- UID
- 66114
注册时间2010-4-1
阅读权限30
最后登录1970-1-1
龙战于野
TA的每日心情 | 慵懒 2019-3-12 17:25 |
---|
签到天数: 3 天 [LV.2]偶尔看看I
|
楼主 |
发表于 2010-4-24 20:49:16
|
显示全部楼层
BASE64算法 ==> Base64CrackMe.rar
Base64算法将输入的字符串或一段数据编码成只含有{''A''-''Z'', ''a''-''z'', ''0''-''9'', ''+'', ''/''}这64个字符的串,''=''用于填充。其编码的方法是,将输入数据流每次取6 bit,用此6 bit的值(0-63)作为索引去查表,输出相应字符。这样,每3个字节将编码为4个字符(3×8 → 4×6);不满4个字符的以''=''填充。
00412AC2 > \68 FF000000 push 0FF ; /Count = FF (255.); Case 3EA of switch 00412AA8
00412AC7 . 68 F0334100 push 004133F0 ; |Buffer = 复件_Bas.004133F0
00412ACC . 68 F2030000 push 3F2 ; |ControlID = 3F2 (1010.)
00412AD1 . 8B45 08 mov eax, dword ptr [ebp+8] ; |
00412AD4 . 50 push eax ; |hWnd
00412AD5 . E8 AE2CFFFF call <jmp.&user32.GetDlgItemTextA> ; \GetDlgItemTextA
00412ADA . 8D45 B4 lea eax, dword ptr [ebp-4C]
00412ADD . BA F0334100 mov edx, 004133F0 ; ASCII "whypro"
00412AE2 . B9 FF000000 mov ecx, 0FF
00412AE7 . E8 9810FFFF call 00403B84
00412AEC . 837D B4 00 cmp dword ptr [ebp-4C], 0
00412AF0 . 75 1C jnz short 00412B0E
00412AF2 . 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
00412AF4 . 68 282D4100 push 00412D28 ; |注册提示
00412AF9 . 68 342D4100 push 00412D34 ; |用户名不能为空请输入!
00412AFE . 8B45 08 mov eax, dword ptr [ebp+8] ; |
00412B01 . 50 push eax ; |hOwner
00412B02 . E8 B92CFFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00412B07 . 33DB xor ebx, ebx
00412B09 . E9 A2010000 jmp 00412CB0
00412B0E > 68 FF000000 push 0FF ; /Count = FF (255.)
00412B13 . 68 F0344100 push 004134F0 ; |Buffer = 复件_Bas.004134F0
00412B18 . 68 F3030000 push 3F3 ; |ControlID = 3F3 (1011.)
00412B1D . 8B45 08 mov eax, dword ptr [ebp+8] ; |
00412B20 . 50 push eax ; |hWnd
00412B21 . E8 622CFFFF call <jmp.&user32.GetDlgItemTextA> ; \GetDlgItemTextA
00412B26 . 8D45 B0 lea eax, dword ptr [ebp-50]
00412B29 . BA F0344100 mov edx, 004134F0 ; ASCII "d2h5cHJv"
00412B2E . B9 FF000000 mov ecx, 0FF
00412B33 . E8 4C10FFFF call 00403B84
00412B38 . 837D B0 00 cmp dword ptr [ebp-50], 0
00412B3C . 75 1C jnz short 00412B5A
00412B3E . 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
00412B40 . 68 282D4100 push 00412D28 ; |注册提示
00412B45 . 68 4C2D4100 push 00412D4C ; |注册码不能为空请输入!
00412B4A . 8B45 08 mov eax, dword ptr [ebp+8] ; |
00412B4D . 50 push eax ; |hOwner
00412B4E . E8 6D2CFFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00412B53 . 33DB xor ebx, ebx
00412B55 . E9 56010000 jmp 00412CB0
00412B5A > 33C0 xor eax, eax
00412B5C . 55 push ebp
00412B5D . 68 DC2B4100 push 00412BDC
00412B62 . 64:FF30 push dword ptr fs:[eax]
00412B65 . 64:8920 mov dword ptr fs:[eax], esp
00412B68 . 8D45 AC lea eax, dword ptr [ebp-54]
00412B6B . BA F0334100 mov edx, 004133F0 ; ASCII "whypro"<--用户名
00412B70 . B9 FF000000 mov ecx, 0FF
00412B75 . E8 0A10FFFF call 00403B84 ; 关键点1<-拷贝用户名
00412B7A . 8B45 AC mov eax, dword ptr [ebp-54]
00412B7D . 50 push eax
00412B7E . 8D45 A4 lea eax, dword ptr [ebp-5C]
00412B81 . BA F0344100 mov edx, 004134F0 ; ASCII "d2h5cHJv"<--密码
00412B86 . B9 FF000000 mov ecx, 0FF
00412B8B . E8 F40FFFFF call 00403B84 ; 关键点2<-拷贝密码
00412B90 . 8B45 A4 mov eax, dword ptr [ebp-5C]
00412B93 . 8D55 A8 lea edx, dword ptr [ebp-58]
00412B96 . E8 E5F8FFFF call 00412480 ; 关键点3
00412B9B . 8B55 A8 mov edx, dword ptr [ebp-58]
00412B9E . 58 pop eax
00412B9F . E8 5811FFFF call 00403CFC ; 最后的比较
00412BA4 . 75 17 jnz short 00412BBD
00412BA6 . 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
00412BA8 . 68 282D4100 push 00412D28 ; |注册提示
00412BAD . 68 642D4100 push 00412D64 ; |恭喜您,注册码正确!
00412BB2 . 8B45 08 mov eax, dword ptr [ebp+8] ; |
00412BB5 . 50 push eax ; |hOwner
00412BB6 . E8 052CFFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00412BBB . EB 15 jmp short 00412BD2
00412BBD > 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
00412BBF . 68 282D4100 push 00412D28 ; |注册提示
00412BC4 . 68 7C2D4100 push 00412D7C ; |注册码错误,继续加油!
00412BC9 . 8B45 08 mov eax, dword ptr [ebp+8] ; |
00412BCC . 50 push eax ; |hOwner
00412BCD . E8 EE2BFFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00412BD2 > 33C0 xor eax, eax
00412BD4 . 5A pop edx
00412BD5 . 59 pop ecx
00412BD6 . 59 pop ecx
00412BD7 . 64:8910 mov dword ptr fs:[eax], edx
00412BDA . EB 39 jmp short 00412C15
00412BDC .^ E9 2F06FFFF jmp 00403210
call 00412480 ; 关键点3
00412480 /$ 53 push ebx
00412481 |. 56 push esi
00412482 |. 57 push edi
00412483 |. 51 push ecx
00412484 |. 891424 mov dword ptr [esp], edx
00412487 |. 8BF8 mov edi, eax
00412489 |. B2 01 mov dl, 1
0041248B |. A1 70F44000 mov eax, dword ptr [40F470] ;TMemoryStream 的使用
00412490 |. E8 9B09FFFF call 00402E30
00412495 |. 8BF0 mov esi, eax
00412497 |. B2 01 mov dl, 1
00412499 |. A1 70F44000 mov eax, dword ptr [40F470] ;TMemoryStream 的使用
0041249E |. E8 8D09FFFF call 00402E30
004124A3 |. 8BD8 mov ebx, eax
004124A5 |. 8BC7 mov eax, edi
004124A7 |. E8 0417FFFF call 00403BB0 ;返回密码多少位
004124AC |. 50 push eax
004124AD |. 8BC7 mov eax, edi
004124AF |. E8 EC18FFFF call 00403DA0 ;是否有密码
004124B4 |. 8BD0 mov edx, eax
004124B6 |. 8BC6 mov eax, esi
004124B8 |. 59 pop ecx
004124B9 |. 8B38 mov edi, dword ptr [eax]
004124BB |. FF57 10 call dword ptr [edi+10] ;数据移动
004124BE |. 6A 00 push 0 ; /Arg2 = 00000000
004124C0 |. 6A 00 push 0 ; |Arg1 = 00000000
004124C2 |. 8BC6 mov eax, esi ; |
004124C4 |. E8 B7ECFFFF call 00411180 ; \复件_Bas.00411180
004124C9 |. 8BD3 mov edx, ebx
004124CB |. 8BC6 mov eax, esi
004124CD |. E8 0AFEFFFF call 004122DC ;核心算法
004124D2 |. 6A 00 push 0 ; /Arg2 = 00000000
004124D4 |. 6A 00 push 0 ; |Arg1 = 00000000
004124D6 |. 8BC3 mov eax, ebx ; |
004124D8 |. E8 A3ECFFFF call 00411180 ; \复件_Bas.00411180
004124DD |. 8BC3 mov eax, ebx
004124DF |. 8B10 mov edx, dword ptr [eax]
004124E1 |. FF12 call dword ptr [edx]
004124E3 |. 8BD0 mov edx, eax
004124E5 |. 8B0424 mov eax, dword ptr [esp]
004124E8 |. E8 9319FFFF call 00403E80
004124ED |. 8BC3 mov eax, ebx
004124EF |. 8B10 mov edx, dword ptr [eax]
004124F1 |. FF12 call dword ptr [edx]
004124F3 |. 50 push eax
004124F4 |. 8B4424 04 mov eax, dword ptr [esp+4]
004124F8 |. E8 F318FFFF call 00403DF0
004124FD |. 8BD0 mov edx, eax
004124FF |. 8BC3 mov eax, ebx
00412501 |. 59 pop ecx
00412502 |. 8B38 mov edi, dword ptr [eax]
00412504 |. FF57 0C call dword ptr [edi+C]
00412507 |. 8BC6 mov eax, esi
00412509 |. E8 5209FFFF call 00402E60
0041250E |. 8BC3 mov eax, ebx
00412510 |. E8 4B09FFFF call 00402E60
00412515 |. 5A pop edx
00412516 |. 5F pop edi
00412517 |. 5E pop esi
00412518 |. 5B pop ebx
00412519 \. C3 retn
call 004122DC ;核心算法
004122DC /$ 53 push ebx
004122DD |. 56 push esi
004122DE |. 57 push edi
004122DF |. 81C4 58FFFFFF add esp, -0A8
004122E5 |. 895424 04 mov dword ptr [esp+4], edx
004122E9 |. 890424 mov dword ptr [esp], eax
004122EC |. 8D7424 0C lea esi, dword ptr [esp+C]
004122F0 |> C64424 08 00 /mov byte ptr [esp+8], 0
004122F5 |. 33DB |xor ebx, ebx
004122F7 |. 8BD6 |mov edx, esi
004122F9 |. B9 58000000 |mov ecx, 58
004122FE |. 8B0424 |mov eax, dword ptr [esp]
00412301 |. 8B38 |mov edi, dword ptr [eax]
00412303 |. FF57 0C |call dword ptr [edi+C]
00412306 |. 884424 09 |mov byte ptr [esp+9], al
0041230A |. 807C24 09 00 |cmp byte ptr [esp+9], 0
0041230F |. 0F84 3C010000 |je 00412451
00412315 |. 3A5C24 09 |cmp bl, byte ptr [esp+9]
00412319 |. 0F83 10010000 |jnb 0041242F
0041231F |> 33D2 |/xor edx, edx ; 字符在+与z之间
00412321 |. 8AD3 ||mov dl, bl
00412323 |. 8A0416 ||mov al, byte ptr [esi+edx]
00412326 |. 3C 2B ||cmp al, 2B
00412328 |. 72 46 ||jb short 00412370
0041232A |. 3C 7A ||cmp al, 7A
0041232C |. 77 42 ||ja short 00412370
0041232E |. 33C0 ||xor eax, eax
00412330 |. 8AC3 ||mov al, bl
00412332 |. 807C06 01 2B ||cmp byte ptr [esi+eax+1], 2B
00412337 |. 72 37 ||jb short 00412370
00412339 |. 33C0 ||xor eax, eax
0041233B |. 8AC3 ||mov al, bl
0041233D |. 807C06 01 7A ||cmp byte ptr [esi+eax+1], 7A
00412342 |. 77 2C ||ja short 00412370
00412344 |. 33C0 ||xor eax, eax
00412346 |. 8AC3 ||mov al, bl
00412348 |. 807C06 02 2B ||cmp byte ptr [esi+eax+2], 2B
0041234D |. 72 21 ||jb short 00412370
0041234F |. 33C0 ||xor eax, eax
00412351 |. 8AC3 ||mov al, bl
00412353 |. 807C06 02 7A ||cmp byte ptr [esi+eax+2], 7A
00412358 |. 77 16 ||ja short 00412370
0041235A |. 33C0 ||xor eax, eax
0041235C |. 8AC3 ||mov al, bl
0041235E |. 807C06 03 2B ||cmp byte ptr [esi+eax+3], 2B
00412363 |. 72 0B ||jb short 00412370
00412365 |. 33C0 ||xor eax, eax
00412367 |. 8AC3 ||mov al, bl
00412369 |. 807C06 03 7A ||cmp byte ptr [esi+eax+3], 7A
0041236E |. 76 16 ||jbe short 00412386
00412370 |> B9 64244100 ||mov ecx, 00412464 ; invalid base64 character
00412375 |. B2 01 ||mov dl, 1
00412377 |. A1 FC5B4000 ||mov eax, dword ptr [405BFC]
0041237C |. E8 0F7AFFFF ||call 00409D90
00412381 |. E8 EE0FFFFF ||call 00403374
00412386 |> 33C0 ||xor eax, eax
00412388 |. 8A0416 ||mov al, byte ptr [esi+edx]
0041238B |. 8A80 71334100 ||mov al, byte ptr [eax+413371] ;密码表
00412391 |. 884424 0A ||mov byte ptr [esp+A], al
00412395 |. 8BFB ||mov edi, ebx
00412397 |. 81E7 FF000000 ||and edi, 0FF
0041239D |. 33C0 ||xor eax, eax
0041239F |. 8A443E 01 ||mov al, byte ptr [esi+edi+1]
004123A3 |. 8A80 71334100 ||mov al, byte ptr [eax+413371]
004123A9 |. 33D2 ||xor edx, edx
004123AB |. 8A543E 02 ||mov dl, byte ptr [esi+edi+2]
004123AF |. 8A92 71334100 ||mov dl, byte ptr [edx+413371]
004123B5 |. 885424 0B ||mov byte ptr [esp+B], dl
004123B9 |. 8A5424 0A ||mov dl, byte ptr [esp+A]
004123BD |. C1E2 02 ||shl edx, 2
004123C0 |. 33C9 ||xor ecx, ecx
004123C2 |. 8AC8 ||mov cl, al
004123C4 |. C1E9 04 ||shr ecx, 4
004123C7 |. 0AD1 ||or dl, cl
004123C9 |. 33C9 ||xor ecx, ecx
004123CB |. 8A4C24 08 ||mov cl, byte ptr [esp+8] 密码d2h5cHJv
004123CF |. 88540C 64 ||mov byte ptr [esp+ecx+64], dl <- 算出第一位存起来,
{(ascii(d)=64->1D(查表)/4=74)or(ascii(2)=32->36(查表)/12=03)}=77->w
004123D3 |. FE4424 08 ||inc byte ptr [esp+8]
004123D7 |. 807C3E 02 3D ||cmp byte ptr [esi+edi+2], 3D ; = 判断是否结束
004123DC |. 74 44 ||je short 00412422
004123DE |. C1E0 04 ||shl eax, 4
004123E1 |. 33D2 ||xor edx, edx
004123E3 |. 8A5424 0B ||mov dl, byte ptr [esp+B]
004123E7 |. C1EA 02 ||shr edx, 2
004123EA |. 0AC2 ||or al, dl
004123EC |. 33D2 ||xor edx, edx
004123EE |. 8A5424 08 ||mov dl, byte ptr [esp+8]
004123F2 |. 884414 64 ||mov byte ptr [esp+edx+64], al
004123F6 |. FE4424 08 ||inc byte ptr [esp+8]
004123FA |. 807C3E 03 3D ||cmp byte ptr [esi+edi+3], 3D ; =判断是否结束
004123FF |. 74 21 ||je short 00412422
00412401 |. 8A4424 0B ||mov al, byte ptr [esp+B]
00412405 |. C1E0 06 ||shl eax, 6
00412408 |. 33D2 ||xor edx, edx
0041240A |. 8A543E 03 ||mov dl, byte ptr [esi+edi+3]
0041240E |. 0A82 71334100 ||or al, byte ptr [edx+413371]
00412414 |. 33D2 ||xor edx, edx
00412416 |. 8A5424 08 ||mov dl, byte ptr [esp+8]
0041241A |. 884414 64 ||mov byte ptr [esp+edx+64], al
0041241E |. FE4424 08 ||inc byte ptr [esp+8]
00412422 |> 80C3 04 ||add bl, 4
00412425 |. 3A5C24 09 ||cmp bl, byte ptr [esp+9]
00412429 |.^ 0F82 F0FEFFFF |\jb 0041231F
0041242F |> 33C9 |xor ecx, ecx
00412431 |. 8A4C24 08 |mov cl, byte ptr [esp+8]
00412435 |. 8D5424 64 |lea edx, dword ptr [esp+64]
00412439 |. 8B4424 04 |mov eax, dword ptr [esp+4]
0041243D |. 8B18 |mov ebx, dword ptr [eax]
0041243F |. FF53 10 |call dword ptr [ebx+10]
00412442 |. 33C0 |xor eax, eax
00412444 |. 8A4424 09 |mov al, byte ptr [esp+9]
00412448 |. 83F8 58 |cmp eax, 58
0041244B |.^ 0F83 9FFEFFFF \jnb 004122F0
00412451 |> 81C4 A8000000 add esp, 0A8
00412457 |. 5F pop edi
00412458 |. 5E pop esi
00412459 |. 5B pop ebx
0041245A \. C3 retn
这个是密码表:[注册码第n位+413371]
00413365 E3 40 00 F4
00413375 E3 40 00 00 01 00 01 00 01 01 00 00 01 01 00 00 鉆........
00413385 00 01 00 01 01 8B C0 DC EA 40 00 EC EA 40 00 FC ..嬂荜@.礻@.
00413395 EA 40 00 00 00 00 00 3E 7F 7F 7F 3F 34 35 36 37 闌.....>?4567
004133A5 38 39 3A 3B 3C 3D 7F 7F 7F 7F 7F 7F 7F 00 01 02 89:;<=.
004133B5 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 ....
004133C5 13 14 15 16 17 18 19 7F 7F 7F 7F 7F 7F 1A 1B 1C
004133D5 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C !"#$%&'()*+,
004133E5 2D 2E 2F 30 31 32 33 00 8D 40 00 77 68 79 70 72 -./0123.岪.whypr
004133F5 6F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 o...............
算法源程序:
[ 本帖最后由 whypro 于 2010-4-25 10:32 编辑 ] |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
|