00402143 \|. 8B5C24 10 mov ebx, dword ptr [esp+10] ; ebx := KEY1 + KEY2 00402147 \|. 8BF0 mov esi, eax ; esi := eax; 循环次数 00402149 \|. B9 02000000 mov ecx, 2 ; ecx := 2; 0040214E \|. 3BF1 cmp esi, ecx 00402150 \|. 7E 17 jle short 00402169 00402152 \|> 8BC3 /mov eax, ebx ; eax := ebx; 固定值 KEY1 + KEY2 00402154 \|. 99 \|cdq 00402155 \|. F7F9 \|idiv ecx ; eax := eax / ecx; 00402157 \|. 85D2 \|test edx, edx ; edx := eax mod ecx; 00402159 \|. 75 09 \|jnz short 00402164 0040215B \|. 8BC3 \|mov eax, ebx ; eax := ebx; 固定值 KEY1 + KEY2 0040215D \|. 99 \|cdq 0040215E \|. F7F9 \|idiv ecx ; eax := eax / ecx; 00402160 \|. 03C1 \|add eax, ecx ; eax := eax + ecx; 00402162 \|. 03F8 \|add edi, eax ; //edi := edi + eax; 00402164 \|> 41 \|inc ecx ; ecx := ecx + 1; 00402165 \|. 3BCE \|cmp ecx, esi 00402167 \|.^ 7C E9 \jl short 00402152 00402169 \|> 83FE 01 cmp esi, 1 0040216C \|. 74 0B je short 00402179 0040216E \|. 8BC3 mov eax, ebx ; eax := KEY1 + KEY2 00402170 \|. 99 cdq 00402171 \|. F7FE idiv esi ; eax := eax / esi 00402173 \|. 85D2 test edx, edx ; edx := eax mod esi 00402175 \|. 75 02 jnz short 00402179 00402177 \|. 03FE add edi, esi 00402179 \|> 8B4C24 14 mov ecx, dword ptr [esp+14] ; ecx := KEY3 + KEY4 0040217D \|. 33C0 xor eax, eax 0040217F \|. 3BF9 cmp edi, ecx ; 比较edi结果与KEY3+KEY4结果 00402181 \|. 5F pop edi 00402182 \|. 5E pop esi 00402183 \|. 5B pop ebx 00402184 0F94C0 sete al 00402187 \. C3 retn 2009-7-9 10:57 0
renwoxiao 雪币： 318 活跃值： (10) 能力值： ( LV4，RANK：50 ) 在线值：发帖 5 回帖 100 粉丝 0 关注私信	renwoxiao 1 6 楼这个crackme的爆破点太好找了 2009-7-9 14:07 0
lmyouya 雪币： 538 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 56 粉丝 0 关注私信	lmyouya 7 楼 #include<iostream> #include<windows.h> #include<cmath> using namespace std ; enum fy{ d1=262, d1_=277, d2=294, d2_=311, d3=330, d4=349, d5=392, d5_=415, d6=440, d6_=466, d7=494, z1=523, z1_=554, z2=578, z2_=622, z3=659, z4=698, z4_=740, z5=784, z5_=831, z6=880, z6_932, z7=988, g1=1046, g1_=1109, g2=1175, g2_=1245, g3=1318, g4=1397, g4_=1480, g5=1568, g5_=1661, g6=1760, g6_=1865, g7=1976, yaya=0 }; struct yf { enum fy s; int t; }; int h(int , int); int music() { int n=0;; struct yf a[1000]={{z3,125},{z3,50},{z4,100},{z3,50},{z2,50}, //5 {z2,125},{z2,50},{z5,100},{z2,50},{z1,50}, //10 {z1,125},{z1,50},{z6,100},{z5,100}, //14 {z3,125},{z4,25},{z3,25},{z2,100},{z2,100}, //19 {z3,125},{z3,50},{z4,100},{z5,50},{z3,50}, //24 {z5,125},{z5,50},{g2,100},{z7,50},{g1,50}, //29 {g1,200},{g1,50},{z7,50},{z6,50},{z7,50}, //34 {g1,125},{z7,50},{g1,200}, //37 {g1,50},{z7,50},{g1,50},{z7,50},{g1,100},{z3,50},{z5,50}, //44 {z5,250},{z6,50},{z7,50}, //47 {g1,50},{z7,50},{g1,50},{z7,50},{g1,100},{g2,100},{g3,100}, //54 {g3,300},{z6,50},{z7,50}, //57 {g1,50},{z7,50},{g1,50},{z7,50},{g1,100},{g3,100}, //63 {z7,50},{z6,50},{z7,50},{z6,50},{z7,50},{z5,50},{z5,50},{g1,50}, //71 {g1,200},{g3,75},{g4,25},{g4,50},{g3,50}, //76 {g2,200},{yaya,50},{z5,50},{g1,50},{g2,50}, //81 {g3,50},{g1,50},{g1,50},{z5,50},{z5,100},{z5,50},{g3,50}, //88 {g2,50},{g3,50},{g2,50},{g1,50},{z5,50},{z5,50},{z6,50},{z7,50}, //96 {g1,50},{z6,50},{z6,50},{z3,50},{z3,100},{yaya,50},{z7,50}, //103 {g1,50},{z7,50},{g1,50},{g2,50},{z6,50},{z5,50},{z5,100}, //110 {z6,100},{z5,50},{z6,50},{z7,100},{g3,50},{g4,50}, //116 {g3,50},{g4,50},{g3,50},{g2,50},{g2,50},{g1,100},{z5,50}, //123 {z5,50},{z4,50},{z4,50},{g1,50},{g1,50},{g3,50},{g3,50},{g1,50}, //131 {g2,200},{yaya,50},{z5,50},{g1,50},{g2,50}, //136 {g3,50},{g1,50},{g1,50},{z5,50},{z5,100},{z5,50},{g3,50}, //143 {g2,50},{g3,50},{g2,50},{g1,50},{z5,50},{z5,50},{z6,50},{z7,50}, //151 {g1,50},{z6,50},{z6,50},{z3,50},{z3,100},{z3,50},{z7,50}, //158 {g1,50},{z7,50},{g1,50},{g2,50},{z6,50},{z5,50},{z5,100}, //165 {z6,50},{z7,50},{g1,50},{g2,100},{g3,50},{g4,50}, //171 {g3,50},{g4,50},{g2,50},{g1,50},{g2,50},{g1,50},{g1,100}, //178 {g2,50},{g1,50},{g2,50},{z6,50},{g1,100},{g2,50},{g1,50}, //185 {g1,400}, //186 {g2,50},{g1,50},{g2,50},{z6,50},{z7,100},{z7,50},{g1,50}, //193 {g1,400}, //194 }; struct yf atop; LoadLibrary("kernel32"); atop=a; n=194; while(n--) { Beep(atop->s,atop->t5); atop++; } return 1; } int main() { int flag1, flag2, a, b,c,d; char key1[501],key2[501],key3[501],key4[501],atop,sure; do { cout<<"yaya Crackme" <<endl<<endl; cout<<"key由四部分组成:key1 - key2 - key3 - key4" <<endl; cout<<"请输入key1:"; cin>>key1; cin.ignore(501,'\n'); cout<<"请输入key2:"; cin>>key2; cin.ignore(501,'\n'); cout<<"请输入key3:"; cin>>key3; cin.ignore(501,'\n'); cout<<"请输入key4:"; cin>>key4; cin.ignore(501,'\n'); cout<<"你的输入的key: "<<key1<<" - "<<key2<<" - "<<key3<<" - "<<key4<<endl; cout<<"y确定，n重新输入:"; cin>>sure; cout<<endl; }while(!(sure=='y'\|\|sure=='Y')); atop=key1; a=0; while(atop) a=a+atop++; b=0; atop=key2; while(atop) b=b+atop++; c=0; atop=key3; while(atop) c=c+atop++; d=0; atop=key4; while(atop) d=d+*atop++; a=a+b; b=c+d; if(a<500 \|\|a>110000\|\|b<500 \|\| b>110000) return 0; flag1=h(a,b); flag2=h(b,a); if(flag1 == 1 \|\| flag2 == 1) { cout << "正确了耶！" << endl; cout<<"那怎么办？" <<endl; cout<<"让吖吖想想，好吧，请你听歌？(y/n):" ; cin>>sure; if(sure=='y'\|\|sure=='Y') { music(); cout<<"谢谢你能听完，xixi..."<<endl; cout<<"Crackme Code by yaya. See you next Time!"<<endl; if(1==2) cout<<"blog http://hi.baidu.com/lmyouya"<<endl; } } return 0; } int h( int a, int b) { int k ,j, r=1; k=int( sqrt( double (a) ) ); for(j=2; j < k; j++) { if( a%j == 0) { r += j+a/j; } } if(k != 1&&a%k == 0) r += k; if( r == b ) return 1; else return 0; } 谢谢各位滴参与。。。 yaya's CrackMe 源代码 2009-7-9 18:35 0
ehome 雪币： 195 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 39 粉丝 0 关注私信	ehome 8 楼好的，下来看看。谢谢。 2009-7-9 20:53 0
renwoxiao 雪币： 318 活跃值： (10) 能力值： ( LV4，RANK：50 ) 在线值：发帖 5 回帖 100 粉丝 0 关注私信	renwoxiao 1 9 楼我的妈呀，你的音乐代码也太大了，可以看作花指令吗？？？？还好是在一个函数中，要是直接写在主函数中，可能的把人调试的要崩溃，已算一种加密的法式。而且非明码比较，很好。美中不足的是最后成功的标志是明文，很容易被爆破，这只是我一个菜鸟的胡谝，高手莫怪 2009-7-9 21:00 0
北极狐狸雪币： 2368 活跃值： (81) 能力值： (RANK：300 ) 在线值：发帖 46 回帖 1342 粉丝 0 关注私信	北极狐狸 7 10 楼兄弟截图很专业，用的什么工具？ 2009-7-9 22:28 0
keheng 雪币： 319 活跃值： (49) 能力值： ( LV4，RANK：50 ) 在线值：发帖 14 回帖 214 粉丝 0 关注私信	keheng 1 11 楼早就想知道是什么工具。。。。。。。。。。。。。。。。。。 2009-7-10 10:42 0
lmyouya 雪币： 538 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 56 粉丝 0 关注私信	lmyouya 12 楼截图撕边效果？？上传的附件： SpxImage.gif （19.37kb，65次下载） 2009-7-10 11:21 0
CuteSnail 雪币： 452 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 18 回帖 342 粉丝 0 关注私信	CuteSnail 2 13 楼恩，和楼上的一样，最新版本下载： http://www.moodysoft.com/download.html 2009-7-10 12:08 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

kingstell

雪币： 215

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

4

回帖

52

粉丝

0

关注

私信

kingstell: 2 楼

不会追码委琐的暴了下

上传的附件：

1.jpg （28.87kb，107次下载）

2009-7-8 23:24

0

挂挂

雪币： 46

活跃值： (11)

能力值：

( LV2，RANK：10 )

在线值：

发帖

8

回帖

189

粉丝

0

关注

私信

挂挂: 3 楼

支持个！！！！

2009-7-8 23:46

0

CuteSnail

雪币： 452

活跃值： (10)

能力值：

( LV6，RANK：90 )

在线值：

发帖

18

回帖

342

粉丝

0

关注

私信

CuteSnail 2: 4 楼

一组KEY：

zzzzzzzzzzzz1 - zzzzzzzzzzzz2 - ZZZZZ3 - ZZZZZ>

上传的附件：

1.gif （12.41kb，97次下载）

2009-7-9 10:54

0

CuteSnail

雪币： 452

活跃值： (10)

能力值：

( LV6，RANK：90 )

在线值：

发帖

18

回帖

342

粉丝

0

关注

私信

CuteSnail 2: 5 楼

00401EA9 |> \8A8424 040400>mov al, byte ptr [esp+404]
00401EB0 |. 33FF xor edi, edi
00401EB2 |. 84C0 test al, al
00401EB4 |. 8D8C24 040400>lea ecx, dword ptr [esp+404]
00401EBB |. 74 0D je short 00401ECA
00401EBD |> 0FBED0 /movsx edx, al ; KEY1 ASCII循环累加
00401EC0 |. 8A41 01 |mov al, byte ptr [ecx+1]
00401EC3 |. 03FA |add edi, edx ; EDI
00401EC5 |. 41 |inc ecx
00401EC6 |. 84C0 |test al, al
00401EC8 |.^ 75 F3 \jnz short 00401EBD
00401ECA |> 8A4424 14 mov al, byte ptr [esp+14]
00401ECE |. 33ED xor ebp, ebp
00401ED0 |. 84C0 test al, al
00401ED2 |. 8D4C24 14 lea ecx, dword ptr [esp+14]
00401ED6 |. 74 0D je short 00401EE5
00401ED8 |> 0FBEC0 /movsx eax, al ; KEY2 ASCII循环累加
00401EDB |. 03E8 |add ebp, eax ; ebp
00401EDD |. 8A41 01 |mov al, byte ptr [ecx+1]
00401EE0 |. 41 |inc ecx
00401EE1 |. 84C0 |test al, al
00401EE3 |.^ 75 F3 \jnz short 00401ED8
00401EE5 |> 8A8424 0C0200>mov al, byte ptr [esp+20C]
00401EEC |. 33F6 xor esi, esi
00401EEE |. 84C0 test al, al
00401EF0 |. 8D8C24 0C0200>lea ecx, dword ptr [esp+20C]
00401EF7 |. 74 0D je short 00401F06
00401EF9 |> 0FBED0 /movsx edx, al ; KEY3 ASCII循环累加
00401EFC |. 8A41 01 |mov al, byte ptr [ecx+1]
00401EFF |. 03F2 |add esi, edx ; esi
00401F01 |. 41 |inc ecx
00401F02 |. 84C0 |test al, al
00401F04 |.^ 75 F3 \jnz short 00401EF9
00401F06 |> 8A8424 FC0500>mov al, byte ptr [esp+5FC]
00401F0D |. 33D2 xor edx, edx
00401F0F |. 84C0 test al, al
00401F11 |. 8D8C24 FC0500>lea ecx, dword ptr [esp+5FC]
00401F18 |. 74 0D je short 00401F27
00401F1A |> 0FBEC0 /movsx eax, al ; KEY4 ASCII循环累加
00401F1D |. 03D0 |add edx, eax ; edx
00401F1F |. 8A41 01 |mov al, byte ptr [ecx+1]
00401F22 |. 41 |inc ecx
00401F23 |. 84C0 |test al, al
00401F25 |.^ 75 F3 \jnz short 00401F1A
00401F27 |> 03FD add edi, ebp ; edi := edi + ebp (KEY1 + KEY2)
00401F29 |. 03F2 add esi, edx ; esi := esi + edx (KEY3 + KEY4)
00401F2B |. 81FF F4010000 cmp edi, 1F4 ; edi大于500
00401F31 0F8C E7010000 jl 0040211E
00401F37 |. 81FF B0AD0100 cmp edi, 1ADB0 ; edi小于110000
00401F3D |. 0F8F DB010000 jg 0040211E
00401F43 |. 81FE F4010000 cmp esi, 1F4 ; esi大于500
00401F49 0F8C CF010000 jl 0040211E
00401F4F |. 81FE B0AD0100 cmp esi, 1ADB0 ; esi小于110000
00401F55 |. 0F8F C3010000 jg 0040211E
00401F5B |. 56 push esi
00401F5C |. 57 push edi
00401F5D |. E8 CE010000 call 00402130
00401F62 |. 57 push edi
00401F63 |. 56 push esi
00401F64 |. 8BE8 mov ebp, eax ; ebp := eax; 上面的结果
00401F66 |. E8 C5010000 call 00402130
00401F6B |. 83C4 10 add esp, 10
00401F6E |. 83FD 01 cmp ebp, 1
00401F71 |. 74 09 je short 00401F7C
00401F73 |. 83F8 01 cmp eax, 1
00401F76 0F85 A2010000 jnz 0040211E
00401F7C |> 68 30314100 push 00413130 ; 正确了耶！

进入算法中：

00402130 /$ DB4424 04 fild dword ptr [esp+4] ; KEY1 + KEY2
00402134 |. 53 push ebx
00402135 |. 56 push esi
00402136 |. 57 push edi
00402137 |. BF 01000000 mov edi, 1 ; edi := 1;
0040213C |. D9FA fsqrt ; 开方
0040213E |. E8 6D3F0000 call 004060B0 ; 结果回eax
00402143 |. 8B5C24 10 mov ebx, dword ptr [esp+10] ; ebx := KEY1 + KEY2
00402147 |. 8BF0 mov esi, eax ; esi := eax; 循环次数
00402149 |. B9 02000000 mov ecx, 2 ; ecx := 2;
0040214E |. 3BF1 cmp esi, ecx
00402150 |. 7E 17 jle short 00402169
00402152 |> 8BC3 /mov eax, ebx ; eax := ebx; 固定值 KEY1 + KEY2
00402154 |. 99 |cdq
00402155 |. F7F9 |idiv ecx ; eax := eax / ecx;
00402157 |. 85D2 |test edx, edx ; edx := eax mod ecx;
00402159 |. 75 09 |jnz short 00402164
0040215B |. 8BC3 |mov eax, ebx ; eax := ebx; 固定值 KEY1 + KEY2
0040215D |. 99 |cdq
0040215E |. F7F9 |idiv ecx ; eax := eax / ecx;
00402160 |. 03C1 |add eax, ecx ; eax := eax + ecx;
00402162 |. 03F8 |add edi, eax ; //edi := edi + eax;
00402164 |> 41 |inc ecx ; ecx := ecx + 1;
00402165 |. 3BCE |cmp ecx, esi
00402167 |.^ 7C E9 \jl short 00402152
00402169 |> 83FE 01 cmp esi, 1
0040216C |. 74 0B je short 00402179
0040216E |. 8BC3 mov eax, ebx ; eax := KEY1 + KEY2
00402170 |. 99 cdq
00402171 |. F7FE idiv esi ; eax := eax / esi
00402173 |. 85D2 test edx, edx ; edx := eax mod esi
00402175 |. 75 02 jnz short 00402179
00402177 |. 03FE add edi, esi
00402179 |> 8B4C24 14 mov ecx, dword ptr [esp+14] ; ecx := KEY3 + KEY4
0040217D |. 33C0 xor eax, eax
0040217F |. 3BF9 cmp edi, ecx ; 比较edi结果与KEY3+KEY4结果
00402181 |. 5F pop edi
00402182 |. 5E pop esi
00402183 |. 5B pop ebx
00402184 0F94C0 sete al
00402187 \. C3 retn

2009-7-9 10:57

0

renwoxiao

雪币： 318

活跃值： (10)

能力值：

( LV4，RANK：50 )

在线值：

发帖

5

回帖

100

粉丝

0

关注

私信

renwoxiao 1: 6 楼

这个crackme的爆破点太好找了

2009-7-9 14:07

0

lmyouya

雪币： 538

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

5

回帖

56

粉丝

0

关注

私信

lmyouya: 7 楼

#include<iostream>
#include<windows.h>
#include<cmath>
using namespace std ;
enum fy{
	d1=262,
	d1_=277,
	d2=294,
	d2_=311,
	d3=330,
	d4=349,
	d5=392,
	d5_=415,
	d6=440,
	d6_=466,
	d7=494,
	z1=523,
	z1_=554,
	z2=578,
	z2_=622,
	z3=659,
	z4=698,
	z4_=740,
	z5=784,
	z5_=831,
	z6=880,
	z6_932,
	z7=988,
	g1=1046,
	g1_=1109,
	g2=1175,
	g2_=1245,
	g3=1318,
	g4=1397,
	g4_=1480,
	g5=1568,
	g5_=1661,
	g6=1760,
	g6_=1865,
	g7=1976,
	yaya=0
};
struct yf
{
	enum fy s;
	int t;
};
int h(int , int);
int music()
{
    int n=0;;
	struct yf a[1000]={{z3,125},{z3,50},{z4,100},{z3,50},{z2,50},  //5
	{z2,125},{z2,50},{z5,100},{z2,50},{z1,50},	//10
	{z1,125},{z1,50},{z6,100},{z5,100},			//14
	{z3,125},{z4,25},{z3,25},{z2,100},{z2,100},	//19
	{z3,125},{z3,50},{z4,100},{z5,50},{z3,50},	//24
	{z5,125},{z5,50},{g2,100},{z7,50},{g1,50},	//29
	{g1,200},{g1,50},{z7,50},{z6,50},{z7,50},	//34
	{g1,125},{z7,50},{g1,200},					//37
	{g1,50},{z7,50},{g1,50},{z7,50},{g1,100},{z3,50},{z5,50},	//44
	{z5,250},{z6,50},{z7,50},					//47
	{g1,50},{z7,50},{g1,50},{z7,50},{g1,100},{g2,100},{g3,100},	//54
	{g3,300},{z6,50},{z7,50},		//57
	{g1,50},{z7,50},{g1,50},{z7,50},{g1,100},{g3,100},	//63
	{z7,50},{z6,50},{z7,50},{z6,50},{z7,50},{z5,50},{z5,50},{g1,50}, //71
	{g1,200},{g3,75},{g4,25},{g4,50},{g3,50},	//76
	{g2,200},{yaya,50},{z5,50},{g1,50},{g2,50},	//81
	{g3,50},{g1,50},{g1,50},{z5,50},{z5,100},{z5,50},{g3,50}, //88
	{g2,50},{g3,50},{g2,50},{g1,50},{z5,50},{z5,50},{z6,50},{z7,50}, //96
	{g1,50},{z6,50},{z6,50},{z3,50},{z3,100},{yaya,50},{z7,50},	//103
	{g1,50},{z7,50},{g1,50},{g2,50},{z6,50},{z5,50},{z5,100}, //110
	{z6,100},{z5,50},{z6,50},{z7,100},{g3,50},{g4,50}, //116
	{g3,50},{g4,50},{g3,50},{g2,50},{g2,50},{g1,100},{z5,50}, //123
	{z5,50},{z4,50},{z4,50},{g1,50},{g1,50},{g3,50},{g3,50},{g1,50}, //131
	{g2,200},{yaya,50},{z5,50},{g1,50},{g2,50}, //136
	{g3,50},{g1,50},{g1,50},{z5,50},{z5,100},{z5,50},{g3,50}, //143
	{g2,50},{g3,50},{g2,50},{g1,50},{z5,50},{z5,50},{z6,50},{z7,50}, //151
	{g1,50},{z6,50},{z6,50},{z3,50},{z3,100},{z3,50},{z7,50},	//158
	{g1,50},{z7,50},{g1,50},{g2,50},{z6,50},{z5,50},{z5,100},	//165
	{z6,50},{z7,50},{g1,50},{g2,100},{g3,50},{g4,50},	//171
	{g3,50},{g4,50},{g2,50},{g1,50},{g2,50},{g1,50},{g1,100},	//178
	{g2,50},{g1,50},{g2,50},{z6,50},{g1,100},{g2,50},{g1,50},	//185
	{g1,400},		//186
	{g2,50},{g1,50},{g2,50},{z6,50},{z7,100},{z7,50},{g1,50},	//193
	{g1,400},		//194
	};
	struct yf *atop;
	LoadLibrary("kernel32");
	atop=a;
	n=194;
	while(n--)
	{
		Beep(atop->s,atop->t*5);
		atop++;
	}
    return 1;
}
int main()
{    
    int flag1, flag2, a, b,c,d;
    char key1[501],key2[501],key3[501],key4[501],*atop,sure;
    do
    { 
    cout<<"yaya Crackme" <<endl<<endl;
    cout<<"key由四部分组成:key1 - key2 - key3 - key4" <<endl;
    cout<<"请输入key1:"; 
    cin>>key1;
	cin.ignore(501,'\n');
	cout<<"请输入key2:";
	cin>>key2;
	cin.ignore(501,'\n');
	cout<<"请输入key3:"; 
	cin>>key3;
	cin.ignore(501,'\n');
	cout<<"请输入key4:";
	cin>>key4;
	cin.ignore(501,'\n');
	cout<<"你的输入的key: "<<key1<<" - "<<key2<<" - "<<key3<<" - "<<key4<<endl;
	cout<<"y确定，n重新输入:";
    cin>>sure;
    cout<<endl; 
    }while(!(sure=='y'||sure=='Y')); 
    atop=key1;
    a=0; 
    while(*atop)
           a=a+*atop++;
    b=0; 
    atop=key2;
    while(*atop)
        b=b+*atop++;
    c=0;
    atop=key3;
    while(*atop)
        c=c+*atop++;
     d=0; 
     atop=key4;
     while(*atop)
        d=d+*atop++; 
     a=a+b;
     b=c+d;     
	if(a<500 ||a>110000||b<500 || b>110000)
	          return 0;
		flag1=h(a,b);
		flag2=h(b,a);
		if(flag1 == 1 || flag2 == 1)
		{
			cout << "正确了耶！" << endl;
			cout<<"那怎么办？" <<endl;
            cout<<"让吖吖想想，好吧，请你听歌？(y/n):" ;
            cin>>sure;
            if(sure=='y'||sure=='Y')
            {
            music();
            cout<<"谢谢你能听完，xixi..."<<endl;
            cout<<"Crackme Code by yaya. See you next Time!"<<endl;
            if(1==2)
            cout<<"blog http://hi.baidu.com/lmyouya"<<endl;
            }
        }
    return 0;
}

int h( int a, int b)
{
    int k ,j, r=1;
    k=int( sqrt( double (a) ) );
    for(j=2; j < k; j++)
    {
        if( a%j == 0)
        {
            r += j+a/j;
        }
    }
    if(k != 1&&a%k == 0)
        r += k;
    if( r == b )
        return 1;
    else 
        return 0;
}

谢谢各位滴参与。。。

yaya's CrackMe 源代码