又一个CM
64位的, 无壳, 无反调试, 有混淆,clang-llvm编译, 采用的这个ollvm版本https://github.com/amimo/goron
移植了 https://github.com/HikariObfuscator/Hikari 的三个Pass,
InstructionsSubstitution, FunctionWrapper 和 BogusControlFlow
开启了全部保护功能
爆破, 分析算法都可以.
正确key: 52pojie
运行如图:
下载: 本帖最后由 solly 于 2020-7-11 03:12 编辑
1、暴破:
00007FF70B4977F1 | 48:8B8D E0000000 | mov rcx,qword ptr ss: |
00007FF70B4977F8 | 0FB611 | movzx edx,byte ptr ds: |
00007FF70B4977FB | 83FA 00 | cmp edx,0 |
00007FF70B4977FE | 41:0F94C0 | sete r8b |
00007FF70B497802 | 3D 3A90765E | cmp eax,5E76903A |
00007FF70B497807 | 44:8845 23 | mov byte ptr ss:,r8b |
00007FF70B49780B | 0F87 C0FFFFFF | ja 测试.7FF70B4977D1 |
00007FF70B497811 | 8A45 23 | mov al,byte ptr ss: |
00007FF70B497814 | 0C 01 | or al,1 | and al, 01 ===> or al, 01
00007FF70B497816 | 0FB6C0 | movzx eax,al |
2、算法:
好象就是ascii码之和等于0x27E即可。
本帖最后由 solly 于 2020-7-21 10:58 编辑
算法:
#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
typedef unsigned long UINT;
typedef unsigned char UCHAR;
void generateSN(UCHAR * sn);
UINT checkSN(UCHAR * sn);
void randSN(UCHAR * sn);
int main(int argc, char** argv) {
UCHAR sn = {0};
srand((unsigned)time(NULL));
//// 生成 sn
generateSN(sn);
printf("sn: %s.\n", sn);
//// 检查 sn
UINT result = checkSN(sn); /// 算法检查
if(result==0) {
printf("sn: %s is valid.\n", sn);
} else {
printf("sn: %s is invalid.\n", sn);
}
return 0;
}
UINT checkSN(UCHAR * sn) {
UCHAR base[] = "43qnkhd";
UINT checkSum = 0;
int n = strlen((char *)sn);
for(int i=0; i<n; i++) {
checkSum = checkSum xor base xor sn xor 0x01;
}
return checkSum;
}
void generateSN(UCHAR * sn) {
UCHAR base[] = "43qnkhd";
do {
randSN(sn); //// 随机填充前6个字符
UINT checkSum = 0;
for(int i=0; i<6; i++) { //// 计算前6位checksum
checkSum = checkSum xor base xor sn xor 0x01;
}
UINT last = checkSum xor base xor 0x01;
sn= (UCHAR)(last);//// 修正第7位
} while ((sn <= 0x20) || (sn == 0x7F)); //// 最后一位为不可见字符,则重新生成
sn= '\0';
}
void randSN(UCHAR * sn) {
for(int i=0; i<6; i++) {
sn = (rand() % 0x5E) + 0x21;
}
}
页:
[1]