2017-9-6 9:00 四个新鲜的CM

小俊 · 发表于 2017-9-6 09:06

https://pan.baidu.com/s/1qYQDObM

冥界3大法王 · 发表于 2017-9-8 16:36

第二个
00406889 .  8B45 D0    mov    eax,dword ptr ss:[ebp-0x30]    ;  看到一字串，估计开始计算
0040688C .  50          push eax
0040688D .  8D4D C4    lea    ecx,dword ptr ss:[ebp-0x3C]
00406890 .  E8 5EFEFCFF call 2.003D66F3
00406895 .  C745 FC 00000>mov    dword ptr ss:[ebp-0x4],0x0
0040689C .  A1 10C0B300 mov    eax,dword ptr ds:[0xB3C010]    ;  ￠
004068A1 .  83C0 1A    add    eax,0x1A
004068A4 .  50          push eax
004068A5 .  68 E8F3A500 push 2.00A5F3E8                      ;  c:\users\lantie\desktop\crackme\crackme\crackmedlg.cpp
004068AA .  68 00080000 push 0x800
004068AF .  E8 544DFDFF call 2.003DB608
004068B4 .  83C4 0C    add    esp,0xC
004068B7 .  8985 50FEFFFF mov    dword ptr ss:[ebp-0x1B0],eax
004068BD .  8B8D 50FEFFFF mov    ecx,dword ptr ss:[ebp-0x1B0]
004068C3 .  894D B8    mov    dword ptr ss:[ebp-0x48],ecx
004068C6 .  8BF4       mov    esi,esp
004068C8 .  68 00040000 push 0x400
004068CD .  8B45 B8    mov    eax,dword ptr ss:[ebp-0x48]
004068D0 .  50          push eax
004068D1 .  6A 67       push 0x67
004068D3 .  8BFC       mov    edi,esp
004068D5 .  6A 00       push 0x0                            ; /pModule = NULL
004068D7 .  FF15 C015B500 call near dword ptr ds:[<&KERNEL32.Ge>; \GetModuleHandleW
004068DD .  3BFC       cmp    edi,esp
004068DF .  E8 A874FCFF call 2.003CDD8C
004068E4 .  50          push eax                            ; |hInst
004068E5 .  FF15 F81AB500 call near dword ptr ds:[<&USER32.Load>; \LoadStringW
004068EB .  3BF4       cmp    esi,esp
004068ED .  E8 9A74FCFF call 2.003CDD8C
004068F2 .  8B45 B8    mov    eax,dword ptr ss:[ebp-0x48]
004068F5 .  50          push eax
004068F6 .  8D8D 44FEFFFF lea    ecx,dword ptr ss:[ebp-0x1BC]
004068FC .  E8 F2FDFCFF call 2.003D66F3
00406901 .  8985 D0FDFFFF mov    dword ptr ss:[ebp-0x230],eax
00406907 .  8B8D D0FDFFFF mov    ecx,dword ptr ss:[ebp-0x230]
0040690D .  898D CCFDFFFF mov    dword ptr ss:[ebp-0x234],ecx
00406913 .  C645 FC 01 mov    byte ptr ss:[ebp-0x4],0x1
00406917 .  8B95 CCFDFFFF mov    edx,dword ptr ss:[ebp-0x234]
0040691D .  52          push edx
0040691E .  8D4D C4    lea    ecx,dword ptr ss:[ebp-0x3C]
00406921 .  E8 545EFCFF call 2.003CC77A
00406926 .  C645 FC 00 mov    byte ptr ss:[ebp-0x4],0x0
0040692A .  8D8D 44FEFFFF lea    ecx,dword ptr ss:[ebp-0x1BC]
00406930 .  E8 CC21FDFF call 2.003D8B01
00406935 .  A1 10C0B300 mov    eax,dword ptr ds:[0xB3C010]    ;  ￠
0040693A .  83C0 1D    add    eax,0x1D
0040693D .  50          push eax
0040693E .  68 E8F3A500 push 2.00A5F3E8                      ;  c:\users\lantie\desktop\crackme\crackme\crackmedlg.cpp
00406943 .  68 00080000 push 0x800
00406948 .  E8 BB4CFDFF call 2.003DB608
0040694D .  83C4 0C    add    esp,0xC
00406950 .  8985 38FEFFFF mov    dword ptr ss:[ebp-0x1C8],eax
00406956 .  8B8D 38FEFFFF mov    ecx,dword ptr ss:[ebp-0x1C8]
0040695C .  894D AC    mov    dword ptr ss:[ebp-0x54],ecx
0040695F .  8BF4       mov    esi,esp
00406961 .  68 00040000 push 0x400
00406966 .  8B45 AC    mov    eax,dword ptr ss:[ebp-0x54]
00406969 .  50          push eax
0040696A .  6A 68       push 0x68
0040696C .  8BFC       mov    edi,esp
0040696E .  6A 00       push 0x0                            ; /pModule = NULL
00406970 .  FF15 C015B500 call near dword ptr ds:[<&KERNEL32.Ge>; \GetModuleHandleW
00406976 .  3BFC       cmp    edi,esp
00406978 .  E8 0F74FCFF call 2.003CDD8C
0040697D .  50          push eax                            ; |hInst
0040697E .  FF15 F81AB500 call near dword ptr ds:[<&USER32.Load>; \LoadStringW
00406984 .  3BF4       cmp    esi,esp
00406986 .  E8 0174FCFF call 2.003CDD8C
0040698B .  8B45 AC    mov    eax,dword ptr ss:[ebp-0x54]    ;  看到0123456789
0040698E .  50          push eax
0040698F .  8D8D 2CFEFFFF lea    ecx,dword ptr ss:[ebp-0x1D4]
00406995 .  E8 59FDFCFF call 2.003D66F3
0040699A .  8985 D0FDFFFF mov    dword ptr ss:[ebp-0x230],eax
004069A0 .  8B8D D0FDFFFF mov    ecx,dword ptr ss:[ebp-0x230]
004069A6 .  898D CCFDFFFF mov    dword ptr ss:[ebp-0x234],ecx
004069AC .  C645 FC 02 mov    byte ptr ss:[ebp-0x4],0x2
004069B0 .  8B95 CCFDFFFF mov    edx,dword ptr ss:[ebp-0x234]
004069B6 .  52          push edx
004069B7 .  8D4D C4    lea    ecx,dword ptr ss:[ebp-0x3C]
004069BA .  E8 BB5DFCFF call 2.003CC77A
004069BF .  C645 FC 00 mov    byte ptr ss:[ebp-0x4],0x0
004069C3 .  8D8D 2CFEFFFF lea    ecx,dword ptr ss:[ebp-0x1D4]
004069C9 .  E8 3321FDFF call 2.003D8B01
004069CE .  A1 10C0B300 mov    eax,dword ptr ds:[0xB3C010]    ;  ￠
004069D3 .  83C0 20    add    eax,0x20
004069D6 .  50          push eax
004069D7 .  68 E8F3A500 push 2.00A5F3E8                      ;  c:\users\lantie\desktop\crackme\crackme\crackmedlg.cpp
004069DC .  68 00080000 push 0x800
004069E1 .  E8 224CFDFF call 2.003DB608
004069E6 .  83C4 0C    add    esp,0xC
004069E9 .  8985 20FEFFFF mov    dword ptr ss:[ebp-0x1E0],eax
004069EF .  8B8D 20FEFFFF mov    ecx,dword ptr ss:[ebp-0x1E0]
004069F5 .  894D A0    mov    dword ptr ss:[ebp-0x60],ecx
004069F8 .  8BF4       mov    esi,esp
004069FA .  68 00040000 push 0x400
004069FF .  8B45 A0    mov    eax,dword ptr ss:[ebp-0x60]
00406A02 .  50          push eax
00406A03 .  6A 69       push 0x69
00406A05 .  8BFC       mov    edi,esp
00406A07 .  6A 00       push 0x0                            ; /pModule = NULL
00406A09 .  FF15 C015B500 call near dword ptr ds:[<&KERNEL32.Ge>; \GetModuleHandleW
00406A0F .  3BFC       cmp    edi,esp
00406A11 .  E8 7673FCFF call 2.003CDD8C
00406A16 .  50          push eax                            ; |hInst
00406A17 .  FF15 F81AB500 call near dword ptr ds:[<&USER32.Load>; \LoadStringW
00406A1D .  3BF4       cmp    esi,esp
00406A1F .  E8 6873FCFF call 2.003CDD8C
00406A24 .  8B45 A0    mov    eax,dword ptr ss:[ebp-0x60]
00406A27 .  50          push eax
00406A28 .  8D8D 14FEFFFF lea    ecx,dword ptr ss:[ebp-0x1EC]
00406A2E .  E8 C0FCFCFF call 2.003D66F3
00406A33 .  8985 D0FDFFFF mov    dword ptr ss:[ebp-0x230],eax
00406A39 .  8B8D D0FDFFFF mov    ecx,dword ptr ss:[ebp-0x230]
00406A3F .  898D CCFDFFFF mov    dword ptr ss:[ebp-0x234],ecx
00406A45 .  C645 FC 03 mov    byte ptr ss:[ebp-0x4],0x3
00406A49 .  8B95 CCFDFFFF mov    edx,dword ptr ss:[ebp-0x234]
00406A4F .  52          push edx
00406A50 .  8D4D C4    lea    ecx,dword ptr ss:[ebp-0x3C]
00406A53 .  E8 225DFCFF call 2.003CC77A
00406A58 .  C645 FC 00 mov    byte ptr ss:[ebp-0x4],0x0
00406A5C .  8D8D 14FEFFFF lea    ecx,dword ptr ss:[ebp-0x1EC]
00406A62 .  E8 9A20FDFF call 2.003D8B01
00406A67 .  8B4D E8    mov    ecx,dword ptr ss:[ebp-0x18]
00406A6A .  81C1 D8000000 add    ecx,0xD8
00406A70 .  E8 00A8FCFF call 2.003D1275
00406A75 .  8945 94    mov    dword ptr ss:[ebp-0x6C],eax
00406A78 .  A1 10C0B300 mov    eax,dword ptr ds:[0xB3C010]    ;  ￠
00406A7D .  83C0 26    add    eax,0x26
00406A80 .  50          push eax
00406A81 .  68 E8F3A500 push 2.00A5F3E8                      ;  c:\users\lantie\desktop\crackme\crackme\crackmedlg.cpp
00406A86 .  8B4D 94    mov    ecx,dword ptr ss:[ebp-0x6C]
00406A89 .  83C1 01    add    ecx,0x1
00406A8C .  51          push ecx
00406A8D .  E8 764BFDFF call 2.003DB608
00406A92 .  83C4 0C    add    esp,0xC
00406A95 .  8985 08FEFFFF mov    dword ptr ss:[ebp-0x1F8],eax
00406A9B .  8B95 08FEFFFF mov    edx,dword ptr ss:[ebp-0x1F8]
00406AA1 .  8955 88    mov    dword ptr ss:[ebp-0x78],edx
00406AA4 .  8B45 94    mov    eax,dword ptr ss:[ebp-0x6C]
00406AA7 .  83C0 01    add    eax,0x1
00406AAA .  50          push eax
00406AAB .  6A 00       push 0x0
00406AAD .  8B4D 88    mov    ecx,dword ptr ss:[ebp-0x78]
00406AB0 .  51          push ecx
00406AB1 .  E8 5AB1FDFF call 2.003E1C10
00406AB6 .  83C4 0C    add    esp,0xC
00406AB9 .  51          push ecx
00406ABA .  8BCC       mov    ecx,esp
00406ABC .  89A5 FCFDFFFF mov    dword ptr ss:[ebp-0x204],esp
00406AC2 .  8D45 C4    lea    eax,dword ptr ss:[ebp-0x3C]
00406AC5 .  50          push eax
00406AC6 .  E8 82FCFCFF call 2.003D674D
00406ACB .  8985 D0FDFFFF mov    dword ptr ss:[ebp-0x230],eax
00406AD1 .  8B4D 94    mov    ecx,dword ptr ss:[ebp-0x6C]
00406AD4 .  51          push ecx
00406AD5 .  8B55 88    mov    edx,dword ptr ss:[ebp-0x78]
00406AD8 .  52          push edx
00406AD9 .  8B4D E8    mov    ecx,dword ptr ss:[ebp-0x18]
00406ADC .  E8 5FA5FCFF call 2.003D1040
00406AE1 .  8B45 94    mov    eax,dword ptr ss:[ebp-0x6C]
00406AE4 .  99          cdq
00406AE5 .  83E2 03    and    edx,0x3
00406AE8 .  03C2       add    eax,edx
00406AEA .  C1F8 02    sar    eax,0x2
00406AED .  6BC0 03    imul eax,eax,0x3
00406AF0 .  83E8 02    sub    eax,0x2
00406AF3 .  8985 7CFFFFFF mov    dword ptr ss:[ebp-0x84],eax
00406AF9 .  A1 10C0B300 mov    eax,dword ptr ds:[0xB3C010]    ;  ￠
00406AFE .  83C0 2B    add    eax,0x2B
00406B01 .  50          push eax
00406B02 .  68 E8F3A500 push 2.00A5F3E8                      ;  c:\users\lantie\desktop\crackme\crackme\crackmedlg.cpp
00406B07 .  8B8D 7CFFFFFF mov    ecx,dword ptr ss:[ebp-0x84]
00406B0D .  83C1 01    add    ecx,0x1
00406B10 .  51          push ecx
00406B11 .  E8 F24AFDFF call 2.003DB608
00406B16 .  83C4 0C    add    esp,0xC
00406B19 .  8985 F0FDFFFF mov    dword ptr ss:[ebp-0x210],eax
00406B1F .  8B95 F0FDFFFF mov    edx,dword ptr ss:[ebp-0x210]
00406B25 .  8995 70FFFFFF mov    dword ptr ss:[ebp-0x90],edx
00406B2B .  8B85 7CFFFFFF mov    eax,dword ptr ss:[ebp-0x84]
00406B31 .  83C0 01    add    eax,0x1
00406B34 .  50          push eax
00406B35 .  6A 00       push 0x0
00406B37 .  8B8D 70FFFFFF mov    ecx,dword ptr ss:[ebp-0x90]
00406B3D .  51          push ecx
00406B3E .  E8 CDB0FDFF call 2.003E1C10
00406B43 .  83C4 0C    add    esp,0xC
00406B46 .  8B85 7CFFFFFF mov    eax,dword ptr ss:[ebp-0x84]
00406B4C .  50          push eax
00406B4D .  8B4D 88    mov    ecx,dword ptr ss:[ebp-0x78]
00406B50 .  51          push ecx
00406B51 .  8B95 70FFFFFF mov    edx,dword ptr ss:[ebp-0x90]
00406B57 .  52          push edx
00406B58 .  8B4D E8    mov    ecx,dword ptr ss:[ebp-0x18]
00406B5B .  E8 2DFCFDFF call 2.003E678D
00406B60 .  6A 04       push 0x4
00406B62 .  8D8D 64FFFFFF lea    ecx,dword ptr ss:[ebp-0x9C]
00406B68 .  E8 3E7BFCFF call 2.003CE6AB
00406B6D .  8D8D 64FFFFFF lea    ecx,dword ptr ss:[ebp-0x9C]
00406B73 .  E8 1DD2FCFF call 2.003D3D95
00406B78 .  C645 FC 04 mov    byte ptr ss:[ebp-0x4],0x4
00406B7C .  83BD 70FFFFFF>cmp    dword ptr ss:[ebp-0x90],0x0
00406B83    74 46       je    short 2.00406BCB                ;  修改次试试吧。
00406B85 .  6A 04       push 0x4
00406B87 .  8D8D 58FFFFFF lea    ecx,dword ptr ss:[ebp-0xA8]
00406B8D .  E8 197BFCFF call 2.003CE6AB
00406B92 .  8B85 70FFFFFF mov    eax,dword ptr ss:[ebp-0x90]
00406B98 .  50          push eax
00406B99 .  8D8D 58FFFFFF lea    ecx,dword ptr ss:[ebp-0xA8]
00406B9F .  E8 F513FDFF call 2.003D7F99
00406BA4 .  C645 FC 05 mov    byte ptr ss:[ebp-0x4],0x5
00406BA8 .  8D85 58FFFFFF lea    eax,dword ptr ss:[ebp-0xA8]
00406BAE .  50          push eax
00406BAF .  8D8D 64FFFFFF lea    ecx,dword ptr ss:[ebp-0x9C]
00406BB5 .  E8 C361FDFF call 2.003DCD7D
00406BBA .  C645 FC 04 mov    byte ptr ss:[ebp-0x4],0x4
00406BBE .  8D8D 58FFFFFF lea    ecx,dword ptr ss:[ebp-0xA8]
00406BC4 .  E8 381FFDFF call 2.003D8B01
00406BC9 .  EB 4D       jmp    short 2.00406C18
00406BCB >  6A 04       push 0x4
00406BCD .  8D8D 4CFFFFFF lea    ecx,dword ptr ss:[ebp-0xB4]
00406BD3 .  E8 D37AFCFF call 2.003CE6AB
00406BD8 .  6A 01       push 0x1
00406BDA .  6A 40       push 0x40
00406BDC .  8D4D C4    lea    ecx,dword ptr ss:[ebp-0x3C]
00406BDF .  E8 7EE1FCFF call 2.003D4D62
00406BE4 .  0FB7C0       movzx eax,ax
00406BE7 .  50          push eax
00406BE8 .  8D8D 4CFFFFFF lea    ecx,dword ptr ss:[ebp-0xB4]
00406BEE .  E8 B1E0FCFF call 2.003D4CA4
00406BF3 .  C645 FC 06 mov    byte ptr ss:[ebp-0x4],0x6
00406BF7 .  8D85 4CFFFFFF lea    eax,dword ptr ss:[ebp-0xB4]
00406BFD .  50          push eax
00406BFE .  8D8D 64FFFFFF lea    ecx,dword ptr ss:[ebp-0x9C]
00406C04 .  E8 7461FDFF call 2.003DCD7D
00406C09 .  C645 FC 04 mov    byte ptr ss:[ebp-0x4],0x4
00406C0D .  8D8D 4CFFFFFF lea    ecx,dword ptr ss:[ebp-0xB4]
00406C13 .  E8 E91EFDFF call 2.003D8B01
00406C18 >  8D85 64FFFFFF lea    eax,dword ptr ss:[ebp-0x9C]
00406C1E .  50          push eax
00406C1F .  8B4D E8    mov    ecx,dword ptr ss:[ebp-0x18]
00406C22 .  81C1 D4000000 add    ecx,0xD4
00406C28 .  51          push ecx
00406C29 .  E8 C680FDFF call 2.003DECF4
00406C2E .  83C4 08    add    esp,0x8
00406C31 .  0FB6D0       movzx edx,al
00406C34 .  85D2       test edx,edx
00406C36    90          nop                                     ;  这跳走了？
00406C37    90          nop

之后就出来了【你好聪明】

冥界3大法王 · 发表于 2017-9-8 16:44

第三个：
0129D074  |.  A1 686F3401 mov    eax,dword ptr ds:[0x1346F68]    ;  password:
0129D079  |.  8945 DC    mov    [local.9],eax
0129D07C  |.  8B0D 6C6F3401 mov    ecx,dword ptr ds:[0x1346F6C]    ;  word:
0129D082  |.  894D E0    mov    [local.8],ecx
0129D085  |.  66:8B15 706F3>mov    dx,word ptr ds:[0x1346F70]    ;  :
0129D08C  |.  66:8955 E4 mov    word ptr ss:[ebp-0x1C],dx
0129D090  |.  A0 726F3401 mov    al,byte ptr ds:[0x1346F72]
0129D095  |.  8845 E6    mov    byte ptr ss:[ebp-0x1A],al
0129D098  |.  A1 746F3401 mov    eax,dword ptr ds:[0x1346F74]    ;  Yes!
0129D09D  |.  8945 CC    mov    [local.13],eax
0129D0A0  |.  8A0D 786F3401 mov    cl,byte ptr ds:[0x1346F78]
0129D0A6  |.  884D D0    mov    byte ptr ss:[ebp-0x30],cl
0129D0A9  |.  A1 7C6F3401 mov    eax,dword ptr ds:[0x1346F7C]    ;  No!
0129D0AE  |.  8945 C0    mov    [local.16],eax
0129D0B1  |.  6A 50       push 0x50
0129D0B3  |.  E8 DD7FFFFF call 3.01295095
0129D0B8  |.  83C4 04    add    esp,0x4
0129D0BB  |.  8945 B4    mov    [local.19],eax
0129D0BE  |.  8D45 F0    lea    eax,[local.4]
0129D0C1  |.  50          push eax
0129D0C2  |.  68 806F3401 push 3.01346F80                      ;  %s
0129D0C7  |.  E8 17A5FFFF call 3.012975E3
0129D0CC  |.  83C4 08    add    esp,0x8
0129D0CF  |.  8B45 B4    mov    eax,[local.19]
0129D0D2  |.  50          push eax
0129D0D3  |.  68 806F3401 push 3.01346F80                      ;  %s
0129D0D8  |.  E8 9494FFFF call 3.01296571
0129D0DD  |.  83C4 08    add    esp,0x8                         ;  没办法，借用此处当第1个切入点
0129D0E0  |.  8B45 B4    mov    eax,[local.19]
0129D0E3  |.  50          push eax
0129D0E4  |.  E8 A27FFFFF call 3.0129508B
0129D0E9  |.  83C4 04    add    esp,0x4
0129D0EC  |.  83F8 10    cmp    eax,0x10
0129D0EF  |.  76 04       jbe    short 3.0129D0F5
0129D0F1  |.  33C0       xor    eax,eax
0129D0F3  |.  EB 74       jmp    short 3.0129D169
0129D0F5  |>  8D45 DC    lea    eax,[local.9]
0129D0F8  |.  50          push eax
0129D0F9  |.  68 806F3401 push 3.01346F80                      ;  %s
0129D0FE  |.  E8 E0A4FFFF call 3.012975E3
0129D103  |.  83C4 08    add    esp,0x8
0129D106  |.  B8 01000000 mov    eax,0x1
0129D10B  |.  C1E0 04    shl    eax,0x4
0129D10E  |.  0345 B4    add    eax,[local.19]
0129D111  |.  50          push eax
0129D112  |.  68 806F3401 push 3.01346F80                      ;  %s
0129D117  |.  E8 5594FFFF call 3.01296571
0129D11C  |.  83C4 08    add    esp,0x8
0129D11F  |.  8B45 B4    mov    eax,[local.19]
0129D122  |.  50          push eax
0129D123  |.  B9 01000000 mov    ecx,0x1
0129D128  |.  C1E1 04    shl    ecx,0x4
0129D12B  |.  034D B4    add    ecx,[local.19]
0129D12E  |.  51          push ecx                            ;  输入之后看到了输入的字串假的密码
0129D12F  |.  E8 5A72FFFF call 3.0129438E
0129D134  |.  83C4 08    add    esp,0x8
0129D137  |.  0FB6D0       movzx edx,al
0129D13A  |.  85D2       test edx,edx
0129D13C    90          nop                                     ;  这里很明显有个判断点  下面看到两个换行符
0129D13D    90          nop

冰雨轩 · 发表于 2017-9-6 09:33

楼主放点图片来看一下咯‘1

Xavier明 · 发表于 2017-9-6 09:45

4个就一个可以打开搞不懂

遗失的永恒 · 发表于 2017-9-6 10:21

本帖最后由 YShDYH 于 2017-9-6 10:41 编辑

第四个表示只会玩爆破

，把je改jnz

小俊 · 发表于 2017-9-6 13:15

第一题答案:112x3x4c5x6n7x
大家努力啊

lchtlx · 发表于 2017-9-6 18:09

路过，看看。。

zbnysjwsnd8 · 发表于 2017-9-6 19:57

第二个CM:
i?y?
abcdefg/_KaQqi

zbnysjwsnd8 · 发表于 2017-9-6 21:18

第三个CM:
_KaQqi
85a705b726662656e255a245

zbnysjwsnd8 · 发表于 2017-9-6 22:03

本帖最后由 zbnysjwsnd8 于 2017-9-6 22:57 编辑

再发一个第三个CM的注册机代码

[C++] 纯文本查看 复制代码

#include <stdio.h>
#include <string.h>
int c(int a)
{
	if(a >= 0 && a <= 9)
		return a + 0x30;
	else if(a >= 0xA && a <= 0xF)
		return a + 0x57;
	return -1;
}
size_t _strlen(char *s)
{
	int len = 0;
	do
		len++;
	while(s[len] != 0);
	return len;
}
int main(void)
{
	unsigned char _Key[] = {
		0x6B,0x45,0x79,0x7B,0x55,0x61,0x72,0x65,0x53,0x30,0x63,0x4C,0x65,0x56,0x65,0x72,
		0x7D,0xFD,0xFD,0xFD,0xFD,0xDD,0xDD,0xDD,0x7B,0x43,0xFC,0x73,0x66,0x85,0x00,0x0B,
		0x10,0xE2,0xF8,0x00,0xB0,0xFA,0xF8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
		0x01,0x00,0x00,0x00,0x11,0x00,0x00,0x00,0x39,0x00,0x00,0x00,0xFD,0xFD,0xFD,0xFD};
	unsigned char __Key[] = {
		0x7D,0x72,0x65,0x56,0x65,0x4C,0x63,0x30,0x53,0x65,0x72,0x61,0x55,0x7B,0x79,0x45,
		0x6B,0xFD,0xFD,0xFD,0xFD,0xDD,0xDD,0xDD,0x7B,0x43,0xFC,0x73,0x66,0x85,0x00,0x0A,
		0x08,0x14,0xF9,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
		0x01,0x00,0x00,0x00,0x12,0x00,0x00,0x00,0x3D,0x00,0x00,0x00,0xFD,0xFD,0xFD,0xFD};
	char UserName[256];
	char UserName_Key[100] = {0};
	char Key[256] = {0};
	scanf("%s",UserName);
	if(strlen(UserName) >= 0x10)
		return 0;
	/* 加密UserName */
	for(size_t i = 0;i < strlen(UserName);i++)
	{
		int a;
		int b;
		a = c(UserName[i] >> 4);
		b = (UserName[i] >> 4) + i;
		UserName_Key[i * 2] = _Key[b % 0x11] ^ a;
		a = c(UserName[i] & 0xF);
		UserName_Key[i * 2 + 1] = __Key[b % 0x11] ^ a;
	}
	/* 计算注册码 */
	for(size_t i = 0;i < _strlen(UserName_Key);i++)
	{
		Key[i * 2] = c(UserName_Key[_strlen(UserName_Key) - i - 1] & 0xF);
		Key[i * 2 + 1] = c(UserName_Key[_strlen(UserName_Key) - i - 1] >> 4);
	}
	printf(Key);//输出Key
	while(true);
    return 0;
}

byh3025 · 发表于 2017-9-7 13:24

不懂算法，所以只能爆破，楼主没上成功图，也不知道对不对

帐号		自动登录	找回密码
密码			注册[Register]

[CrackMe] 2017-9-6 9:00 四个新鲜的CM

本帖子中包含更多资源

本帖子中包含更多资源

免费评分

免费评分

本帖子中包含更多资源

本帖子中包含更多资源

免费评分