关于非明码对比的追码算法求助
本帖最后由 隐藏英雄 于 2022-12-13 01:34 编辑遇到一款软件,我已经爆破了,但是想追码,追了好久感觉有点无力,这个软件首先会对注册码逐个字符进行验证,中途只要一个字符错误就直接报码长度错误了。期中真实的注册码与电脑的时间,输入的用户名等各种因素进行取值,作为真码的一部分
我对算法又不太懂。看看哪位帮我,给我大概的方法,谢谢了
分析过程如下
1001C90A 55 push ebp ; 这里开始对注册码进行计算和比对
1001C90B 8BEC mov ebp,esp
1001C90D 6A FF push -0x1
1001C90F 68 C1980410 push KeyPro.100498C1
1001C914 64:A1 00000000mov eax,dword ptr fs:
1001C91A 50 push eax
1001C91B 64:8925 0000000>mov dword ptr fs:,esp
1001C922 83EC 70 sub esp,0x70
1001C925 894D C4 mov dword ptr ss:,ecx
1001C928 6A 01 push 0x1
1001C92A 8B4D C4 mov ecx,dword ptr ss:
1001C92D E8 9A8D0200 call <jmp.&MFC42.#6334> ; 取了用户名
1001C932 8D4D E8 lea ecx,dword ptr ss:
1001C935 E8 528B0200 call <jmp.&MFC42.#540>
1001C93A C745 FC 0000000>mov dword ptr ss:,0x0
1001C941 8B45 C4 mov eax,dword ptr ss:
1001C944 83C0 74 add eax,0x74
1001C947 50 push eax
1001C948 8B4D C4 mov ecx,dword ptr ss:
1001C94B 83C1 70 add ecx,0x70
1001C94E 51 push ecx
1001C94F 8B55 C4 mov edx,dword ptr ss:
1001C952 83C2 6C add edx,0x6C
1001C955 52 push edx ; KeyPro.1001C90A
1001C956 8B45 C4 mov eax,dword ptr ss:
1001C959 83C0 68 add eax,0x68
1001C95C 50 push eax
1001C95D 8D4D E4 lea ecx,dword ptr ss:
1001C960 51 push ecx
1001C961 E8 928B0200 call <jmp.&MFC42.#922> ; 取时间和注册码
1001C966 8945 C0 mov dword ptr ss:,eax
1001C969 8B55 C0 mov edx,dword ptr ss:
1001C96C 8955 BC mov dword ptr ss:,edx ; KeyPro.1001C90A
1001C96F C645 FC 01 mov byte ptr ss:,0x1
1001C973 8B45 BC mov eax,dword ptr ss:
1001C976 50 push eax
1001C977 8D4D E0 lea ecx,dword ptr ss:
1001C97A 51 push ecx
1001C97B E8 788B0200 call <jmp.&MFC42.#922> ; 码长度已经报错
1001C980 8945 B8 mov dword ptr ss:,eax
1001C983 8B55 B8 mov edx,dword ptr ss:
1001C986 8955 B4 mov dword ptr ss:,edx ; KeyPro.1001C90A
1001C989 C645 FC 02 mov byte ptr ss:,0x2
1001C98D 8B45 B4 mov eax,dword ptr ss:
1001C990 50 push eax
1001C991 8D4D DC lea ecx,dword ptr ss:
1001C994 51 push ecx
1001C995 E8 5E8B0200 call <jmp.&MFC42.#922>
1001C99A 8945 B0 mov dword ptr ss:,eax
1001C99D 8B55 B0 mov edx,dword ptr ss:
1001C9A0 8955 AC mov dword ptr ss:,edx ; KeyPro.1001C90A
1001C9A3 C645 FC 03 mov byte ptr ss:,0x3
1001C9A7 8B45 AC mov eax,dword ptr ss: ; mfc42.66F4DBBC
1001C9AA 50 push eax
1001C9AB 8D4D E8 lea ecx,dword ptr ss:
1001C9AE E8 F78A0200 call <jmp.&MFC42.#858> ; 取了完整注册码
1001C9B3 C645 FC 02 mov byte ptr ss:,0x2
1001C9B7 8D4D DC lea ecx,dword ptr ss:
1001C9BA E8 C78A0200 call <jmp.&MFC42.#800>
1001C9BF C645 FC 01 mov byte ptr ss:,0x1
1001C9C3 8D4D E0 lea ecx,dword ptr ss:
1001C9C6 E8 BB8A0200 call <jmp.&MFC42.#800> ; 这里给了一个P
1001C9CB C645 FC 00 mov byte ptr ss:,0x0
1001C9CF 8D4D E4 lea ecx,dword ptr ss:
1001C9D2 E8 AF8A0200 call <jmp.&MFC42.#800> ; 这里也是一个P
1001C9D7 51 push ecx
1001C9D8 8BCC mov ecx,esp
1001C9DA 8965 D8 mov dword ptr ss:,esp
1001C9DD 8D55 E8 lea edx,dword ptr ss:
1001C9E0 52 push edx ; KeyPro.1001C90A
1001C9E1 E8 E28A0200 call <jmp.&MFC42.#535>
1001C9E6 8945 A8 mov dword ptr ss:,eax
1001C9E9 6A 00 push 0x0
1001C9EB E8 33EFFEFF call KeyPro.1000B923
1001C9F0 83C4 08 add esp,0x8
1001C9F3 8945 A4 mov dword ptr ss:,eax
1001C9F6 8B45 A4 mov eax,dword ptr ss:
1001C9F9 8945 EC mov dword ptr ss:,eax
1001C9FC 837D EC 01 cmp dword ptr ss:,0x1
1001CA00 74 4F je short KeyPro.1001CA51 ; 关键跳转
1001CA02 6A 00 push 0x0
1001CA04 6A 00 push 0x0
1001CA06 8B4D EC mov ecx,dword ptr ss:
1001CA09 51 push ecx
1001CA0A 8D55 D4 lea edx,dword ptr ss:
1001CA0D 52 push edx ; KeyPro.1001C90A
1001CA0E E8 762C0000 call KeyPro.1001F689 ; 这里进去给到长度报错模块
1001CA13 83C4 08 add esp,0x8
1001CA16 8945 A0 mov dword ptr ss:,eax
1001CA19 8B45 A0 mov eax,dword ptr ss: ; mfc42.66F4DBA0
1001CA1C 8945 9C mov dword ptr ss:,eax
1001CA1F C645 FC 04 mov byte ptr ss:,0x4
1001CA23 8B4D 9C mov ecx,dword ptr ss:
1001CA26 E8 9583FEFF call KeyPro.10004DC0
1001CA2B 50 push eax
1001CA2C E8 E58A0200 call <jmp.&MFC42.#1200> ; 长度不正确
1001CA31 C645 FC 00 mov byte ptr ss:,0x0
1001CA35 8D4D D4 lea ecx,dword ptr ss:
1001CA38 E8 498A0200 call <jmp.&MFC42.#800>
1001CA3D C745 FC FFFFFFF>mov dword ptr ss:,-0x1
1001CA44 8D4D E8 lea ecx,dword ptr ss:
以上是我的分析部分内容,不知道是否违规,违规的话请版主删除,别关我小黑屋,我后期重新附上更详细的分析过程进行提问,谢谢了
下面附上软件 欢迎大家踊跃测试。
https://wwot.lanzouw.com/i22q90ijkdyf
搞算法用ida,f5… 有大佬下载看看嘛
页:
[1]