求大神给个思路破解一个CM
本帖最后由 cirrus 于 2016-6-5 19:44 编辑这个CM没有按钮,是自动循环检测的,破解成功后应该有个md5加密的key,求大神给个思路教我破解,新人上路请各位大神多多关照
CM下载http://pan.baidu.com/s/1dELBzt3
本帖最后由 cirrus 于 2016-6-5 19:45 编辑
00401B39|. E8 42C20100 CALL CrackMeC.0041DD80
00401B3E|. 83C4 0C ADD ESP,0C
00401B41|. 6A 1F PUSH 1F ; /Arg2 = 0000001F
00401B43|. 68 84865E00 PUSH CrackMeC.005E8684 ; |Arg1 = 005E8684 ASCII "admin"
00401B48|. 68 E9030000 PUSH 3E9 ; |/Arg1 = 000003E9
00401B4D|. 8B4D FC MOV ECX,DWORD PTR SS: ; ||
00401B50|. E8 0C250800 CALL CrackMeC.00484061 ; |\CrackMeC.00484061
00401B55|. 8BC8 MOV ECX,EAX ; |
00401B57|. E8 642C0800 CALL CrackMeC.004847C0 ; \CrackMeC.004847C0
00401B5C|. 6A 1F PUSH 1F ; /Arg2 = 0000001F
00401B5E|. 68 A4865E00 PUSH CrackMeC.005E86A4 ; |Arg1 = 005E86A4 ASCII "abcabc"
00401B63|. 68 E8030000 PUSH 3E8 ; |/Arg1 = 000003E8
00401B68|. 8B4D FC MOV ECX,DWORD PTR SS: ; ||
00401B6B|. E8 F1240800 CALL CrackMeC.00484061 ; |\CrackMeC.00484061
00401B70|. 8BC8 MOV ECX,EAX ; |
00401B72|. E8 492C0800 CALL CrackMeC.004847C0 ; \CrackMeC.004847C0
00401B77|. 68 A4865E00 PUSH CrackMeC.005E86A4 ;ASCII "abcabc"
00401B7C|. E8 7FC10100 CALL CrackMeC.0041DD00
00401B81|. 83C4 04 ADD ESP,4
00401B84|. A3 C4865E00 MOV DWORD PTR DS:,EAX
00401B89|. 833D C4865E00 >CMP DWORD PTR DS:,0
00401B90|. 74 09 JE SHORT CrackMeC.00401B9B
00401B92|. 833D C4865E00 >CMP DWORD PTR DS:,5
00401B99|. 74 0F JE SHORT CrackMeC.00401BAA
00401B9B|> 8B55 FC MOV EDX,DWORD PTR SS:
00401B9E|. C742 60 020000>MOV DWORD PTR DS:,2
00401BA5|. E9 91000000 JMP CrackMeC.00401C3B
00401BAA|> 8B45 FC MOV EAX,DWORD PTR SS:
00401BAD|. 8B48 60 MOV ECX,DWORD PTR DS:
00401BB0|. 894D F8 MOV DWORD PTR SS:,ECX
00401BB3|> 837D F8 05 /CMP DWORD PTR SS:,5
00401BB7|. 7D 27 |JGE SHORT CrackMeC.00401BE0
00401BB9|. 8B55 F8 |MOV EDX,DWORD PTR SS:
00401BBC|. 0FBE82 A4865E0>|MOVSX EAX,BYTE PTR DS:
00401BC3|. 8B4D FC |MOV ECX,DWORD PTR SS:
00401BC6|. 2B41 60 |SUB EAX,DWORD PTR DS:
00401BC9|. 83E8 01 |SUB EAX,1
00401BCC|. 8B55 F8 |MOV EDX,DWORD PTR SS:
00401BCF|. 8882 A4865E00|MOV BYTE PTR DS:,AL
00401BD5|. 8B45 F8 |MOV EAX,DWORD PTR SS:
00401BD8|. 83C0 02 |ADD EAX,2
00401BDB|. 8945 F8 |MOV DWORD PTR SS:,EAX
00401BDE|.^EB D3 \JMP SHORT CrackMeC.00401BB3
00401BE0|> EB 59 JMP SHORT CrackMeC.00401C3B
00401BE2|> 68 A4865E00 PUSH CrackMeC.005E86A4 ;ASCII "abcabc"
00401BE7|. 68 84865E00 PUSH CrackMeC.005E8684 ;ASCII "admin"
00401BEC|. E8 7FC00100 CALL CrackMeC.0041DC70
00401BF1|. 83C4 08 ADD ESP,8
00401BF4|. F7D8 NEG EAX
00401BF6|. 1BC0 SBB EAX,EAX
00401BF8|. 40 INC EAX
00401BF9|. 8845 F4 MOV BYTE PTR SS:,AL
00401BFC|. 8B4D FC MOV ECX,DWORD PTR SS:
00401BFF|. 33D2 XOR EDX,EDX
00401C01|. 8A51 5C MOV DL,BYTE PTR DS:
00401C04|. 8B45 F4 MOV EAX,DWORD PTR SS:
00401C07|. 25 FF000000 AND EAX,0FF
00401C0C|. 3BD0 CMP EDX,EAX
00401C0E|. 74 2B JE SHORT CrackMeC.00401C3B
00401C10|. 8B4D FC MOV ECX,DWORD PTR SS:
00401C13|. 33D2 XOR EDX,EDX
00401C15|. 8A51 5C MOV DL,BYTE PTR DS:
00401C18|. F7DA NEG EDX
00401C1A|. 1BD2 SBB EDX,EDX
00401C1C|. 42 INC EDX
00401C1D|. 8B45 FC MOV EAX,DWORD PTR SS:
00401C20|. 8850 5C MOV BYTE PTR DS:,DL
00401C23|. 8B4D FC MOV ECX,DWORD PTR SS:
00401C26|. 33D2 XOR EDX,EDX
00401C28|. 8A51 5C MOV DL,BYTE PTR DS:
00401C2B|. 52 PUSH EDX ; /Arg3
00401C2C|. 6A 00 PUSH 0 ; |Arg2 = 00000000
00401C2E|. 68 01040000 PUSH 401 ; |Arg1 = 00000401
00401C33|. 8B4D FC MOV ECX,DWORD PTR SS: ; |
00401C36|. E8 0E610D00 CALL CrackMeC.004D7D49 ; \CrackMeC.004D7D49
00401C3B|> 8B45 FC MOV EAX,DWORD PTR SS:
00401C3E|. 8B40 60 MOV EAX,DWORD PTR DS:
00401C41|. 83C0 01 ADD EAX,1
00401C44|. 99 CDQ
00401C45|. B9 03000000 MOV ECX,3
00401C4A|. F7F9 IDIV ECX
00401C4C|. 8B45 FC MOV EAX,DWORD PTR SS:
00401C4F|. 8950 60 MOV DWORD PTR DS:,EDX
00401C52|> 5F POP EDI
00401C53|. 5E POP ESI
00401C54|. 5B POP EBX
00401C55|. 83C4 50 ADD ESP,50
00401C58|. 3BEC CMP EBP,ESP
00401C5A|. E8 D1B90100 CALL CrackMeC.0041D630
00401C5F|. 8BE5 MOV ESP,EBP
00401C61|. 5D POP EBP
00401C62\. C2 0400 RETN 4
这个是VB写的吗啊 lianfeng0421 发表于 2016-6-5 19:56
这个是VB写的吗啊
VC++写的 支持楼主 我小菜只会爆破,不会分析算法{:301_1005:}
介个意思??
wjdxs1 发表于 2016-7-8 21:42
介个意思??
是啊,大神能告诉我怎么破解的吗 我很暴力
00401055 $ /E9 06050000 jmp CrackMeC.00401560
0040105A . |E9 71070000 jmp CrackMeC.004017D0
0040105F . |E9 1C070000 jmp CrackMeC.00401780
00401064 . |E9 47050000 jmp CrackMeC.004015B0
00401069 $ |E9 A2010000 jmp CrackMeC.00401210
0040106E |E9 5D0C0000 jmp CrackMeC.00401CD0 ;计时器事件 直接让他去结果显示的代码
00401073 . |E9 88000000 jmp CrackMeC.00401100
00401078 . |E9 530C0000 jmp CrackMeC.00401CD0 ;结果显示
0040107D . |E9 7E050000 jmp CrackMeC.00401600
00401CD0/> \55 push ebp
00401CD1|.8BEC mov ebp,esp
00401CD3|.83EC 44 sub esp,0x44
00401CD6|.53 push ebx
00401CD7|.56 push esi
00401CD8|.57 push edi
00401CD9|.51 push ecx
00401CDA|.8D7D BC lea edi,
00401CDD|.B9 11000000 mov ecx,0x11
00401CE2|.B8 CCCCCCCC mov eax,0xCCCCCCCC
00401CE7|.F3:AB rep stos dword ptr es:
00401CE9|.59 pop ecx ;CrackMeC.004804F6
00401CEA|.894D FC mov ,ecx
00401CED|.837D 0C 00 cmp ,0x0
00401CF1 90 nop ;不解释了吧
00401CF2 90 nop
00401CF3|.68 4C445B00 push CrackMeC.005B444C ;vaild serial!
00401CF8|.68 EA030000 push 0x3EA
00401CFD|.8B4D FC mov ecx,
00401D00|.E8 5C230800 call CrackMeC.00484061
00401D05|.8BC8 mov ecx,eax
00401D07|.E8 422A0800 call CrackMeC.0048474E
00401D0C|.EB 19 jmp short CrackMeC.00401D27
00401D0E|>68 2C445B00 push CrackMeC.005B442C ;your serial is Invaild !
00401D13|.68 EA030000 push 0x3EA
00401D18|.8B4D FC mov ecx,
00401D1B|.E8 41230800 call CrackMeC.00484061
00401D20|.8BC8 mov ecx,eax
00401D22|.E8 272A0800 call CrackMeC.0048474E
00401D27|>5F pop edi ;CrackMeC.004804F6
00401D28|.5E pop esi ;CrackMeC.004804F6
00401D29|.5B pop ebx ;CrackMeC.004804F6
00401D2A|.83C4 44 add esp,0x44
00401D2D|.3BEC cmp ebp,esp
00401D2F|.E8 FCB80100 call CrackMeC.0041D630
00401D34|.8BE5 mov esp,ebp
00401D36|.5D pop ebp ;CrackMeC.004804F6
00401D37\.C2 0800 retn 0x8
页:
[1]