CrackMe第十三题算法 + 注册机
本帖最后由 growuphappily 于 2020-3-7 19:30 编辑0x00 前言
最近在练160个CrackMe,原帖如下:
https://www.52pojie.cn/thread-709699-1-1.html
目录:
题目地址
第一题 https://www.52pojie.cn/forum.php?mod=viewthread&tid=1107523
第二题 https://www.52pojie.cn/forum.php?mod=viewthread&tid=1107888
第三题 ttps://www.52pojie.cn/thread-1108487-1-1.html
第四题 https://www.52pojie.cn/thread-1109140-1-1.html
第五题 太变态了,算了
第六题 https://www.52pojie.cn/thread-1111030-1-1.html
第七题 https://www.52pojie.cn/thread-1112318-1-1.html
第八题 https://www.52pojie.cn/thread-1113163-1-1.html
第九题爆破 https://www.52pojie.cn/thread-1113295-1-1.html
第九题算法 https://www.52pojie.cn/thread-1114003-1-1.html
第十题 https://www.52pojie.cn/thread-1116170-1-1.html
第十一题 https://www.52pojie.cn/thread-1119813-1-1.html
第十一题算法 https://www.52pojie.cn/thread-1120768-1-1.html
第十三题 https://www.52pojie.cn/forum.php?mod=viewthread&tid=1122833&page=1&extra=#pid30408289
0x01 正文
打开第十三个CM:
这个还分1.0和2.0?
拖入OD:
下GetWindowText断点
这里断倒是断下了,但是一直在user32和VB的dll里面打转
这就说明这可能是`P - CODE`编译的程序
要是真的是的话就不能用OD了,要用VB Decompiler
有几个按钮事件:
随便翻翻,只有Command2和Command4的事件有if判断
而Command2的事件有两个Text
所以Command4就是1.0的try按钮事件
Command2就是2.0的try
CrackMe1.0
看一下1.0的按钮事件:
Private Sub Command4_Click() '4052AC
'Data Table: 403D90
loc_4051DA: If (Me.Text3.Text = Me.Label3.Caption) Then
loc_4051E9: Me.Command2.Visible = False
loc_4051FD: Me.Frame3.Visible = False
loc_405211: Me.Command1.Visible = False
loc_405225: Me.Command5.Visible = False
loc_405239: Me.Command3.Visible = True
loc_40524D: Me.Text2.Visible = False
loc_405261: Me.Frame3.Visible = True
loc_405275: Me.Command4.Visible = False
loc_40528A: Me.Label3.Caption = "Congratulation !"
loc_405295: Else
loc_4052A2: Me.Text3.Text = "Try Again!"
loc_4052AA: End If
loc_4052AA: Exit Sub
End Sub
第3行那个Label3相当可疑
它里面应该存放着注册码
再看看其他事件,在Combo1_Click发现了算法:
Private Sub Combo1_Click() '405550
'Data Table: 403D90
Dim var_88 As Long
Dim var_1D4 As Variant
loc_4053A8: var_88 = CLng((((Day(Now) * Day(23)) + (Month(Now) * Month(2))) + (Year(Now) * Year(3))))
loc_4053DB: var_1D0 = CStr((((var_88 + var_88) + CLng((Day(14) * Year(2020)))) + CLng((Day(14) * Year(2020)))))
loc_4053EA: Me.Command1.Visible = True
loc_4053FE: Me.Command3.Visible = False
loc_405412: Me.Frame3.Visible = False
loc_405435: If (Me.Combo1.ListIndex = 1) Then
loc_405444: Me.Command2.Visible = True
loc_405458: Me.Command4.Visible = False
loc_40546C: Me.Frame1.Visible = True
loc_405480: Me.Frame4.Visible = False
loc_405494: Me.Frame2.Visible = False
loc_4054A7: Call {4CF9916A-63B9-11D3-9279E11A19E4723F}.Method_MeC (CDbl(2265), var_88)
loc_4054B2: Set var_1D4 = Me.Text2
loc_4054B8: Form1.Text2.Visible = True
loc_4054C3: Else
loc_4054CF: Me.Command4.Visible = True
loc_4054E3: Me.Command2.Visible = False
loc_4054F7: Me.Frame4.Visible = True
loc_40550C: Me.Label3.Caption = var_1D0
loc_405520: Me.Frame1.Visible = False
loc_405534: Me.Frame2.Visible = False
loc_405547: Call {4CF9916A-63B9-11D3-9279E11A19E4723F}.Method_MeC (CDbl(2265))
loc_40554C: End If
loc_40554C: Exit Sub
End Sub
在loc_40550C的地方,给Label3赋了值
而赋值的是var_1D0
而var_1D0是下面两句计算得来的
loc_4053A8: var_88 = CLng((((Day(Now) * Day(23)) + (Month(Now) * Month(2))) + (Year(Now) * Year(3))))
loc_4053DB: var_1D0 = CStr((((var_88 + var_88) + CLng((Day(14) * Year(2020)))) + CLng((Day(14) * Year(2020)))))
整个流程是:把现在的日期取日(2020/03/6就取6)乘上时间戳23秒的日期的天(时间戳:从1970年1月1日00:00:00开始的秒数,如时间戳60就是表示1970/1/1 00:01:00)再加上现在的月×时间戳23的日再加......懒得写了。。
把这个输上之后,会出现Congratulation !然后又会让输入注册码再输入之前的那个,不行
看代码,405428A那里又给Label赋值了
这次是Congratulation !
所以说输入Congratulation !就可以了
CrackMe2.0
再来看2.0的按钮事件:
Private Sub Command2_Click() '4058EC
'Data Table: 403D90
Dim var_90 As Long
Dim var_1CC As Variant
loc_4055EE: If (Len(Me.Text1.Text) < 5) Then
loc_4055FE: Me.Text2.Text = "At least 5 characters!"
loc_405606: Exit Sub
loc_405607: End If
loc_40560A: var_94 = "0110617121214051216101106141404110614140411091211100810101608040610121608100416"
loc_405622: var_98 = Me.Text1.Text
loc_40562D: var_A8 = 1 'Variant
loc_405641: For var_108 = 4 To CVar(Len(var_98)): var_C8 = var_108 'Variant
loc_405698: var_90 = CLng((CDbl(var_90) + (CDbl(Asc(Mid$(var_98, CLng(var_C8), 1))) * Val(Mid$(var_94, CLng((var_A8 * 3)), 3)))))
loc_4056C4: If ((var_A8 + 1) >= 39) Then
loc_4056CC: var_A8 = 0 'Variant
loc_4056D0: End If
loc_4056D3: Next var_108 'Variant
loc_4056DE: var_A8 = 1 'Variant
loc_4056F2: For var_168 = 4 To CVar(Len(var_98)): var_C8 = var_168 'Variant
loc_405764: var_1CC = CVar((CDbl((Asc(Mid$(var_98, CLng(var_C8), 1)) * Asc(Mid$(var_98, CLng((var_C8 - 1)), 1)))) * Val(Mid$(var_94, CLng((var_A8 * 2)), 2)))) 'Double
loc_40576C: var_178 = (var_178 + var_1CC) 'Variant
loc_40579D: If ((var_A8 + 1) >= 39) Then
loc_4057A5: var_A8 = 0 'Variant
loc_4057A9: End If
loc_4057AC: Next var_168 'Variant
loc_405815: If (Me.Text2.Text = LTrim$(Str$(var_90)) & "-" & LTrim$(Str$(var_178))) Then
loc_405824: Me.Command2.Visible = False
loc_405838: Me.Command1.Visible = False
loc_40584C: Me.Command5.Visible = True
loc_405860: Me.Command3.Visible = False
loc_405874: Me.Text2.Visible = False
loc_405888: Me.Frame3.Visible = True
loc_4058BD: Me.Label3.Caption = "Congratulation " & Me.Text1.Text & " !"
loc_4058D5: Else
loc_4058E2: Me.Text2.Text = "Try Again!"
loc_4058EA: End If
loc_4058EA: Exit Sub
End Sub
计算的代码多了些,不过没关系
而且这个不像上次的还用一个标签来储存变量
注册机
可以写注册机了(现成的VB,写什么Python233):
Private Sub Command1_Click()
Dim var_88 As Long
var_88 = CLng((((Day(Now) * Day(23)) + (Month(Now) * Month(2))) + (Year(Now) * Year(3))))
Text1.Text = "第一次:" & CStr((((var_88 + var_88) + CLng((Day(14) * Year(2020)))) + CLng((Day(14) * Year(2020))))) & Chr(13) + Chr(10) & "第二次:Congratulation !"
End Sub
Private Sub Command2_Click()
Dim var_90 As Long
Dim var_1CC As Variant
loc_4055EE: If (Len(Me.Text2.Text) < 5) Then
loc_4055FE: Me.Text3.Text = "最少5个字符!"
loc_405606: Exit Sub
loc_405607: End If
loc_40560A: var_94 = "0110617121214051216101106141404110614140411091211100810101608040610121608100416"
loc_405622: var_98 = Me.Text2.Text
loc_40562D: var_A8 = 1 'Variant
loc_405641: For var_108 = 4 To CVar(Len(var_98)): var_C8 = var_108 'Variant
loc_405698: var_90 = CLng((CDbl(var_90) + (CDbl(Asc(Mid$(var_98, CLng(var_C8), 1))) * Val(Mid$(var_94, CLng((var_A8 * 3)), 3)))))
var_A8 = var_A8 + 1
loc_4056C4: If (var_A8 >= 39) Then
loc_4056CC: var_A8 = 0 'Variant
loc_4056D0: End If
loc_4056D3: Next var_108 'Variant
loc_4056DE: var_A8 = 1 'Variant
loc_4056F2: For var_168 = 4 To CVar(Len(var_98)): var_C8 = var_168 'Variant
loc_405764: var_1CC = CVar((CDbl((Asc(Mid$(var_98, CLng(var_C8), 1)) * Asc(Mid$(var_98, CLng((var_C8 - 1)), 1)))) * Val(Mid$(var_94, CLng((var_A8 * 2)), 2)))) 'Double
loc_40576C: var_178 = (var_178 + var_1CC) 'Variant
var_A8 = var_A8 + 1
loc_40579D: If ((var_A8 + 1) >= 39) Then
loc_4057A5: var_A8 = 0 'Variant
loc_4057A9: End If
loc_4057AC: Next var_168 'Variant
loc_405815: Text3.Text = LTrim$(Str$(var_90)) & "-" & LTrim$(Str$(var_178))
End Sub
这里注意,40579D和4056C4的两个if需要改一下:
loc_40579D: If ((var_A8 + 1) >= 39) Then
loc_4057A5: var_A8 = 0 'Variant
loc_4057A9: End If
‘改为
var_A8 = var_A8 + 1'加了这行
loc_40579D: If (var_A8 + 1= 39) Then ’修改成这样
loc_4057A5: var_A8 = 0 'Variant
loc_4057A9: End If
如果你就是来找注册机玩玩的,这里是写好的注册机和源码(可能需要安装VB运行库,具体自行百度):
解压密码:52pojie.cn
0x02 最后
来都来了,请留个分,回个复再走呗~~~ 热心回复 感谢分享 热心回复 感谢分享 谢谢分享 我爱学习,身体好好~ 没看懂但很厉害啊
页:
[1]