标题:
[转帖]初学者从这里树立信心-极弱Crackme算法简单分析
[打印本页]
作者:
yongmin
时间:
2006-10-6 10:18
标题:
[转帖]初学者从这里树立信心-极弱Crackme算法简单分析
【文章标题】: aaaaaaaaaaaa 【文章作者】: RCracker 【软件名称】: keygenme1 【下载地址】: 见附件 【编写语言】: MASM32 / TASM32 【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教! -------------------------------------------------------------------------------- 【详细过程】 0040120D |. E8 80010000 CALL
; \lstrlenA 00401212 |. A3 86DC4000 MOV DWORD PTR DS:[40DC86],EAX 00401217 |. 833D 86DC4000>CMP DWORD PTR DS:[40DC86],4 0040121E |. 0F8C 29010000 JL keygenme.0040134D 00401224 |. 833D 86DC4000>CMP DWORD PTR DS:[40DC86],32 0040122B |. 0F8F 1C010000 JG keygenme.0040134D ;用户名位数应大于等于4位而小于等于50位 00401231 |. 33C0 XOR EAX,EAX 00401233 |. 33DB XOR EBX,EBX 00401235 |. 33C9 XOR ECX,ECX 00401237 |. BF F8DC4000 MOV EDI,keygenme.0040DCF8 0040123C |. 8B15 86DC4000 MOV EDX,DWORD PTR DS:[40DC86] 00401242 |> 0FB60439 /MOVZX EAX,BYTE PTR DS:[ECX+EDI] 00401246 |. 83E8 19 |SUB EAX,19 00401249 |. 2BD8 |SUB EBX,EAX 0040124B |. 41 |INC ECX 0040124C |. 3BCA |CMP ECX,EDX 0040124E |.^ 75 F2 \JNZ SHORT keygenme.00401242 00401250 |. 53 PUSH EBX ; ebx=0-((r+c+r+a+c+k+e+r)-19*8)--------ebx 的低八位设为sn1(注册码第二部分) 00401251 |. 68 F8DB4000 PUSH keygenme.0040DBF8 00401256 |. 68 F8E04000 PUSH keygenme.0040E0F8 0040125B |. E8 38010000 CALL
00401260 |. 83C4 0C ADD ESP,0C 00401263 |. 33C0 XOR EAX,EAX 00401265 |. 33D2 XOR EDX,EDX 00401267 |. 33C9 XOR ECX,ECX 00401269 |. 03C3 ADD EAX,EBX 0040126B |. 0FAFC3 IMUL EAX,EBX ;eax=sn1 x sn1 0040126E |. 03C8 ADD ECX,EAX ;ecx=sn1 00401270 |. 2BD3 SUB EDX,EBX ;edx=0-sn1 00401272 |. 33D0 XOR EDX,EAX ;edx=0-sn1 00401274 |. 0FAFD8 IMUL EBX,EAX ;ebx=sn1 * sn1 * sn1------------低八位设为sn2(注册码第三部分) 00401277 |. 53 PUSH EBX 00401278 |. 68 F8DB4000 PUSH keygenme.0040DBF8 0040127D |. 68 F8E14000 PUSH keygenme.0040E1F8 00401282 |. E8 11010000 CALL
00401287 |. 83C4 0C ADD ESP,0C 0040128A |. 33C0 XOR EAX,EAX 0040128C |. 33DB XOR EBX,EBX 0040128E |. 33D2 XOR EDX,EDX 00401290 |. 33C9 XOR ECX,ECX 00401292 |. B8 F8E04000 MOV EAX,keygenme.0040E0F8 ;注意这里是把sn1的地址送EAX,而不是把sn1送eax 00401297 |. 03D8 ADD EBX,EAX 00401299 |. 33CB XOR ECX,EBX 0040129B |. 0FAFCB IMUL ECX,EBX 0040129E |. 2BC8 SUB ECX,EAX ;地址 * 地址 - 地址的低八位sn3应为固定值"41720F48"(注册码第四部分) 004012A0 |. 51 PUSH ECX 004012A1 |. 68 F8DB4000 PUSH keygenme.0040DBF8 004012A6 |. 68 F8E24000 PUSH keygenme.0040E2F8 004012AB |. E8 E8000000 CALL
004012B0 |. 83C4 0C ADD ESP,0C 004012B3 |. 68 FCDB4000 PUSH keygenme.0040DBFC ; /Bon- ------------------------设为sn0(注册码第一部分,固定值) 004012B8 |. 68 F8DD4000 PUSH keygenme.0040DDF8 004012BD |. E8 D6000000 CALL
004012C2 |. 83C4 08 ADD ESP,8 004012C5 |. 68 F8E04000 PUSH keygenme.0040E0F8 ; /StringToAdd = "" 004012CA |. 68 F8DD4000 PUSH keygenme.0040DDF8 ; |ConcatString = "" 004012CF |. E8 B2000000 CALL
; \lstrcatA 004012D4 |. 68 01DC4000 PUSH keygenme.0040DC01 ; /- 004012D9 |. 68 F8DD4000 PUSH keygenme.0040DDF8 ; |ConcatString = "" 004012DE |. E8 A3000000 CALL
; \lstrcatA 004012E3 |. 68 F8E14000 PUSH keygenme.0040E1F8 ; /StringToAdd = "" 004012E8 |. 68 F8DD4000 PUSH keygenme.0040DDF8 ; |ConcatString = "" 004012ED |. E8 94000000 CALL
; \lstrcatA 004012F2 |. 68 01DC4000 PUSH keygenme.0040DC01 ; /- 004012F7 |. 68 F8DD4000 PUSH keygenme.0040DDF8 ; |ConcatString = "" 004012FC |. E8 85000000 CALL
; \lstrcatA 00401301 |. 68 F8E24000 PUSH keygenme.0040E2F8 ; /StringToAdd = "" 00401306 |. 68 F8DD4000 PUSH keygenme.0040DDF8 ; |ConcatString = "" 0040130B |. E8 76000000 CALL
; \lstrcatA 00401310 |. B8 F8DD4000 MOV EAX,keygenme.0040DDF8 00401315 |. BB F8DE4000 MOV EBX,keygenme.0040DEF8 ; ASCII 0040131A |. 53 PUSH EBX ; /String2 => 0040131B |. 50 PUSH EAX ; |String1 => 0040131C |. E8 6B000000 CALL
; \lstrcmpA------------------------真假码比较 00401321 |. 74 15 JE SHORT keygenme.00401338 00401323 |. 68 17DC4000 PUSH keygenme.0040DC17 ; /hello, mr. badboy! 00401328 |. 68 F8DF4000 PUSH keygenme.0040DFF8 ; |s = keygenme.0040DFF8 0040132D |. E8 66000000 CALL
; \wsprintfA 00401332 |. 83C4 08 ADD ESP,8 00401335 |. 33C0 XOR EAX,EAX 00401337 |. C3 RETN 00401338 |> 68 03DC4000 PUSH keygenme.0040DC03 ; /hello, mr. goodboy! 0040133D |. 68 F8DF4000 PUSH keygenme.0040DFF8 ; |s = keygenme.0040DFF8 00401342 |. E8 51000000 CALL
; \wsprintfA 00401347 |. 83C4 08 ADD ESP,8 0040134A |. 33C0 XOR EAX,EAX 0040134C |. C3 RETN 0040134D |> 6A 28 PUSH 28 ; /Length = 28 (40.) 0040134F |. 68 F8DD4000 PUSH keygenme.0040DDF8 ; |Destination = keygenme.0040DDF8 00401354 |. E8 21000000 CALL
; \RtlZeroMemory 00401359 |. 68 65DC4000 PUSH keygenme.0040DC65 ; /name must be 4 - 50 chars long! 0040135E |. 68 F8DF4000 PUSH keygenme.0040DFF8 ; |s = keygenme.0040DFF8 00401363 |. E8 30000000 CALL
; \wsprintfA 00401368 |. 83C4 08 ADD ESP,8 0040136B |. 33C0 XOR EAX,EAX 0040136D \. C3 RETN 注册码:sn0-sn1-sn2-sn3 注册机源码: Dim code As String Dim code As String Dim reg1, reg2 As Long code = Text1.Text a = "-" reg1 = 0 If Text1.Text <> "" Then For i = 1 To Len(code) reg1 = reg1 + Asc(Mid(code, i, 1)) Next i If Len(code) < 4 Or Len(code) > 50 Then Text2.Text = "Name must be 4 - 50 chars long!" Else reg1 = 0 - (reg1 - 25 * Len(code)) reg2 = reg1 * reg1 * reg1 Text2.Text = "Bon-" & Hex(reg1) & a & Hex(reg2) & a & "41720F48" End If End If 感谢冷雪指出文中的不足之处!!!!!!!!!!! -------------------------------------------------------------------------------- 【经验总结】 简单! --------------------------------------------------------------------------------
欢迎光临 黑色海岸线论坛 (http://bbs.thysea.com/)
Powered by Discuz! 7.2