吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 4700|回复: 5
收起左侧

[Android 原创] 论坛crackme3破解初试

[复制链接]
Light紫星 发表于 2019-5-28 10:49
本帖最后由 1311817771 于 2019-5-28 10:52 编辑

Cm下载链接:https://www.52pojie.cn/thread-963858-1-1.html

CM是一个安卓端的CM,先下载安装,这界面看起来挺清爽的。
论坛crackme3破解初试148.png

拖入jadx,可以看到按钮点击的时候,如果namecode都不为空且大于10位的时候,调用so文件中的stringFromJNI函数,so拖入IDA,静态分析。

论坛crackme3破解初试234.png

定位到指定函数,F5大法:
论坛crackme3破解初试251.png
继续往下看,可以看到函数首先验证程序签名,签名正确后走判断流程,签名错误直接返回error
论坛crackme3破解初试299.png
接下来分析验证过程。
V22namev28code
V27name进行base64编码后的结果
下面的验证基本上是把v22v28进行base64编码后,按条件在v36中取出相应字符,然后拼接,最后对比拼接的结果。
那么现在只需要确认v36unk_39DBunk_39FD的值即可
v36又等于 off_5D08 ,双击跳过去
论坛crackme3破解初试472.png

这又是什么鬼?不管他,双击unk_386D跳过去,发现一大串常量,按A键转换,
论坛crackme3破解初试515.png
看来off_5D08就是这些字符串的集合了,
同样的方法,找到unk_39DB为 “离咸大过坎明夷家人艮艮” ,unk_39FD为“兑涣”。
现在逻辑已经很清楚了,接下来先写个python脚本模拟一下这段代码。

#coding = u8
import base64
v22='111111111'
v28='222222222'
v35='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890+/'
v36=["","","","","","","","","小畜","","","","同人","大有","","","","","","","噬嗑","","","","无妄","大畜","","大过","","","","","","大壮","","明夷","家人","","","","","","","","","","","","","","","","","归妹","","","","","","","中孚","小过","既济","未济

v27 = base64.b64encode(v22.encode()).decode()
v28b64 = base64.b64encode(v28.encode()).decode()

dest = ''
for v27t in v27:
    for i in range(64):
        if(ord(v27t) == ord(v35) >>1):
            dest+=v36
print(dest)

v33=''
for v28t in v28b64:
    for i in range(64):
        if(ord(v28t) == ord(v35)*2):
            v33+=v36
print(v33)
论坛crackme3破解初试1385.png
好了,既然模拟出来算法了,接下来就是寻找逆算法了,继续写脚本
# -*- coding: u8 -*-
import base64
v36=["","","","","","","","","小畜","","","","同人","大有","","","","","","","噬嗑","","","","无妄","大畜","","大过","","","","","","大壮","","明夷","家人","","","","","","","","","","","","","","","","","归妹","","","","","","","中孚","小过","既济","未济
dest=['','','大过','','明夷','家人','','
v33=['','
v35='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890+/'

a=''
for i in dest:
    a+=chr(ord(v35[v36.index(i)])>>1)

print(a)

b=''
for i in v33:
    b+=chr(ord(v35[v36.index(i)])*2)

print(b)
论坛crackme3破解初试1996.png

OK,通过destv33解出来v22v28 base64后的值应该包含”221155==”和”ln”,接下来就是构建复合这个条件的v22v28
这里,我构建出一对:v22='666uuuyyy1'v28='111111111111Sig'
填入软件,测试,注册成功!!!。至此,此题破解完成。

论坛crackme3破解初试2151.png
论坛crackme3破解初试.zip (723.97 KB, 下载次数: 1)


免费评分

参与人数 4吾爱币 +13 热心值 +4 收起 理由
Hmily + 7 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
MayPrayer + 1 我很赞同!
笙若 + 1 谢谢@Thanks!
CrazyNut + 6 + 1 欢迎分析讨论交流,吾爱破解论坛有你更精彩!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

Smallhorse 发表于 2019-5-28 11:06
PY666啊.....
依币 发表于 2019-5-28 19:49
kwt520 发表于 2019-5-29 09:14
608岁的老头 发表于 2019-5-29 16:53
66666666666666
shuaiyue 发表于 2019-5-29 22:39
哈哈,较真了。厉害
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-11-24 22:45

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表