论坛crackme3破解初试
本帖最后由 1311817771 于 2019-5-28 10:52 编辑Cm下载链接:https://www.52pojie.cn/thread-963858-1-1.html
本CM是一个安卓端的CM,先下载安装,这界面看起来挺清爽的。
拖入jadx,可以看到按钮点击的时候,如果name和code都不为空且大于10位的时候,调用so文件中的stringFromJNI函数,so拖入ida,静态分析。
定位到指定函数,F5大法:
继续往下看,可以看到函数首先验证程序签名,签名正确后走判断流程,签名错误直接返回error
接下来分析验证过程。
V22是name,v28是code。
V27是name进行base64编码后的结果
下面的验证基本上是把v22和v28进行base64编码后,按条件在v36中取出相应字符,然后拼接,最后对比拼接的结果。
那么现在只需要确认v36,unk_39DB和unk_39FD的值即可
v36又等于 off_5D08 ,双击跳过去
这又是什么鬼?不管他,双击unk_386D跳过去,发现一大串常量,按A键转换,
看来off_5D08就是这些字符串的集合了,
同样的方法,找到unk_39DB为 “离咸大过坎明夷家人艮艮” ,unk_39FD为“兑涣”。
现在逻辑已经很清楚了,接下来先写个python脚本模拟一下这段代码。
#coding = u8
import base64
v22='111111111'
v28='222222222'
v35='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890+/'
v36=["乾","坤","屯","蒙","需","讼","师","比","小畜","履","泰","否","同人","大有","谦","豫","随","蛊","临","观","噬嗑","贲","剥","复","无妄","大畜","颐","大过","坎","离","咸","恒","遁","大壮","晋","明夷","家人","睽","蹇","解","损","益","夬","姤","萃","升","困","井","革","鼎","震","艮","渐","归妹","丰","旅","巽","兑","涣","节","中孚","小过","既济","未济
v27 = base64.b64encode(v22.encode()).decode()
v28b64 = base64.b64encode(v28.encode()).decode()
dest = ''
for v27t in v27:
for i in range(64):
if(ord(v27t) == ord(v35) >>1):
dest+=v36
print(dest)
v33=''
for v28t in v28b64:
for i in range(64):
if(ord(v28t) == ord(v35)*2):
v33+=v36
print(v33)
好了,既然模拟出来算法了,接下来就是寻找逆算法了,继续写脚本
# -*- coding: u8 -*-
import base64
v36=["乾","坤","屯","蒙","需","讼","师","比","小畜","履","泰","否","同人","大有","谦","豫","随","蛊","临","观","噬嗑","贲","剥","复","无妄","大畜","颐","大过","坎","离","咸","恒","遁","大壮","晋","明夷","家人","睽","蹇","解","损","益","夬","姤","萃","升","困","井","革","鼎","震","艮","渐","归妹","丰","旅","巽","兑","涣","节","中孚","小过","既济","未济
dest=['离','咸','大过','坎','明夷','家人','艮','艮
v33=['兑','涣
v35='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890+/'
a=''
for i in dest:
a+=chr(ord(v35)>>1)
print(a)
b=''
for i in v33:
b+=chr(ord(v35)*2)
print(b)
OK,通过dest和v33解出来v22和v28 base64后的值应该包含”221155==”和”ln”,接下来就是构建复合这个条件的v22和v28,
这里,我构建出一对:v22='666uuuyyy1',v28='111111111111Sig'
填入软件,测试,注册成功!!!。至此,此题破解完成。
PY666啊..... 666666啊 厉害!!666666 66666666666666 哈哈,较真了。厉害:keai
页:
[1]