用批处理写的CrackMe 还挺有意思的
本帖最后由 Tonyha7 于 2020-3-9 22:12 编辑最近很喜欢玩批处理 于是弄出来这么个东西{:301_1001:} 没壳 但会检测od和ida 指令用bat2exe加密了 欢迎挑战
https://s2.ax1x.com/2020/03/09/8pLHL8.jpg
密码正确时:
https://s2.ax1x.com/2020/03/09/8pLqeS.jpg
新版本 https://www.52pojie.cn/thread-1127353-1-1.html
新版本 https://www.52pojie.cn/thread-1127353-1-1.html这个太简单了,是我加密没做好。。。。。
我是菜鸟,既然bat转的exe,肯定会释放文件的BatUnpacker.exe直接拖进去就出来了 用OD跟踪出来了这个批处理,看了看代码,发现密码是52pojie@Tonyha7,而且还有IDA和OD的检测(tasklist出来然后再找OllyDBG.exe和idaq.exe、idaq64.exe)
另外,0x4011A5处有个jnz,把他nop掉,程序就会叫你浏览文件夹,然后把crackme1.bat释放到那里(什么鬼?)
最后,附上提取出来的批处理
只会搞搞可以直接搜字符串的cm
@echo off
title CrackMe v1.0
goto 1234567890
:idaq
title FOUND IDA FOUND IDA FOUND IDA FOUND IDA FOUND IDA FOUND IDA FOUND IDA FOUND IDA
echo FOUND IDA FOUND IDA FOUND IDA FOUND IDA FOUND IDA FOUND IDA FOUND IDA FOUND IDA
ping -n 3 127.1>nul
exit
:OLL
title FOUND OLLYDBG FOUND OLLYDBG FOUND OLLYDBG FOUND OLLYDBG FOUND OLLYDBG FOUND OLLYDBG
echo FOUND OLLYDBG FOUND OLLYDBG FOUND OLLYDBG FOUND OLLYDBG FOUND OLLYDBG FOUND OLLYDBG
ping -n 3 127.1>nul
exit
:1234567890
tasklist|find /i "OLLYDBG.exe"
if %errorlevel% == 0 (goto OLL)
tasklist|find /i "idaq64.exe"
if %errorlevel% == 0 (goto idaq)
tasklist|find /i "idaq.exe"
if %errorlevel% == 0 (goto idaq)
goto WIN1
:WIN1
echo ENTER PASSWORD HERE
Set /P Choice= PASSWORD:
If not "%Choice%"=="" (
If "%Choice%"=="52pojie@Tonyha7" goto lose
)
GOTO WIN1
:win
TITLEYOU LOSE
echo YOU LOSE
PAUSE
:lose
echo SUCCEEDED SUCCEEDED SUCCEEDED SUCCEEDED SUCCEEDED SUCCEEDED
TITLE SUCCEEDED SUCCEEDED SUCC
看来加密方法还得改进{:301_1004:}
bat2exe自带加密太不靠谱 52pojie@Tonyha7 你弄的真好玩 新版本https://www.52pojie.cn/thread-1127353-1-1.html
这个有点尴尬(─.─||| 好强啊,我根本无从下手
页:
[1]