算法分析-02-“B2C-CrackMe”,真佩服作者的思维!
本帖最后由 wanao2008 于 2021-5-1 07:19 编辑这两个月一直在做算法分析,3月份把160个CrackMe走了一遍。
这个月开始练习“看雪”出品的“pediy Crackme 2007”里的程序,好程序一定要拿出来分享。
疑问:这些程序多数都是20年前的,那么研究它们还有意义吗?
答案是肯定的:有。
通过学习,我已经研究明白了“Qt5Core程序完美爆破仅需一个点”,“gilisoft软件的算法分析”。
没有基础,怎么进步?研究这些程序都是在打基础。
介绍一下本次的主角:
软件名称:B2C-crackme1.rar
下载地址:链接: https://pan.baidu.com/s/1zYb2NWxc9tPotl8A4zY55Q 提取码: sg6v
软件特点:头一次见到这种通过用户和密码生成的验证码竟然是程序的代码。太牛了,真是大开眼界!
**** Hidden Message *****
此程序让我多长了一分见识,值得推荐!!
附上VB算法程序及配套使用的自制函数:
Sub unTest()
Dim userName As String, Serial As String, clStr1 As String, clStr2 As String
Dim x As Integer, y As Integer
Dim Eax As Double, Ebx As Double, Ecx As Double, Edx As Double, Edi As Double, Esi As Double
Ebx = unSigned("C390FF33") '为了计算,先转为无符号数
Edi = &H10000
userName = "wanao2008"'更改为自已的用户名
For x = 1 To Len(userName)
Ebx = Ebx + Edi
Edx = Asc(Mid(userName, x, 1))
Edx = ROL(Edx, 16)
Ebx = Ebx - Edx
Next
Eax = Ebx + &H4000000
Eax = Keep32(Eax) '保留32位数据
Eax = Signed(Eax) '为了应对VB的溢出错误,只好无符号数再转为有符号数
clStr1 = Hex(Eax)
Eax = Eax Xor &H52476433
Eax = Eax Xor &H52472456
Serial = Hex(Eax) '求出序列号
Stop
End Sub
'有符号转无符号
Public Function unSigned(hNum As String) As Double
Dim isDbl As Double, fNum As Byte
If Len(hNum) <> 8 Then
isDbl = "&H" & hNum
Else
fNum = "&H" & Left(hNum, 1)
Do
If fNum > 7 Then
fNum = fNum - 7
isDbl = isDbl + "&H70000000"
Else
isDbl = isDbl + ("&H" & fNum & Right(hNum, 7))
Exit Do
End If
Loop
End If
unSigned = isDbl
End Function
'无符号转有符号
Public Function Signed(hNum As Double) As Double
If hNum < 4294967296# And hNum > 2147483647 Then
hNum = hNum - 4294967296#
End If
Signed = hNum
End Function
'大于32位的,去除溢出的部分
Public Function Keep32(bigNum As Double)
Dim decNum As Double, jiShu As Long
decNum = "&H100000000"
Do
If bigNum > decNum Then
bigNum = bigNum - decNum
Else
Exit Do
End If
Loop
Keep32 = bigNum
End Function
'循环左移
Public Function ROL(ByRef Num As Variant, Optional ByVal iCL As Byte = 1)
Dim i As Byte
Dim bMask As Byte, iMask As Integer, lMask As Long
a = VarType(Num)
Select Case VarType(Num)
Case 2 '16 bits
For i = 1 To iCL
iMask = 0
If (Num And &H4000) <> 0 Then iMask = &H8000
If (Num And &H8000) <> 0 Then iMask = iMask Or &H1
Num = (Num And &H3FFF) * 2 Or iMask
Next
Case 3, 5 '32 bits
For i = 1 To iCL
lMask = 0
If (Num And &H40000000) <> 0 Then lMask = &H80000000
If (Num And &H80000000) <> 0 Then lMask = lMask Or &H1
Num = (Num And &H3FFFFFFF) * 2 Or lMask
Next
Case 17 '8 bits
For i = 1 To iCL
bMask = 0
If (Num And &H40) <> 0 Then bMask = &H80
If (Num And &H80) <> 0 Then bMask = bMask Or &H1
Num = (Num And &H3F) * 2 Or bMask
Next
Case Else
ROL = False
Exit Function
End Select
ROL = Num
End Function
学习一下 回复学习回复学习 谢谢分享学习一下!! 学习一下,谢谢分享 算法分析-02-“B2C-CrackMe”,真佩服作者的思维! 看看算法啊 好家伙,正好需要 谢谢分享学习一下!! 头一次见到这种通过用户和密码生成的验证码竟然是程序的代码。太牛了,真是大开眼界!