论坛里的crackme 练手留念杂文
本帖最后由 shuaiyue 于 2019-4-22 01:04 编辑下载:https://www.52pojie.cn/thread-666259-1-1.html
乱糟糟的,凑合看吧
反调试,校验,RC4加密
密码最终“hello5.1”
关键函数:解密
unsigned __int8 *__fastcall Decrypt(const char *s, const char *a2)
{
const char *v2; // r6
const char *v3; // r4
unsigned __int8 *v4; // r5
const unsigned __int8 *v5; // r8
size_t v6; // r0
unsigned __int8 *v7; // r7
size_t v8; // r6
int v9; // r0
int v11; //
v2 = s; // 636D55B2AA8609CB CR4加密
v3 = a2; // 58A8631NaD KEY
if ( !s )
return 0;
v4 = 0;
if ( !(strlen(s) & 1) )
{
if ( v3 )
{
v5 = HexToByte(v2); //hex to byte
v6 = strlen(v2);
v7 = operator new[]((v6 >> 1) + 1);
v4 = 0;
v11 = 0;
v8 = strlen(v2); // 10
v9 = strlen(v3);
if ( RC4(v5, v8 >> 1, v3, v9, v7, &v11) ) // 关键函数
{
v7 = 0;
v4 = v7;
}
}
}
return v4; // 这里直接爆了解密后的明文
}
JNI_LOAD ad nop
int main()
{
charv7[] = "5B694AADB2DC559E44B84637A2D61F"; //错误的
char v8[] = "636D55B2AA8609CB"; //正确的CR4加密
char v9[] = "234458B0A1C1489300D2572AA3D004E057970FFF6FC1318CF5F6135E6D062813D2642446BD540E79927E12CD4199";
char v10[] = "6C7A5CA7B2DC4B9C"; //greywolf
char v11[] = "486757B9B7D2538F089C402CA2CA12AF77D029B071D42787F6A22D502C193A1CCC6C2D49E629"; //Hello World!lations!The password is right.
//HexToByte(v7);
int size = 0;
char pass[] = {5,8,0x41,8,6,3,1,0x4e,0x61,0x44,0x80,0}; //解密用的key
char *result2 = NULL;
result2 = Decrypt(v11, pass);//解密
printf("result2=%s/n", result2);
delete[]result2;
}
表示看不懂。。。 学习一下。 好像很厉害 大虾 能标注解释一下吗 不错不错感谢楼主分享 虽然看不懂,但感觉好厉害的样子。 好好学习一下 是需要动态调试吗,静态看代码,找不到RegisterNatives的函数地址
页:
[1]