chenx221/Reverse
1
0
Fork 0
Code Pull Requests Activity
753bef8589
Reverse/bengaly_km3/solve.md
Chenx221 95ab6658fc
solved new crackme
2024-09-30 19:09:16 +08:00

70 lines
3.4 KiB
Markdown
Raw Blame History

还是熟悉的配方
1. 直接找serial算法
```assembly
004012F6 | 68 3F304000 | push key4.40303F |
004012FB | E8 34010000 | call <JMP.&_lstrlenAStub@4> |
00401300 | 33F6 | xor esi,esi |
00401302 | 33DB | xor ebx,ebx |
00401304 | 8BC8 | mov ecx,eax |
00401306 | B8 01000000 | mov eax,1 |
0040130B | 8B1D 3F304000 | mov ebx,dword ptr ds:[40303F] |
00401311 | 0FBE90 1F354000 | movsx edx,byte ptr ds:[eax+40351F] |
00401318 | 2BDA | sub ebx,edx |
0040131A | 0FAFDA | imul ebx,edx |
0040131D | 8BF3 | mov esi,ebx |
0040131F | 2BD8 | sub ebx,eax |
00401321 | 81C3 43353504 | add ebx,4353543 |
00401327 | 03F3 | add esi,ebx |
00401329 | 33F2 | xor esi,edx |
0040132B | B8 04000000 | mov eax,4 |
00401330 | 49 | dec ecx |
00401331 | 75 D8 | jne key4.40130B |
00401333 | 56 | push esi |
00401334 | 68 3F314000 | push key4.40313F |
00401339 | E8 4A000000 | call key4.401388 |
0040133E | 5E | pop esi |
0040133F | 3BC6 | cmp eax,esi | EAX: UserInput, ESI: True Serial
00401341 | 75 15 | jne key4.401358 |
00401343 | 6A 00 | push 0 |
00401345 | 68 8C344000 | push key4.40348C | 40348C:"KeygenMe #3"
0040134A | 68 DD344000 | push key4.4034DD | 4034DD:" Great, You are ranked as Level-3 at Keygening now"
0040134F | 6A 00 | push 0 |
00401351 | E8 9C000000 | call <JMP.&_MessageBoxA@16> |
00401356 | EB 13 | jmp key4.40136B |
00401358 | 6A 00 | push 0 |
0040135A | 68 8C344000 | push key4.40348C | 40348C:"KeygenMe #3"
0040135F | 68 AA344000 | push key4.4034AA | 4034AA:" You Have Entered A Wrong Serial, Please Try Again"
00401364 | 6A 00 | push 0 |
00401366 | E8 87000000 | call <JMP.&_MessageBoxA@16> |
0040136B | EB 15 | jmp key4.401382 |
```
整理一下:
```c#
int eax = 1;
int esi = 0;
string s = "%@$erwr#@$$!@#21$@^&*&(%rthdhdfw423%#DSgfY$%^#$%bre#B@@%#G3re";
int length = name.Length;
int v = 0;
while (length > 0)
{
v = BitConverter.ToInt32(Encoding.ASCII.GetBytes(name), 0);
char c = s[eax - 1];
v -= c;
v *= c;
esi = v;
v -= eax;
v += 0x4353543;
esi += v;
esi ^= c;
eax = 0x4;
length--;
}
```
View Git Blame Copy Permalink