PYG 5.4 Cracker 小组 课外练习6
PYG 5.4 Cracker 小组 课外练习6要求
1)爆破
2)追码
3)制作内存注册机
4)算法分析(选做)
希望大家能踊跃参与,积极交流
[ 本帖最后由 lovewxt 于 2006-5-20 11:19 编辑 ] 原帖由 fantasy 于 2006-5-19 17:15 发表
要求
1)爆破
2)追码
3)制作内存注册机
4)算法分析(选做)
希望大家能踊跃参与,积极交流
不错,感谢fantasy兄弟的配合和支持。
将这个Crackme帖的主题设为:
PYG 5.4 Cracker 小组 课外练习6
这样逍遥兄会给置顶的!
希望以后我们练手的Crackme先让菜鸟们玩玩。大鸟后到!Cool! 呵呵 那我下载也来玩玩~ 跟出了注册码! 呵呵~~哪位来个算法撒
不难的哦 偶来写个 /:D
00457BBE 55 push ebp
00457BBF 68 8A7E4500 push CrackMe#.00457E8A
00457BC4 64:FF30 push dword ptr fs:
00457BC7 64:8920 mov dword ptr fs:,esp
00457BCA 8D55 FC lea edx,dword ptr ss:
00457BCD 8B83 D8020000 mov eax,dword ptr ds:
00457BD3 E8 08C3FCFF call CrackMe#.00423EE0
00457BD8 837D FC 00 cmp dword ptr ss:,0 ;是否未输入名字
00457BDC 75 18 jnz short CrackMe#.00457BF6
00457BDE 6A 00 push 0
00457BE0 B9 987E4500 mov ecx,CrackMe#.00457E98 ; ASCII "Enter your Name !"
00457BE5 BA AC7E4500 mov edx,CrackMe#.00457EAC ; ASCII "You must enter your Name !"
00457BEA A1 98A54500 mov eax,dword ptr ds:
00457BEF 8B00 mov eax,dword ptr ds:
00457BF1 E8 3A85FEFF call CrackMe#.00440130
00457BF6 8D55 FC lea edx,dword ptr ss:
00457BF9 8B83 DC020000 mov eax,dword ptr ds:
00457BFF E8 DCC2FCFF call CrackMe#.00423EE0
00457C04 837D FC 00 cmp dword ptr ss:,0 ;是否未输入注册码
00457C08 75 18 jnz short CrackMe#.00457C22
00457C0A 6A 00 push 0
00457C0C B9 C87E4500 mov ecx,CrackMe#.00457EC8 ; ASCII "Enter a Serial !"
00457C11 BA DC7E4500 mov edx,CrackMe#.00457EDC ; ASCII "You must enter a Serial !"
00457C16 A1 98A54500 mov eax,dword ptr ds:
00457C1B 8B00 mov eax,dword ptr ds:
00457C1D E8 0E85FEFF call CrackMe#.00440130
00457C22 33C0 xor eax,eax
00457C24 A3 40B84500 mov dword ptr ds:,eax
00457C29 8D55 FC lea edx,dword ptr ss:
00457C2C 8B83 D8020000 mov eax,dword ptr ds:
00457C32 E8 A9C2FCFF call CrackMe#.00423EE0
00457C37 8B45 FC mov eax,dword ptr ss:
00457C3A E8 F9BFFAFF call CrackMe#.00403C38
00457C3F A3 44B84500 mov dword ptr ds:,eax
00457C44 A1 44B84500 mov eax,dword ptr ds:
00457C49 E8 82FDFAFF call CrackMe#.004079D0
00457C4E 83F8 06 cmp eax,6 ;注册名长度与6比较,要求大于等于6
00457C51 73 1D jnb short CrackMe#.00457C70
00457C53 6A 00 push 0
00457C55 B9 F87E4500 mov ecx,CrackMe#.00457EF8 ; ASCII "Name too short !"
00457C5A BA 0C7F4500 mov edx,CrackMe#.00457F0C ; ASCII "Your Name must be at least 6 Chars long !"
00457C5F A1 98A54500 mov eax,dword ptr ds:
00457C64 8B00 mov eax,dword ptr ds:
00457C66 E8 C584FEFF call CrackMe#.00440130
00457C6B E9 59010000 jmp CrackMe#.00457DC9
00457C70 8D55 FC lea edx,dword ptr ss:
00457C73 8B83 D8020000 mov eax,dword ptr ds:
00457C79 E8 62C2FCFF call CrackMe#.00423EE0
00457C7E 8B45 FC mov eax,dword ptr ss:
00457C81 BA 01000000 mov edx,1
00457C86 4A dec edx
00457C87 3B50 FC cmp edx,dword ptr ds:
00457C8A 72 05 jb short CrackMe#.00457C91
00457C8C E8 F3AEFAFF call CrackMe#.00402B84
00457C91 42 inc edx
00457C92 0FB64410 FF movzx eax,byte ptr ds:
00457C97 6BF0 02 imul esi,eax,2 ;注册名第一位*2
00457C9A 71 05 jno short CrackMe#.00457CA1
00457C9C E8 EBAEFAFF call CrackMe#.00402B8C
00457CA1 8D55 F8 lea edx,dword ptr ss:
00457CA4 8B83 D8020000 mov eax,dword ptr ds:
00457CAA E8 31C2FCFF call CrackMe#.00423EE0
00457CAF 8B45 F8 mov eax,dword ptr ss:
00457CB2 BA 02000000 mov edx,2
00457CB7 4A dec edx
00457CB8 3B50 FC cmp edx,dword ptr ds:
00457CBB 72 05 jb short CrackMe#.00457CC2
00457CBD E8 C2AEFAFF call CrackMe#.00402B84
00457CC2 42 inc edx
00457CC3 0FB64410 FF movzx eax,byte ptr ds:
00457CC8 6BC0 02 imul eax,eax,2 ;注册名第2位*2
00457CCB 71 05 jno short CrackMe#.00457CD2
00457CCD E8 BAAEFAFF call CrackMe#.00402B8C
00457CD2 03F0 add esi,eax ;结果相加
00457CD4 71 05 jno short CrackMe#.00457CDB
00457CD6 E8 B1AEFAFF call CrackMe#.00402B8C
00457CDB 8D55 F4 lea edx,dword ptr ss:
00457CDE 8B83 D8020000 mov eax,dword ptr ds:
00457CE4 E8 F7C1FCFF call CrackMe#.00423EE0
00457CE9 8B45 F4 mov eax,dword ptr ss:
00457CEC BA 03000000 mov edx,3
00457CF1 4A dec edx
00457CF2 3B50 FC cmp edx,dword ptr ds:
00457CF5 72 05 jb short CrackMe#.00457CFC
00457CF7 E8 88AEFAFF call CrackMe#.00402B84
00457CFC 42 inc edx
00457CFD 0FB64410 FF movzx eax,byte ptr ds:
00457D02 6BC0 02 imul eax,eax,2 ;注册名第3位*2
00457D05 71 05 jno short CrackMe#.00457D0C
00457D07 E8 80AEFAFF call CrackMe#.00402B8C
00457D0C 03F0 add esi,eax ;与前结果相加
00457D0E 71 05 jno short CrackMe#.00457D15
00457D10 E8 77AEFAFF call CrackMe#.00402B8C
00457D15 8D55 F0 lea edx,dword ptr ss:
00457D18 8B83 D8020000 mov eax,dword ptr ds:
00457D1E E8 BDC1FCFF call CrackMe#.00423EE0
00457D23 8B45 F0 mov eax,dword ptr ss:
00457D26 BA 04000000 mov edx,4
00457D2B 4A dec edx
00457D2C 3B50 FC cmp edx,dword ptr ds:
00457D2F 72 05 jb short CrackMe#.00457D36
00457D31 E8 4EAEFAFF call CrackMe#.00402B84
00457D36 42 inc edx
00457D37 0FB64410 FF movzx eax,byte ptr ds:
00457D3C 6BC0 02 imul eax,eax,2 ;注册名第4位*2
00457D3F 71 05 jno short CrackMe#.00457D46
00457D41 E8 46AEFAFF call CrackMe#.00402B8C
00457D46 03F0 add esi,eax ;与前结果相加
00457D48 71 05 jno short CrackMe#.00457D4F
00457D4A E8 3DAEFAFF call CrackMe#.00402B8C
00457D4F 8D55 EC lea edx,dword ptr ss:
00457D52 8B83 D8020000 mov eax,dword ptr ds:
00457D58 E8 83C1FCFF call CrackMe#.00423EE0
00457D5D 8B45 EC mov eax,dword ptr ss:
00457D60 BA 05000000 mov edx,5
00457D65 4A dec edx
00457D66 3B50 FC cmp edx,dword ptr ds:
00457D69 72 05 jb short CrackMe#.00457D70
00457D6B E8 14AEFAFF call CrackMe#.00402B84
00457D70 42 inc edx
00457D71 0FB64410 FF movzx eax,byte ptr ds:
00457D76 6BC0 02 imul eax,eax,2 ;注册名第5位*2
00457D79 71 05 jno short CrackMe#.00457D80
00457D7B E8 0CAEFAFF call CrackMe#.00402B8C
00457D80 03F0 add esi,eax ;与前结果相加
00457D82 71 05 jno short CrackMe#.00457D89
00457D84 E8 03AEFAFF call CrackMe#.00402B8C
00457D89 8D55 E8 lea edx,dword ptr ss:
00457D8C 8B83 D8020000 mov eax,dword ptr ds:
00457D92 E8 49C1FCFF call CrackMe#.00423EE0
00457D97 8B45 E8 mov eax,dword ptr ss:
00457D9A BA 06000000 mov edx,6
00457D9F 4A dec edx
00457DA0 3B50 FC cmp edx,dword ptr ds:
00457DA3 72 05 jb short CrackMe#.00457DAA
00457DA5 E8 DAADFAFF call CrackMe#.00402B84
00457DAA 42 inc edx
00457DAB 0FB64410 FF movzx eax,byte ptr ds:
00457DB0 6BC0 02 imul eax,eax,2 ;注册名第6位*2
00457DB3 71 05 jno short CrackMe#.00457DBA
00457DB5 E8 D2ADFAFF call CrackMe#.00402B8C
00457DBA 03F0 add esi,eax ;与前结果相加
00457DBC 71 05 jno short CrackMe#.00457DC3
00457DBE E8 C9ADFAFF call CrackMe#.00402B8C
00457DC3 8935 40B84500 mov dword ptr ds:,esi
00457DC9 A1 44B84500 mov eax,dword ptr ds:
00457DCE E8 FDFBFAFF call CrackMe#.004079D0
00457DD3 6BC0 02 imul eax,eax,2 ;注册名长度*2
00457DD6 73 05 jnb short CrackMe#.00457DDD
00457DD8 E8 AFADFAFF call CrackMe#.00402B8C
00457DDD 33D2 xor edx,edx
00457DDF 52 push edx
00457DE0 50 push eax
00457DE1 A1 40B84500 mov eax,dword ptr ds:
00457DE6 99 cdq
00457DE7 030424 add eax,dword ptr ss: ;与前结果相加
00457DEA 135424 04 adc edx,dword ptr ss:
00457DEE 71 05 jno short CrackMe#.00457DF5
00457DF0 E8 97ADFAFF call CrackMe#.00402B8C
00457DF5 83C4 08 add esp,8
00457DF8 50 push eax
00457DF9 C1F8 1F sar eax,1F
00457DFC 3BC2 cmp eax,edx
00457DFE 58 pop eax
00457DFF 74 05 je short CrackMe#.00457E06
00457E01 E8 7EADFAFF call CrackMe#.00402B84
00457E06 A3 40B84500 mov dword ptr ds:,eax
00457E0B 8D55 E4 lea edx,dword ptr ss:
00457E0E A1 40B84500 mov eax,dword ptr ds:
00457E13 E8 2CF9FAFF call CrackMe#.00407744 ;结果转换为十进制,即注册码
00457E18 8B45 E4 mov eax,dword ptr ss: ;注册码给EAX
00457E1B 50 push eax
00457E1C 8D55 FC lea edx,dword ptr ss:
00457E1F 8B83 DC020000 mov eax,dword ptr ds:
00457E25 E8 B6C0FCFF call CrackMe#.00423EE0
00457E2A 8B55 FC mov edx,dword ptr ss: ;试炼码给EDX
00457E2D 58 pop eax
00457E2E E8 51BDFAFF call CrackMe#.00403B84
00457E33 75 1A jnz short CrackMe#.00457E4F ;关键比较,注册码错就 over
00457E35 6A 00 push 0
00457E37 B9 387F4500 mov ecx,CrackMe#.00457F38 ; ASCII "Congratz !"
00457E3C BA 447F4500 mov edx,CrackMe#.00457F44 ; ASCII "You cracked the CFF CrackMe #4 ! Please send your solution to [email protected] !"
00457E41 A1 98A54500 mov eax,dword ptr ds:
00457E46 8B00 mov eax,dword ptr ds:
00457E48 E8 E382FEFF call CrackMe#.00440130
00457E4D EB 18 jmp short CrackMe#.00457E67
00457E4F 6A 00 push 0
00457E51 B9 987F4500 mov ecx,CrackMe#.00457F98 ; ASCII "Serial not valid"
00457E56 BA AC7F4500 mov edx,CrackMe#.00457FAC ; ASCII "The Serial you entered is in any case not valid !"
00457E5B A1 98A54500 mov eax,dword ptr ds:
00457E60 8B00 mov eax,dword ptr ds:
00457E62 E8 C982FEFF call CrackMe#.00440130
00457E67 33C0 xor eax,eax
00457E69 5A pop edx
00457E6A 59 pop ecx
00457E6B 59 pop ecx
00457E6C 64:8910 mov dword ptr fs:,edx
00457E6F 68 917E4500 push CrackMe#.00457E91
00457E74 8D45 E4 lea eax,dword ptr ss:
00457E77 E8 7CB9FAFF call CrackMe#.004037F8
00457E7C 8D45 E8 lea eax,dword ptr ss:
00457E7F BA 06000000 mov edx,6
00457E84 E8 93B9FAFF call CrackMe#.0040381C
00457E89 C3 retn
再给个自动报注册码/:D GOGO!!!
[ 本帖最后由 godhack 于 2006-5-20 20:02 编辑 ] 自报注册的那个好好好. 来个注册机 djtc09 1064