unsolved...

整不来，打扰了
2024-10-01 16:12:49 +08:00 · 2024-10-01 16:12:49 +08:00 · 10d72c53f9
commit 10d72c53f9
parent 95ab6658fc
4 changed files with 139 additions and 0 deletions
--- a/bfcrackme20/BFCrackMe20.exe
+++ b/bfcrackme20/BFCrackMe20.exe
--- a/bfcrackme20/BFCrackMe20.txt
+++ b/bfcrackme20/BFCrackMe20.txt
@ -0,0 +1,29 @@
+			==--__Boba Fetts CrackMe Version 2.0__--==
+
+Hey, and welcome to another adventure of one of my CrackMe´s
+The rules are similar (the same) as in the earlier realeses and those are:
+
+1. No patching allowed (disassemblers are allow to get a overwiew, but no patching)
+
+2. SoftIce is of course allowed and others similar debuggers like TRW2000...
+
+3. When you succed (which shouldn´t take that long) send me the solution but with YOUR name and serial, so I know that you didn´t just rip the serial from a friend or anything...
+Other kind of solutions are welcomed as are tutorials..The prize to the ten first people who makes it will be put in the next versions "Greet" section.
+
+Now have a good time now and remember: 
+"If there is a crack, make it a hole"
+Probarly a little unclear for the most of the people but I think some of you know what the sentence meant?! ;)
+
+Btw if you find any bugs please contact me as soon as you can so it can be fixed (I don´t have time for those kind of things, cuz you will find them for me). Those who finds a bug will also be in the next "Greet" section, so if you don´t make it don´t feel bad find a bug instead  :)
+
+My e-mail is as usual:
+
+boba303@hotmail.com or you can visit http://www.lockless.com/ and send a mail from there.
+
+
+Thats all for know...
+
+Looking forward to hear from anyone of you who reads this letter....
+
+This is Boba Fett for Lockless Cracking Crew saying: "Good day"
+
--- a/bfcrackme20/BFCrackMe20_dump_.exe
+++ b/bfcrackme20/BFCrackMe20_dump_.exe
--- a/bfcrackme20/unsolved.md
+++ b/bfcrackme20/unsolved.md
@ -0,0 +1,110 @@
+打包工具: ASPack(2.000)
+
+1. 老方法脱壳
+
+2. MethCallEngine
+
+   P-Code
+
+3. 看起来有两关？计算serial
+
+   ```vb
+     loc_40512A: var_98 = 112 'Variant
+     loc_405133: var_A8 = 1564 'Variant
+     loc_40513C: var_B8 = 1464 'Variant
+     loc_40515A: var_17C = CVar(Len(Me.lk.Text)) 'Variant
+     loc_405185: If Not((Me.lk.Text = "Ab")) Then
+     loc_40518D:   var_18C = 0 'Variant
+     loc_4051A9:   var_19C = CVar(Me.lk.Text) 'Variant
+     loc_4051B0:   ' Referenced from: 405246
+     loc_4051C3:   If CBool(Not (var_19C = vbNullString)) Then
+     loc_4051D2:     var_18C = (var_18C + 1) 'Variant
+     loc_405224:     var_1FC = (var_1FC + CVar(Asc(CStr(Left(Left(var_19C, CLng(var_18C)), 1))))) 'Variant
+     loc_405242:     var_19C = Right(var_19C, CLng((var_17C - var_18C))) 'Variant
+     loc_405246:     GoTo loc_4051B0
+     loc_405249:   End If
+     loc_405252:   If (var_1FC = CVar(Asc(CStr(Left(Left(var_19C, CLng(var_18C)), 1))))) Then
+     loc_405255:     End
+     loc_405257:     GoTo loc_40525A
+     loc_40525A:     ' Referenced from: 405257
+     loc_40525A:   End If
+     loc_405290:   var_108 = (((var_98 * var_A8) Xor var_B8 - var_E8) - 10) 'Variant
+     loc_40529E:   var_128 = (var_108 * var_1FC) 'Variant
+     loc_4052D4:   var_148 = (CVar(Val(Me.sh.Text)) * var_108) 'Variant
+     loc_4052E1:   If (var_148 = CVar(Val(Me.sh.Text))) Then
+     loc_4052E4:     End
+     loc_4052E9:   Else
+     loc_4052F9:     If CBool(Not (var_148 < var_128)) Then
+     loc_40530F:       var_168 = 11
+     loc_40532C:       If CBool(Not ((var_148 + var_168) > (var_128 + 11))) Then
+     loc_405332:         Me.Hide
+     loc_405345:         Homo.Show var_168, var_20C
+   ```
+
+   ```c#
+   int result = 0; //serial
+   foreach (char c in name)
+   {
+       result += c;
+   }
+   string serial = result.ToString();
+   ```
+
+4. 没了，第二关过不去
+
+   ```vb
+     loc_405422: var_98 = 144 'Variant
+     loc_40542B: var_A8 = 135 'Variant
+     loc_405434: var_B8 = 1234 'Variant
+     loc_405445: var_1AC = Me.kk.Text
+     loc_405458: If (var_1AC = vbNullString) Then
+     loc_40545B:   End
+     loc_40545D:   GoTo loc_405460
+     loc_405460:   ' Referenced from: 40545D
+     loc_405460: End If
+     loc_405472:  = .Text
+     loc_4054C3: var_F8 = ((var_B8 Mod var_98 Xor var_A8) + (CVar(Val(var_1AC)) * 100)) 'Variant
+     loc_4054E1: var_1CC = CVar(Len(Me.kk.Text)) 'Variant
+     loc_40550C: var_1EC = CVar(Me.kk.Text) 'Variant
+     loc_405513: Do 'loop at: 4055E3
+     loc_40551F: var_1DC = (0 + 1) 'Variant
+     loc_40557B: var_22C = CVar(Asc(CStr(Left(Left(CVar(Me.kk.Text), CLng(var_1DC)), 1)))) 'Variant
+     loc_405592: var_23C = 57
+     loc_4055A2: If CBool((var_22C < 48) Or (var_22C > var_23C)) Then
+     loc_4055B2:   Me.we.Caption = "Only intergers"
+     loc_4055BA:   Exit Sub
+     loc_4055BB: End If
+     loc_4055E3: Loop Until (Right(var_1EC, CLng((var_1CC - var_1DC))) = var_1A8) 'do at: 405513
+     loc_405601: Call var_1FC = CDec(CVar(Me.kk.Text))
+     loc_40561F: Set var_88 = MemVar_407044.sh
+     loc_405653: var_168 = Left(CVar(Val(blot.sh.Text)), 3) 'Variant
+     loc_405661: var_128 = (Right(Right(Right(var_1EC, CLng((var_1CC - var_1DC))), CLng((var_1CC - var_1DC))), CLng((var_1CC - var_1DC))) * var_168) 'Variant
+     loc_40567F: var_178 = ((var_F8 * var_168) - 18) 'Variant
+     loc_405693: If CBool(Not (var_128 < var_178)) Then
+     loc_4056C0:   var_1A8 = 20
+     loc_4056DD:   If CBool(Not ((CVar(Val(CStr(var_128))) + var_1A8) > (var_178 + 20))) Then
+     loc_4056E3:     Me.Hide
+     loc_4056F6:     Kanel.Show var_1A8, var_23C
+   ```
+
+   这是给人算的？怎么看都不像是有正确serial2的样子
+
+   ```c#
+   string serial = result.ToString(); //上一步算出的serial
+   
+   int v168 = int.Parse(serial[..3]);
+   
+   int v128 = int.Parse(serial2[1..]) * v168;
+   
+   int vf8 = 213 + int.Parse(serial2) * 100;
+   result2 = vf8 * v168 - 18;
+   
+   //v128: serial2的值去掉最高位后乘以v168
+   //result2: 213加上serial2的值乘以100，再乘以v168，减去18
+   if (v128 == result2)
+   {
+       //Success
+   }
+   ```
+
+