菜鳥破解一篇:vcrkme01 (11千字)
一個crackme的破解
作者:未註冊
下載:http://person.longcity.net/home3/fpxfpx/crackme/u-x/vcrkme01.zip
看了教程,找一個crackme來練手。
這個簡單,適合我等菜鳥選手,用trw一路跟過來,就能註冊。用unregistered來註冊,註冊碼20012001
* Reference To: USER32.GetDlgItemTextA, Ord:0104h
|
:0040121D 8B35C0504000 mov esi, dword
ptr [004050C0]
:00401223 68FF000000 push 000000FF
:00401228 6830694000 push 00406930
:0040122D 68E8030000 push 000003E8
:00401232 50
push eax
:00401233 FFD6
call esi ;讀unregistered
:00401235 8B0D28694000 mov ecx, dword
ptr [00406928]
:0040123B 68FF000000 push 000000FF
:00401240 68306A4000 push 00406A30
:00401245 68EA030000 push 000003EA
:0040124A 51
push ecx
:0040124B FFD6
call esi ;讀20012001
:0040124D 68306A4000 push 00406A30
:00401252 6830694000 push 00406930
:00401257 E8A4FDFFFF call 00401000
;計算驗證註冊碼
:0040125C 83C408
add esp, 00000008
:0040125F 83F801
cmp eax, 00000001 ;eax應該是1,不是1就失敗,沒有失敗提示
:00401262 A3646C4000 mov dword
ptr [00406C64], eax
:00401267 7565
jne 004012CE
:00401269 8B1528694000 mov edx, dword
ptr [00406928]
:0040126F 6A40
push 00000040
* Possible StringData Ref from Data Obj ->"GOOD JOB! - CRACKED!"
|
:00401271 6880604000 push 00406080
* Possible StringData Ref from Data Obj ->"Send your solution to : v0id2k1@hotmail.com
"
|
:00401276 6850604000 push 00406050
:0040127B 52
push edx
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:0040127C FF15C4504000 Call dword ptr
[004050C4]
:00401282 B801000000 mov eax,
00000001
:00401287 5E
pop esi
:00401288 C21000
ret 0010
註冊碼這樣計算:
+++++++++++++++++++ ASSEMBLY CODE LISTING ++++++++++++++++++
//********************** Start of Code in Object .text **************
Program Entry Point = 0040147E (vcrkme01.exe File Offset:0000647E)
:00401000 53
push ebx
:00401001 8B5C240C mov
ebx, dword ptr [esp+0C]
:00401005 55
push ebp
:00401006 56
push esi
:00401007 8B742410 mov
esi, dword ptr [esp+10]
:0040100B 8A0B
mov cl, byte ptr [ebx] ;取註冊碼第一位
:0040100D 33ED
xor ebp, ebp ;ebp=0
:0040100F 57
push edi
:00401010 8A06
mov al, byte ptr [esi] ;取姓名第一位
:00401012 3AC1
cmp al, cl ;比較,不一致失敗
:00401014 0F8569010000 jne 00401183
:0040101A 8BFE
mov edi, esi
:0040101C 83C9FF
or ecx, FFFFFFFF
:0040101F 33C0
xor eax, eax
:00401021 F2
repnz
:00401022 AE
scasb
:00401023 F7D1
not ecx
:00401025 49
dec ecx
:00401026 83F905
cmp ecx, 00000005 ;姓名不能少於5個字母
:00401029 0F8254010000 jb 00401183
:0040102F 807B012D cmp
byte ptr [ebx+01], 2D ;註冊碼第二位要是‘-’
:00401033 0F854A010000 jne 00401183
:00401039 8BFE
mov edi, esi
:0040103B 83C9FF
or ecx, FFFFFFFF
:0040103E 33C0
xor eax, eax
:00401040 33D2
xor edx, edx
:00401042 F2
repnz
:00401043 AE
scasb
:00401044 F7D1
not ecx
:00401046 49
dec ecx
:00401047 7417
je 00401060
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040105E(C)
|
:00401049 0FBE0C32 movsx
ecx, byte ptr [edx+esi]
:0040104D 03E9
add ebp, ecx ;累加unregsitered到ebp
:0040104F 8BFE
mov edi, esi
:00401051 83C9FF
or ecx, FFFFFFFF
:00401054 33C0
xor eax, eax
:00401056 42
inc edx
:00401057 F2
repnz
:00401058 AE
scasb
:00401059 F7D1
not ecx
:0040105B 49
dec ecx
:0040105C 3BD1
cmp edx, ecx
:0040105E 72E9
jb 00401049
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401047(C)
|
:00401060 81C564600000 add ebp, 00006064
;ebp=ebp+6064h=06575h
:00401066 55
push ebp
* Possible StringData Ref from Data Obj ->"%lu"
|
:00401067 6834604000 push 00406034
:0040106C 68306B4000 push 00406B30
;變成字串25973(06575h=25973),到這裡
:00401071 E8B6030000 call 0040142C
:00401076 8A16
mov dl, byte ptr [esi]
:00401078 8BFE
mov edi, esi
:0040107A 83C9FF
or ecx, FFFFFFFF
:0040107D 33C0
xor eax, eax
:0040107F 8815446B4000 mov byte ptr
[00406B44], dl ;[406b44]=u
:00401085 C605456B40002D mov byte ptr [00406B45],
2D ;[406b45]=-
:0040108C F2
repnz
:0040108D AE
scasb
:0040108E F7D1
not ecx
:00401090 49
dec ecx
:00401091 0FBE4431FF movsx eax,
byte ptr [ecx+esi-01] ;取最後一個字母d
:00401096 50
push eax
:00401097 E8C4020000 call 00401360
;變換為大寫
:0040109C A2466B4000 mov byte
ptr [00406B46], al ;[406b46]=D
:004010A1 BF306B4000 mov edi,
00406B30
:004010A6 83C9FF
or ecx, FFFFFFFF
:004010A9 33C0
xor eax, eax
:004010AB F2
repnz
:004010AC AE
scasb
:004010AD F7D1
not ecx
:004010AF 2BF9
sub edi, ecx
:004010B1 81C564600000 add ebp, 00006064
;ebp=6575h+6064h=50649
:004010B7 8BF7
mov esi, edi
:004010B9 8BD1
mov edx, ecx
:004010BB BF446B4000 mov edi,
00406B44
:004010C0 83C9FF
or ecx, FFFFFFFF
:004010C3 F2
repnz
:004010C4 AE
scasb
:004010C5 8BCA
mov ecx, edx
:004010C7 4F
dec edi
:004010C8 C1E902
shr ecx, 02
:004010CB F3
repz
:004010CC A5
movsd
:004010CD 8BCA
mov ecx, edx
:004010CF 55
push ebp
:004010D0 83E103
and ecx, 00000003
* Possible StringData Ref from Data Obj ->"%lu"
|
:004010D3 6834604000 push 00406034
:004010D8 F3
repz
:004010D9 A4
movsb
* Possible StringData Ref from Data Obj ->"--"
|
:004010DA BF30604000 mov edi,
00406030
:004010DF 83C9FF
or ecx, FFFFFFFF
:004010E2 F2
repnz
:004010E3 AE
scasb
:004010E4 F7D1
not ecx
:004010E6 2BF9
sub edi, ecx
:004010E8 68306B4000 push 00406B30
:004010ED 8BF7
mov esi, edi
:004010EF 8BD1
mov edx, ecx
:004010F1 BF446B4000 mov edi,
00406B44
:004010F6 83C9FF
or ecx, FFFFFFFF
:004010F9 F2
repnz
:004010FA AE
scasb
:004010FB 8BCA
mov ecx, edx
:004010FD 4F
dec edi
:004010FE C1E902
shr ecx, 02
:00401101 F3
repz
:00401102 A5
movsd
:00401103 8BCA
mov ecx, edx
:00401105 83E103
and ecx, 00000003
:00401108 F3
repz
:00401109 A4
movsb
:0040110A E81D030000 call 0040142C
;50649變成字串到406b30
:0040110F BF306B4000 mov edi,
00406B30
:00401114 83C9FF
or ecx, FFFFFFFF
:00401117 33C0
xor eax, eax
:00401119 83C41C
add esp, 0000001C
:0040111C F2
repnz
:0040111D AE
scasb
:0040111E F7D1
not ecx
:00401120 2BF9
sub edi, ecx
:00401122 8BF7
mov esi, edi
:00401124 8BD1
mov edx, ecx
:00401126 BF446B4000 mov edi,
00406B44
:0040112B 83C9FF
or ecx, FFFFFFFF
:0040112E F2
repnz
:0040112F AE
scasb
:00401130 8BCA
mov ecx, edx
:00401132 4F
dec edi
:00401133 C1E902
shr ecx, 02
:00401136 F3
repz
:00401137 A5
movsd
:00401138 8BCA
mov ecx, edx
:0040113A 8BC3
mov eax, ebx
:0040113C 83E103
and ecx, 00000003
:0040113F F3
repz
:00401140 A4
movsb
:00401141 BE446B4000 mov esi,
00406B44 ;現在esi=u-D25973-5064
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401168(C)
|
:00401146 8A10
mov dl, byte ptr [eax] ;eax=20012001,比較
:00401148 8A1E
mov bl, byte ptr [esi]
:0040114A 8ACA
mov cl, dl
:0040114C 3AD3
cmp dl, bl
:0040114E 7525
jne 00401175
:00401150 84C9
test cl, cl
:00401152 7416
je 0040116A
:00401154 8A5001
mov dl, byte ptr [eax+01]
:00401157 8A5E01
mov bl, byte ptr [esi+01]
:0040115A 8ACA
mov cl, dl
:0040115C 3AD3
cmp dl, bl
:0040115E 7515
jne 00401175
:00401160 83C002
add eax, 00000002
:00401163 83C602
add esi, 00000002
:00401166 84C9
test cl, cl
:00401168 75DC
jne 00401146
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401152(C)
|
:0040116A 33C0
xor eax, eax
:0040116C 33D2
xor edx, edx
:0040116E 85C0
test eax, eax
:00401170 0F94C2
sete dl
:00401173 EB12
jmp 00401187
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040114E(C), :0040115E(C)
|
:00401175 1BC0
sbb eax, eax
:00401177 83D8FF
sbb eax, FFFFFFFF
:0040117A 33D2
xor edx, edx
:0040117C 85C0
test eax, eax
:0040117E 0F94C2
sete dl
:00401181 EB04
jmp 00401187
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401014(C), :00401029(C), :00401033(C)
|
:00401183 8B542414 mov
edx, dword ptr [esp+14]
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401173(U), :00401181(U)
|
:00401187 B940000000 mov ecx,
00000040
:0040118C 33C0
xor eax, eax
:0040118E BF446B4000 mov edi,
00406B44
:00401193 F3
repz
:00401194 AB
stosd
:00401195 5F
pop edi
:00401196 5E
pop esi
:00401197 5D
pop ebp
:00401198 8BC2
mov eax, edx
:0040119A 5B
pop ebx
:0040119B C3
ret
正確的註冊碼是:u-D25973-5064
相關文章
- 菜鳥破解vis_ddr v1.11 (14千字)2001-12-08
- 菜鳥破解錄(11)之 WinGlobe2.0 (7千字)2000-07-24
- 菜鳥破解錄之 The Cleaner (4千字)2000-08-12
- 菜鳥破解錄之 DlgXRSizer (4千字)2000-08-17
- 菜鳥破解錄之 Animated Screen (4千字)2000-08-13
- 菜鳥破解錄之 CleanReg 3.2.6 (3千字)2000-08-15
- 菜鳥破解錄之 AutoDialogs (3千字)2000-08-18
- 菜鳥破解錄(九)之 CDSpace 1.95 (4千字)2000-07-22
- 菜鳥破解錄(17)之 BackupXpress Pro (3千字)2000-08-05
- 菜鳥破解錄(19)之 XMLwriter 1.21 (9千字)2000-08-08XML
- 菜鳥破解錄(10)之 A Day in the Life 1.51
(6千字)2000-07-23
- 菜鳥破解錄 JPEG Optimizer3.15 (6千字)2000-08-14
- 菜鳥破解實錄 之Terrapin FTP Browser (5千字)2000-09-09APIFTP
- 菜鳥學破解(七)之 PowerZip V5.2 (3千字)2000-07-21
- 菜鳥破解錄(12)之 AxMan3.10 (3千字)2000-07-26
- 菜鳥破解錄(18)之 GWD Text Editor 3.0 (4千字)2000-08-06
- 菜鳥破解實錄之 Dynamic Desktop 1.4.2 (9千字)2000-08-09
- 菜鳥破解實錄 之 GWD Text Editor 3.0 (9千字)2000-08-16
- 菜鳥初鳴--最易破解的軟體 supercleaner (2千字)2001-10-11
- 菜鳥破解實錄(16)之 CD Box Labeler Pro (4千字)2000-08-03
- 某國產Office for Linux的破解(簡單,菜鳥水平) (4千字)2015-11-15Linux
- 菜鳥破解錄(14)之 3DMark2000 1.0 (4千字)2000-07-313D
- 菜鳥破解實錄(五)之 EditPlus v2.01 (7千字)2000-08-01
- 菜鳥破解錄之 黑馬輸入法2000 (2千字)2000-08-11
- 菜鳥脫 UltraFXP 0.9941 殼( SVKP )+ 破解2015-11-15
- 菜鳥破解錄自之 Dialup Constructor 及演算法分析
(6千字)2000-09-11Struct演算法
- ultimate zip cracker6.2破解小結,菜鳥文章,高手勿看。
(1千字)2000-10-07
- 黑娃講破解知識之菜鳥的破解之路(轉)2007-08-12
- 菜鳥破解實錄(八)之 超級信封列印工具 v3.2 (6千字)2000-07-21
- 菜鳥破解錄之 GIF Construction Set Pro及演算法分析
(8千字)2000-09-01Struct演算法
- 菜鳥學堂之破解Sessioncookie的方法(轉)2007-09-19SessionCookie
- 2個菜鳥級軟體 (1千字)2001-03-26
- 【菜鳥學Java】11:Session技術2016-02-16JavaSession
- 菜鳥之作--Help & Manual V3.0.4.619破解--只修改2個位元組搞定
(3千字)2002-06-02
- SuperCleaner演算法分析----菜鳥級
(12千字)2015-11-15演算法
- 菜鳥教學--密碼學概述 (10千字)2015-11-15密碼學
- 菜鳥破解之軟體自己顯示註冊碼2015-11-15
- 一篇破解入門 (7千字)2000-09-04