chenx221/Reverse
1
0
Fork 0
Code Pull Requests Activity

Compare commits

base: chenx221:a2ba539192d6336ae383e2c6cf098297188f1995
Branches Tags
chenx221:main
...
compare: chenx221:6e27a8d4433a09949970847427881e39b361729f
Branches Tags
chenx221:main

2 Commits
a2ba539192 ... 6e27a8d443

Author SHA1 Message Date
Chenx221
6e27a8d443
solved new crackme 2024-09-18 15:04:18 +08:00
Chenx221
d73b9a5ace
solved new keygenme 2024-09-18 14:42:07 +08:00
15 changed files with 706 additions and 0 deletions
Show Stats Expand all files Collapse all files

BIN
ABuggerCrackMe2/ABuggerCrackMe2.exe Normal file
View File

Binary file not shown.

23
ABuggerCrackMe2/keygen/keygen3.deps.json Normal file
View File

@ -0,0 +1,23 @@
{
"runtimeTarget": {
"name": ".NETCoreApp,Version=v8.0",
"signature": ""
},
"compilationOptions": {},
"targets": {
".NETCoreApp,Version=v8.0": {
"keygen3/1.0.0": {
"runtime": {
"keygen3.dll": {}
}
}
}
},
"libraries": {
"keygen3/1.0.0": {
"type": "project",
"serviceable": false,
"sha512": ""
}
}
}

BIN
ABuggerCrackMe2/keygen/keygen3.dll Normal file
View File

Binary file not shown.

BIN
ABuggerCrackMe2/keygen/keygen3.exe Normal file
View File

Binary file not shown.

19
ABuggerCrackMe2/keygen/keygen3.runtimeconfig.json Normal file
View File

@ -0,0 +1,19 @@
{
"runtimeOptions": {
"tfm": "net8.0",
"frameworks": [
{
"name": "Microsoft.NETCore.App",
"version": "8.0.0"
},
{
"name": "Microsoft.WindowsDesktop.App",
"version": "8.0.0"
}
],
"configProperties": {
"System.Reflection.Metadata.MetadataUpdater.IsSupported": false,
"System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization": true
}
}
}

43
ABuggerCrackMe2/solve.txt Normal file
View File

@ -0,0 +1,43 @@
dnspy
DES Encrypt
key,iv: Encoding.ASCII.GetBytes("ABugger2");
加密结果以base64形式表示
检查Key文本框是否为空
检查DES加密(Key文本)==license文件内容
检查DES加密(license文件路径)=="DIYCtpqJYWygsw1V7MbQdyxPnWMKkR4/"
通过解密可得:
license文件需要放C:\CrackMes\File
其内容为DES加密的key的Base64key和iv上面写了
private void btnCheck_Click(object sender, EventArgs e)
{
if (this.open.ShowDialog() == DialogResult.OK)
{
string fileName = this.open.FileName;
try
{
string text;
using (StreamReader streamReader = new StreamReader(fileName))
{
text = streamReader.ReadLine();
}
if (this.txtName.Text != "" && Form1.EncryptDES(this.txtName.Text) == text && Form1.EncryptDES(fileName) == "DIYCtpqJYWygsw1V7MbQdyxPnWMKkR4/")
{
this.lblMode.Text = "Trial mode";
this.lblMode.ForeColor = Color.Green;
}
else
{
MessageBox.Show("KeyFile is invalid");
}
}
catch
{
MessageBox.Show("I can't open file! :(");
}
}
}

51
ABuggerCrackMe2/source/keygen1.sln Normal file
View File

@ -0,0 +1,51 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.11.35303.130
MinimumVisualStudioVersion = 10.0.40219.1
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen1", "keygen1\keygen1.csproj", "{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen2", "keygen2\keygen2.csproj", "{2446CB50-1882-4219-9DB0-E7F5517E6E20}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen3", "keygen3\keygen3.csproj", "{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x86.ActiveCfg = Debug|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x86.Build.0 = Debug|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|Any CPU.Build.0 = Release|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x86.ActiveCfg = Release|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x86.Build.0 = Release|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x86.ActiveCfg = Debug|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x86.Build.0 = Debug|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|Any CPU.Build.0 = Release|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x86.ActiveCfg = Release|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x86.Build.0 = Release|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x86.ActiveCfg = Debug|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x86.Build.0 = Debug|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|Any CPU.Build.0 = Release|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x86.ActiveCfg = Release|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x86.Build.0 = Release|x86
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {01ED3EE8-E89A-4A27-AF68-EF2490CB6BD7}
EndGlobalSection
EndGlobal

144
ABuggerCrackMe2/source/keygen3/Form1.Designer.cs generated Normal file
View File

@ -0,0 +1,144 @@
namespace keygen3
{
partial class Form1
{
/// <summary>
/// Required designer variable.
/// </summary>
private System.ComponentModel.IContainer components = null;
/// <summary>
/// Clean up any resources being used.
/// </summary>
/// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
protected override void Dispose(bool disposing)
{
if (disposing && (components != null))
{
components.Dispose();
}
base.Dispose(disposing);
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
textBox1 = new TextBox();
button1 = new Button();
button2 = new Button();
label1 = new Label();
button3 = new Button();
label3 = new Label();
label4 = new Label();
textBox3 = new TextBox();
SuspendLayout();
//
// textBox1
//
textBox1.Location = new Point(12, 31);
textBox1.Name = "textBox1";
textBox1.Size = new Size(305, 23);
textBox1.TabIndex = 0;
//
// button1
//
button1.Location = new Point(323, 12);
button1.Name = "button1";
button1.Size = new Size(115, 41);
button1.TabIndex = 1;
button1.Text = "Generate License";
button1.UseVisualStyleBackColor = true;
button1.Click += Button1_Click;
//
// button2
//
button2.Location = new Point(323, 59);
button2.Name = "button2";
button2.Size = new Size(115, 42);
button2.TabIndex = 1;
button2.Text = "Check";
button2.UseVisualStyleBackColor = true;
button2.Click += Button2_Click;
//
// label1
//
label1.AutoSize = true;
label1.Location = new Point(12, 13);
label1.Name = "label1";
label1.Size = new Size(29, 15);
label1.TabIndex = 2;
label1.Text = "Key:";
//
// button3
//
button3.Location = new Point(323, 107);
button3.Name = "button3";
button3.Size = new Size(115, 41);
button3.TabIndex = 3;
button3.Text = "Restart as Admin";
button3.UseVisualStyleBackColor = true;
button3.Click += Button3_Click;
//
// label3
//
label3.AutoSize = true;
label3.Location = new Point(242, 133);
label3.Name = "label3";
label3.Size = new Size(75, 15);
label3.TabIndex = 6;
label3.Text = "By Chenx221";
//
// label4
//
label4.AutoSize = true;
label4.Location = new Point(12, 74);
label4.Name = "label4";
label4.Size = new Size(49, 15);
label4.TabIndex = 7;
label4.Text = "License:";
//
// textBox3
//
textBox3.Location = new Point(12, 92);
textBox3.Name = "textBox3";
textBox3.Size = new Size(305, 23);
textBox3.TabIndex = 8;
//
// Form1
//
AutoScaleDimensions = new SizeF(7F, 15F);
AutoScaleMode = AutoScaleMode.Font;
ClientSize = new Size(446, 156);
Controls.Add(textBox3);
Controls.Add(label4);
Controls.Add(label3);
Controls.Add(button3);
Controls.Add(label1);
Controls.Add(button2);
Controls.Add(button1);
Controls.Add(textBox1);
FormBorderStyle = FormBorderStyle.FixedSingle;
MaximizeBox = false;
Name = "Form1";
Text = "KeyGen For ABuggerCrackMe2";
ResumeLayout(false);
PerformLayout();
}
#endregion
private TextBox textBox1;
private Button button1;
private Button button2;
private Label label1;
private Button button3;
private Label label3;
private Label label4;
private TextBox textBox3;
}
}

221
ABuggerCrackMe2/source/keygen3/Form1.cs Normal file
View File

@ -0,0 +1,221 @@
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Security.Principal;
using System.Text;
namespace keygen3
{
public partial class Form1 : Form
{
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
static extern IntPtr FindWindow(string? lpClassName, string lpWindowName);
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)]
static extern IntPtr FindWindowEx(IntPtr hwndParent, IntPtr hwndChildAfter, string lpszClass, string lpszWindow);
[DllImport("user32.dll", SetLastError = true)]
private static extern bool EnumChildWindows(IntPtr hWndParent, EnumWindowsProc lpEnumFunc, IntPtr lParam);
[DllImport("user32.dll", SetLastError = true)]
static extern IntPtr GetDlgItem(IntPtr hDlg, int nIDDlgItem);
[DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = false)]
static extern IntPtr SendMessage(IntPtr hWnd, uint Msg, IntPtr wParam, StringBuilder? lParam);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = false)]
static extern IntPtr SendMessage(IntPtr hWnd, uint Msg, IntPtr wParam, IntPtr lParam);
[DllImport("user32.dll", SetLastError = true)]
private static extern bool GetClassName(IntPtr hWnd, StringBuilder lpClassName, int nMaxCount);
[DllImport("user32.dll", SetLastError = true)]
private static extern bool GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount);
const uint WM_SETTEXT = 0x000C;
const uint BM_CLICK = 0x00F5;
private delegate bool EnumWindowsProc(IntPtr hwnd, IntPtr lParam);
public Form1()
{
InitializeComponent();
UpdateWindowTitle();
}
private void UpdateWindowTitle()
{
Text += IsRunningAsAdministrator() ? " (Admin)" : " (Non-Admin)";
button3.Enabled = !IsRunningAsAdministrator();
}
private static bool IsRunningAsAdministrator()
{
try
{
var identity = WindowsIdentity.GetCurrent();
var principal = new WindowsPrincipal(identity);
return principal.IsInRole(WindowsBuiltInRole.Administrator);
}
catch
{
return false;
}
}
private void Button1_Click(object sender, EventArgs e)
{
string value = textBox1.Text;
if (string.IsNullOrEmpty(value))
{
MessageBox.Show("Key不能为空");
return;
}
byte[] bytes = Encoding.ASCII.GetBytes("ABugger2");
string result = DESEncrypt(value, bytes, bytes);
textBox3.Text = result;
string directoryPath = @"C:\CrackMes";
string filePath = Path.Combine(directoryPath, "File");
try
{
if (!Directory.Exists(directoryPath))
{
Directory.CreateDirectory(directoryPath);
}
File.WriteAllText(filePath, result);
MessageBox.Show("文件保存成功!");
}
catch (UnauthorizedAccessException)
{
MessageBox.Show("保存文件失败,请尝试以管理员身份运行应用程序。");
}
catch (Exception ex)
{
MessageBox.Show($"保存文件失败: {ex.Message}");
}
}
private void Button2_Click(object sender, EventArgs e)
{
string value = textBox1.Text;
if (string.IsNullOrEmpty(value))
{
MessageBox.Show("Key不能为空");
return;
}
if (!File.Exists(@"C:\CrackMes\File"))
{
MessageBox.Show("许可证文件尚未生成");
return;
}
AutoMode(value);
}
private void Button3_Click(object sender, EventArgs e)
{
try
{
string exePath = Application.ExecutablePath;
var processInfo = new ProcessStartInfo
{
FileName = exePath,
UseShellExecute = true,
Verb = "runas",
Arguments = ""
};
Process.Start(processInfo);
Application.Exit();
}
catch (System.ComponentModel.Win32Exception)
{
MessageBox.Show("权限提升请求被拒绝。");
}
}
public static string DESEncrypt(string plainText, byte[] key, byte[] iv)
{
using var des = DES.Create();
des.Key = key;
des.IV = iv;
using var encryptor = des.CreateEncryptor(des.Key, des.IV);
var plainBytes = Encoding.UTF8.GetBytes(plainText);
using var memoryStream = new MemoryStream();
using var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
cryptoStream.Write(plainBytes, 0, plainBytes.Length);
cryptoStream.FlushFinalBlock();
return Convert.ToBase64String(memoryStream.ToArray());
}
public static string DESDecrypt(string encryptedText, byte[] key, byte[] iv)
{
using var des = DES.Create();
des.Key = key;
des.IV = iv;
using var decryptor = des.CreateDecryptor(des.Key, des.IV);
var encryptedBytes = Convert.FromBase64String(encryptedText);
using var memoryStream = new MemoryStream(encryptedBytes);
using var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
using var reader = new StreamReader(cryptoStream, Encoding.UTF8);
return reader.ReadToEnd();
}
private static IntPtr[] childHandles = new IntPtr[10];
private static int childCount = 0;
private static bool EnumChildWindowsProc(IntPtr hwnd, IntPtr lParam)
{
if (childCount >= childHandles.Length)
return false; // Stop enumeration if the array is full
childHandles[childCount++] = hwnd;
return true; // Continue enumeration
}
private static void AutoMode(string username)
{
string windowTitle = "ABuggerCrackMe#2";
IntPtr hWnd = FindWindow(null, windowTitle);
if (hWnd == IntPtr.Zero)
{
MessageBox.Show("窗口未找到");
return;
}
//int usernameControlId = 0x402C4;
//int submitButtonId = 0x6028A;
//IntPtr usernameHwnd = GetDlgItem(hWnd, usernameControlId);
//IntPtr submitButtonHwnd = GetDlgItem(hWnd, submitButtonId);
//IntPtr usernameHwnd = FindWindowEx(hWnd, IntPtr.Zero, "Edit", string.Empty);
//IntPtr submitButtonHwnd = FindWindowEx(hWnd, IntPtr.Zero, "Button", string.Empty);
childCount = 0;
EnumChildWindows(hWnd, EnumChildWindowsProc, IntPtr.Zero);
if (childCount < 5)
{
MessageBox.Show("控件未找到");
return;
}
IntPtr usernameHwnd = childHandles[4];
IntPtr submitButtonHwnd = childHandles[3];
if (usernameHwnd == IntPtr.Zero || submitButtonHwnd == IntPtr.Zero)
{
MessageBox.Show("控件未找到");
return;
}
StringBuilder usernameToSet = new(username);
SendMessage(usernameHwnd, WM_SETTEXT, IntPtr.Zero, usernameToSet);
MessageBox.Show("请在稍后弹出的文件选框中选择C:\\CrackMes\\File文件");
SendMessage(submitButtonHwnd, BM_CLICK, IntPtr.Zero, IntPtr.Zero);
}
}
}

120
ABuggerCrackMe2/source/keygen3/Form1.resx Normal file
View File

@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

17
ABuggerCrackMe2/source/keygen3/Program.cs Normal file
View File

@ -0,0 +1,17 @@
namespace keygen3
{
internal static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
// To customize application configuration such as set high DPI settings or default font,
// see https://aka.ms/applicationconfiguration.
ApplicationConfiguration.Initialize();
Application.Run(new Form1());
}
}
}

12
ABuggerCrackMe2/source/keygen3/keygen3.csproj Normal file
View File

@ -0,0 +1,12 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>WinExe</OutputType>
<TargetFramework>net8.0-windows</TargetFramework>
<Nullable>enable</Nullable>
<UseWindowsForms>true</UseWindowsForms>
<ImplicitUsings>enable</ImplicitUsings>
<Platforms>AnyCPU;x86</Platforms>
</PropertyGroup>
</Project>

BIN
ac_crackme_1.78/Crackme1.exe Normal file
View File

Binary file not shown.

22
ac_crackme_1.78/RuleZ.txt Normal file
View File

@ -0,0 +1,22 @@
Crackme1.exe
Written in Visual Basic 6
Only numbers as passwd.
Everything is legal. No Rules :)
This Crackme is Written by Acid_Cool_178 and [The Bug Tracker]
We are great friends and newbies.
Acid_Cool_178 is a proud newbie member of Hellforge
The Bug Tracer haz no group, reason ?? no internet :(
In IRC our nick are Acid_Cool_178 : [AC_178] or |AC_178| and
The bug Tracker : [TBT] or |TBT|
Channel : #cracking4newbies #cracking and #coding
When you have cracked this crackme please send a e-mail to Acid_Cool_178 and tell him how you did it..
acid_cool_178@hotmail.com
Greetings too my VB book :)

34
ac_crackme_1.78/solve.txt Normal file
View File

@ -0,0 +1,34 @@
代码量太少了
调试前前拿ida跑了下
然后密码就有了
2951
004023A9 | B9 04000280 | mov ecx,80020004 |
004023AE | B8 0A000000 | mov eax,A | eax:@BaseThreadInitThunk@12, 0A:'\n'
004023B3 | BB 08000000 | mov ebx,8 |
004023B8 | 66:81FE 870B | cmp si,B87 | <--
004023BD | 8B35 78104000 | mov esi,dword ptr ds:[<__vbaVarDup>] | 00401078:"阛鶲B<頞鶛鵒h 鶲愗隣斀颫浇颫"
004023C3 | 894D A4 | mov dword ptr ss:[ebp-5C],ecx |
004023C6 | 894D B4 | mov dword ptr ss:[ebp-4C],ecx |
004023C9 | 8945 9C | mov dword ptr ss:[ebp-64],eax | eax:@BaseThreadInitThunk@12
004023CC | 8945 AC | mov dword ptr ss:[ebp-54],eax | eax:@BaseThreadInitThunk@12
004023CF | C745 84 E41D4000 | mov dword ptr ss:[ebp-7C],crackme1.401DE4 | 401DE4:L"Crackme_1"
004023D6 | 899D 7CFFFFFF | mov dword ptr ss:[ebp-84],ebx |
004023DC | 8D95 7CFFFFFF | lea edx,dword ptr ss:[ebp-84] | edx:EntryPoint
004023E2 | 8D4D BC | lea ecx,dword ptr ss:[ebp-44] |
004023E5 | 75 3E | jne crackme1.402425 | 判断核心
004023E7 | FFD6 | call esi | success
004023E9 | 8D55 8C | lea edx,dword ptr ss:[ebp-74] | edx:EntryPoint
004023EC | 8D4D CC | lea ecx,dword ptr ss:[ebp-34] |
004023EF | C745 94 C41D4000 | mov dword ptr ss:[ebp-6C],crackme1.401DC4 | 401DC4:L"YOU DID IT"
004023F6 | 895D 8C | mov dword ptr ss:[ebp-74],ebx |
004023F9 | FFD6... | call esi |
0040240D | FF15 24104000 | call dword ptr ds:[<Ordinal#595>] |
00402413 | 8D55 9C... | lea edx,dword ptr ss:[ebp-64] | edx:EntryPoint
00402423 | EB 3C | jmp crackme1.402461 |
00402425 | FFD6 | call esi | Fail
00402427 | 8D55 8C | lea edx,dword ptr ss:[ebp-74] | edx:EntryPoint
0040242A | 8D4D CC | lea ecx,dword ptr ss:[ebp-34] |
0040242D | C745 94 FC1D4000 | mov dword ptr ss:[ebp-6C],crackme1.401DFC | 401DFC:L"Fucking Shit"
00402434 | 895D 8C | mov dword ptr ss:[ebp-74],ebx |
00402437 | FFD6 | call esi |