Algorithm registrar writing literacy --- fourth lesson
Original author: I want to [DFCG]
============================================================================================================================================================================================================= ===================
Note: Putting the third lesson, I am here, this time there is no extra. Come! Let's follow the instance. ^ _ ^
A CRACKME algorithm analysis
Hey! At the beginning of last year, I sent this east.
East, and made an animated teaching crack and introduced the method of memory registration machine. This time, it is still, but it is the content of the algorithm registration machine and algorithm. For me, I still have a bit meaningful. N
I haven't seen myself for a long time.
Breaking the article, for this fourth lesson, turn it out, ha, I, really is the kind of dish!
Look for a soft persimmon. ^ _ ^
============================================================================================================================================================================================================= ====================
First, first run TRW2000 to point Step1.exe, then hide.
Second, start Step1.exe
Third, enter the registration name: Woyao, registration code: 7979, first
Don't click on the registration key.
Third, press CTRL N to activate TRW2000
Next command: bpx hmemcpy → set universal breakpoint
Fourth, press F5 to return, click the registration button, the program is intercepted, the command:
BC * → Clear breakpoint
PModule → Direct access to program airspace
5. Now press the F10 key N (find the gold mine), to the following code:
: 004011B7 E8A4120000 Call 00402460 ← Here to take the registration name
004011BC 59 POP ECX
: 004011BD 8BC8 MOV ECX, EAX ← Registered Number Add ECX
: 004011BF 83F904 CMP ECX, 00000004 ← must be larger than or equal to 4
: 004011C2 7D14 JGE 004011D8 ← Correct jump to 004011D8
004011C4 6A10 PUSH 00000010
* Possible stringdata ref from data obj -> / "error /"
|
: 004011C6 687CB14000 PUSH 0040B17C
* Possible stringdata ref from data obj -> / "Your name must contain at least /" -> / "4 characters! ←? @ _ @?
/
: 004011CB 684CB14000 PUSH 0040B14C
: 004011D0 56 PUSH ESI
* Reference to: user32.MessageBoxa, Ord: 0000H
|
: 004011D1 E828900000 Call 0040A1FE
: 004011D6 EB67 JMP 0040123F
* Reference by A (u) Nconditional OR (C) ONDITIONAL JUMP AT ATDRESS:
|: 004011C2 (c)
|
: 004011D8 33D2 XOR EDX, EDX ← EDX Clear
: 004011DA 33C0 XOR Eax, EAX ← EAX Clear
: 004011DC 3BC8 CMP ECX, EAX ← Compare EAX, ECX
: 004011DE 7E0D JLE 004011ED ← Greater than Jumping 004011ED, end operation
* Reference by A (u) Nconditional OR (C) ONDITIONAL JUMP AT ATDRESS:
|: 004011EB (c)
: 004011E0 33DB XOR EBX, EBX ← EBX clear, the following attention is seen
: 004011E2 8A5C05E4 MOV BL, BYTE PTR [EBP EAX-1C] ← Registered ASCII 16
Improved value into EBX low
: 004011E6 03D3 Add EDX, EBX
: 004011E8 40 Inc EAX ← Accumulation Counter
: 004011E9 3BC8 CMP ECX, EAX ← Compare EAX and ECX?
: 004011EB 7FF3 JG 004011E0 ← Small jump to 004011E0 Continue
* Reference by A (u) Nconditional OR (C) ONDITIONAL JUMP AT ATDRESS:
|: 004011DE (c)
|
004011ED 52 Push EDX
* Possible StringData Ref from data obj -> / "% d /"
|
0040111640B182 PUSH 0040B182
: 004011F3 8D45AC LEA EAX, DWORD PTR [EBP-54]
: 004011F6 50 Push EAX
: 004011F7 E8C0280000 Call 00403ABC
: 004011FC 83C40C Add ESP, 0000000C
: 004011FF 8D55AC LEA EDX, DWORD PTR [EBP-54]
00401202 52 Push EDX
: 00401203 8D4DC8 LEA ECX, DWORD PTR [EBP-38]
00401206 51 PUSH ECX
00401207 E808120000 Call 00402414 ← Key Call, registration
Code comparison
: 0040120C 83C408 Add ESP, 00000008
: 0040120F 85c0 Test Eax, EAX
: 00401211 7517 JNE 0040122A ← 不 不 就 蛋 蛋! ? @ _ @?
0040016: 004004002
* Possible StringData Ref from data obj -> / "You DID it! /" // ^ _ ^
|
: 00401218 68CEB14000 PUSH 0040B1CE Algorithm summary:
The CRACKME algorithm is super simple, the registration code is equal to the 10-enumerated value of the 16-enumerated value of the registered ASCII
Algorithm example:
Registration: Woyao
Registration code: 119 111 121 97 111 = 559 (decimal value)
VB registrar source code:
Private submmand1_click ()
a = text1.text
For i = 1 to len (a)
B = B ASC (MID $ (A, I))
Next I
Text2.text = B
End Sub
Sixth, a short ago, the algorithm analysis has been written, no longer from the completion, because the purpose of the tutorial is to write, come and see below:
National telephone pass VER1.09.01 registration algorithm
The algorithm is summarized as follows:
Registration code = ((machine code (transfer to hex) -3f9) / 2D3 3F9) * 2D3
User name can be filled in because it does not participate in the registration code
The entered machine code is set to a, listed in the calculation:
((A - 3F9) / 2D3 3F9) * 2D3
My machine code: 118866
My registration code: 853140
The VB registrar source code is shown below:
Private submmand1_click ()
strtmp = text1.text
A = VAL (Text1.Text)
B = A - & H3F9
C = B / & H2D3 & H3F9
D = C * & H2D3
Text2.text = d
End Sub
Seven, why is the source code to take a few paragraphs? Back to the algorithm summary, listed in the calculation first, oh, it turns out to be related to parentheses. understood! I want [DFCG] "Essence" of lazy source code here. @ # &% $ ^ _ ^
Eight, because of my dishes, so I haven't used it, I want to be lazy, ha, I finally figured out a law and method, I don't have to send it up, everyone is useful, it is useless, when you go up,
Send back I want [DFCG] to "essence" to the old home! ^ _ ^
Nine, see me dizzy
Dizzy, you
I didn't say a topic, didn't you teach simple CRACKME? See you anxious, I am not anxious to "negative" on the forum, what are you eager! ? I remembered the reason for "negative", ha, here should be on your old school children, you owe my score, pay me, or not. . .
Ten, brick, stinky eggs again? Halo, don't say, don't say, stop. Look at the source code below:
CRACKME_DFCG source code
Private submmand1_click ()
DIM A, B, C, D, X AS Integer
A = 22222
B = a 33333
C = b * 1234
D = VAL (Text1.Text)
IF c = D THEN
Msgbox "master! I obey you @ _ @"
Else
Msgbox "Ha! You are more than me
莱 ^ _ ^ "
END IF
End Sub
PRIVATE SUB Command2_Click () About DFCG.SHOW
End Sub
===================================================
CRACKME_DFCG Register Source Code
Private submmand1_click ()
strtmp = text1.text
A = 22222
B = a 33333
C = b * 1234
Text1.text = C
End Sub
Eleven, this is this
Lai Bird CrackMe, simple pole. Nothing to say, come back
Further CRACKME, this east
East is in your correct
After the registration code will pop up new engineering windows, huh, the software registration code is correct! ^ _ ^ Look below:
Pass_crackme window 1 Source code: (Form1)
Private Sub Form_KeyDown (Keycode As Integer, Shift AS Integer)
End
End Sub
Pass_crackme window 2 Source: (Form2)
Private sub text1_keydown (Keycode As Integer, Shift as integer)
IF keycode = 13 THEN
If Text1.Text = "Woyao [DFCG]" THEN
FORM1.SHOW
Unload form2
Else
TEXT1.TEXT = "" "
Print Msgbox ("Sorry! Password Error!" " CHR (10) CHR (10) CHR (13) " Please re-enter the correct password! ", 48," Ha! Failure ^ _ ^ " )
E
ND if endiff
End Sub
12. This time does not give the registrar source code, you come here! Anyway, it is similar to the above, but the process I did a little change, and I tried it. Come on, do it!
! !
Thirteen, all the east will mention
The east is coming up as an attachment and downloads back to study. After this pass_crackme, I will pick up the complete source code, change it, you get another function CRACKME, for example, when you enter your password correctly, pop up a Picture of a PLMM.
14. So far, this literacy content has been almost the same, the next class is as a summary and repeat the contents of the first few lessons, and teaches you to make your personalized business card, so bad only in personal preference, but Knowing its writing process, the following artwork work is good! ^ _ ^
Fifteen, this original author - I want [dfcg], copyright is not, human rights I have ^ _ ^
Therefore, the friends and friends of the friends who turn this post and friends will note that this article is from DFCG organization and I want [DFCG] original as a prerequisite, otherwise thank you for reprint. On the Internet, but not there is no one to see! Thank you for reading! I want [DFCG] 2003.12.12
