算法分析-02-“B2C-CrackMe”，真佩服作者的思维！

wanao2008 · 发表于 2021-4-30 07:08

本帖最后由 wanao2008 于 2021-5-1 07:19 编辑

这两个月一直在做算法分析，3月份把160个CrackMe走了一遍。
这个月开始练习“看雪”出品的“pediy Crackme 2007”里的程序，好程序一定要拿出来分享。

疑问：这些程序多数都是20年前的，那么研究它们还有意义吗？
答案是肯定的：有。
通过学习，我已经研究明白了“Qt5Core程序完美爆破仅需一个点”，“gilisoft软件的算法分析”。
没有基础，怎么进步？研究这些程序都是在打基础。

介绍一下本次的主角：
软件名称：B2C-crackme1.rar
下载地址：链接: https://pan.baidu.com/s/1zYb2NWxc9tPotl8A4zY55Q 提取码: sg6v
软件特点：头一次见到这种通过用户和密码生成的验证码竟然是程序的代码。太牛了，真是大开眼界！

游客，如果您要查看本帖隐藏内容请回复

此程序让我多长了一分见识，值得推荐！！

附上VB算法程序及配套使用的自制函数：

Sub unTest()
Dim userName As String, Serial As String, clStr1 As String, clStr2 As String
Dim x As Integer, y As Integer
Dim Eax As Double, Ebx As Double, Ecx As Double, Edx As Double, Edi As Double, Esi As Double
Ebx = unSigned("C390FF33") '为了计算，先转为无符号数
Edi = &H10000
userName = "wanao2008"  '更改为自已的用户名
For x = 1 To Len(userName)
      Ebx = Ebx + Edi
      Edx = Asc(Mid(userName, x, 1))
      Edx = ROL(Edx, 16)
      Ebx = Ebx - Edx
Next
Eax = Ebx + &H4000000
Eax = Keep32(Eax) '保留32位数据
Eax = Signed(Eax) '为了应对VB的溢出错误，只好无符号数再转为有符号数
clStr1 = Hex(Eax)
Eax = Eax Xor &H52476433
Eax = Eax Xor &H52472456
Serial = Hex(Eax)    '求出序列号
Stop
End Sub

'有符号转无符号
Public Function unSigned(hNum As String) As Double
Dim isDbl As Double, fNum As Byte
If Len(hNum) <> 8 Then
      isDbl = "&H" & hNum
Else
      fNum = "&H" & Left(hNum, 1)
      Do
         If fNum > 7 Then
            fNum = fNum - 7
            isDbl = isDbl + "&H70000000"
         Else
            isDbl = isDbl + ("&H" & fNum & Right(hNum, 7))
            Exit Do
         End If
      Loop
End If
unSigned = isDbl
End Function
'无符号转有符号
Public Function Signed(hNum As Double) As Double
If hNum < 4294967296# And hNum > 2147483647 Then
      hNum = hNum - 4294967296#
End If
Signed = hNum
End Function
'大于32位的，去除溢出的部分
Public Function Keep32(bigNum As Double)
Dim decNum As Double, jiShu As Long
decNum = "&H100000000"
Do
      If bigNum > decNum Then
         bigNum = bigNum - decNum
      Else
         Exit Do
      End If
Loop
Keep32 = bigNum
End Function

'循环左移
Public Function ROL(ByRef Num As Variant, Optional ByVal iCL As Byte = 1)
Dim i As Byte
Dim bMask As Byte, iMask As Integer, lMask As Long
a = VarType(Num)
Select Case VarType(Num)
Case 2 '16 bits
   For i = 1 To iCL
      iMask = 0
      If (Num And &H4000) <> 0 Then iMask = &H8000
      If (Num And &H8000) <> 0 Then iMask = iMask Or &H1
      Num = (Num And &H3FFF) * 2 Or iMask
   Next
Case 3, 5 '32 bits
   For i = 1 To iCL
      lMask = 0
      If (Num And &H40000000) <> 0 Then lMask = &H80000000
      If (Num And &H80000000) <> 0 Then lMask = lMask Or &H1
      Num = (Num And &H3FFFFFFF) * 2 Or lMask
   Next
Case 17 '8 bits
   For i = 1 To iCL
      bMask = 0
      If (Num And &H40) <> 0 Then bMask = &H80
      If (Num And &H80) <> 0 Then bMask = bMask Or &H1
      Num = (Num And &H3F) * 2 Or bMask
   Next
Case Else
   ROL = False
   Exit Function
End Select
ROL = Num
End Function

aゞ烛火 · 发表于 2021-5-1 12:34

学习一下

87682678 · 发表于 2021-5-4 09:58

回复学习回复学习

bxw00004 · 发表于 2021-5-4 10:41

谢谢分享学习一下！!

a8152070 · 发表于 2021-5-26 09:48

学习一下，谢谢分享

_Cpujazz · 发表于 2021-7-13 21:38

算法分析-02-“B2C-CrackMe”，真佩服作者的思维！

快播哥 · 发表于 2021-7-13 21:42

看看算法啊

倔强的小牛 · 发表于 2021-7-14 19:24

好家伙，正好需要

akiakis · 发表于 2021-7-19 15:03

谢谢分享学习一下！!

lx2017 · 发表于 2021-7-19 20:58

头一次见到这种通过用户和密码生成的验证码竟然是程序的代码。太牛了，真是大开眼界！

		自动登录	找回密码
密码			立即注册

[原创逆向图文] 算法分析-02-“B2C-CrackMe”，真佩服作者的思维！

评分