申請加入BCG之第一篇!------LC3破解!
作 者:紅潮風暴
破解物件:LC3
軟體地址:http://www.atstake.com/research/lc3/application/lc3setup02.exe
工 具:W32DASM
TRW2000
破解日期:21/9
整 理:5/10
由於得到好友發來SAM檔案請求協助破解。唯有找到LC3-----號稱最經典的NT密碼破解工具。
經使用後發現要註冊後方可使用暴力破解!有沒有搞錯?想向我要註冊費?對於剛到看雪學苑“進修”了少少的我來說,肯定不答應!~-~ 唔!抱著試試看的心態決定拿它開刀。
啟動LC3後輸入密碼得出出錯資訊!記下來!退出!
用W32DASM反彙編後找到出錯資訊:"you have entered an invalid code.please try again"
雙擊後來到“016F:00411572 PUSH 004790C4” 往上看,找到016F:00411549
TEST EAX,EAX嘿嘿,肯定有料到!唔!最後在
016F:00411534 CALL 00404E10
016F:00411539 MOV EAX,[EDI]
016F:0041153B LEA EDX,[ESP+28]
016F:0041153F PUSH EDX
016F:00411540 PUSH EAX
016F:00411541 CALL 0042FAB9
範圍中確定。
執行LC3填寫註冊碼12345678後
執行TRW,下BPX 00411534
G
回來,點確定,攔截
016F:004114FE PUSH EBP
016F:004114FF LEA ECX,[ESP+0190]
016F:00411506 CALL 00447124
016F:0041150B LEA ECX,[ESP+0130]
016F:00411512 CALL 00447F60
016F:00411517 CMP EAX,BYTE +01
016F:0041151A JNZ 00411596
016F:0041151C LEA EAX,[ESP+0190]
016F:00411523 PUSH EAX
016F:00411524 MOV ECX,EDI
016F:00411526 CALL 00447124
016F:0041152B MOV EAX,[EBP+00]
016F:0041152E LEA ECX,[ESP+20]
016F:00411532 PUSH ECX
016F:00411533 PUSH EAX
016F:00411534 CALL 00404E10 在此中斷《-----發現給出的序列號
016F:00411539 MOV EAX,[EDI]
016F:0041153B LEA EDX,[ESP+28] 〈-----下D EAX你輸入的註冊碼“12345678”,再下D
ESP+28真註冊 016F:0041153F PUSH EDX
碼
016F:00411540 PUSH EAX
016F:00411541 CALL 0042FAB9
016F:00411546 ADD ESP,BYTE +10
016F:00411549 TEST EAX,EAX
016F:0041154B JNZ 00411570
016F:0041154D MOV EAX,[EDI]
016F:0041154F PUSH EAX
016F:00411550 PUSH DWORD 00479014
016F:00411555 PUSH DWORD 00479020
016F:0041155A MOV ECX,ESI
016F:0041155C MOV [ESI+0114],EBX
016F:00411562 CALL 00456158
016F:00411567 PUSH EBX
016F:00411568 PUSH EBX
016F:00411569 PUSH DWORD 004790F8
016F:0041156E JMP SHORT 00411577
016F:00411570 PUSH EBX
016F:00411571 PUSH EBX
016F:00411572 PUSH 004790C4
收工。看一看錶,從反彙編至完工費時3分鐘!
注:小弟手頭上現有SAM檔案一大把,然而機子速度太慢,愧對好友!不知可有網友願意協助破解,不勝感激!謝謝!
紅潮風暴
2001 10 5
23:27