CrackMe-002

发布于 2023-04-12  45 次阅读

Start

整体生成的Serial算法比较简单,取输入Name的长度,乘固定值0x17CFB放到EDI中,然后调用rtcAnsiValueBstr取Name第一个字符的ASCII码加进EDI中,最后将EDI的值转成字符

image20210807143051719.png
image20210807143430227.png
image20210202172613914.png
image20210202172847162.png
image20210202172956035.png

最终对输入的Serial和计算得到的Serial进行比较:

image20210202173113332.png

很明显,Serial是错的,所以到这里跳转会实现,最终弹出You Get Wrong:

image20210202173222205.png

那么爆破的思路就是把je用nop填充或者将je改成jne就可以了,这里不再做演示。

编写注册机

由上面的分析可以得到Serial的算法:ord(Name[0]) + len(Name) * 0x17CFB

这里可以加大序列号的随机范围,所以可以将Name的长度范围设为4, 10

random.sample(string.ascii_letters + string.digits, random.randint(4,10))

整体框架与CrackMe01没啥区别:

crackeMe02.py:

# -*- coding: utf-8 -*-

# Form implementation generated from reading ui file 'crackeMe01.ui'
#
# Created by: PyQt5 UI code generator 5.15.2
#
# WARNING: Any manual changes made to this file will be lost when pyuic5 is
# run again.  Do not edit this file unless you know what you are doing.


from PyQt5 import QtCore, QtGui, QtWidgets


class Ui_MainWindow(object):

    def setupUi(self, MainWindow):
        MainWindow.setObjectName("MainWindow")
        MainWindow.resize(500, 300)
        MainWindow.setMinimumSize(QtCore.QSize(500, 260))
        MainWindow.setMaximumSize(QtCore.QSize(500, 260))
        font = QtGui.QFont()
        font.setFamily("微软雅黑")
        font.setPointSize(10)
        MainWindow.setFont(font)
        MainWindow.setMouseTracking(False)
        self.centralwidget = QtWidgets.QWidget(MainWindow)
        self.centralwidget.setObjectName("centralwidget")
        self.pushButton = QtWidgets.QPushButton(self.centralwidget)
        self.pushButton.setGeometry(QtCore.QRect(140, 160, 201, 71))
        font = QtGui.QFont()
        font.setFamily("微软雅黑")
        font.setPointSize(10)
        self.pushButton.setFont(font)
        self.pushButton.setObjectName("pushButton")
        self.textEdit = QtWidgets.QTextEdit(self.centralwidget)
        self.textEdit.setGeometry(QtCore.QRect(150, 30, 281, 41))
        self.textEdit.setObjectName("textName")
        self.textEdit_2 = QtWidgets.QTextEdit(self.centralwidget)
        self.textEdit_2.setGeometry(QtCore.QRect(150, 90, 281, 41))
        self.textEdit_2.setObjectName("textSerial")
        self.label = QtWidgets.QLabel(self.centralwidget)
        self.label.setGeometry(QtCore.QRect(51, 44, 81, 21))
        font = QtGui.QFont()
        font.setFamily("Cascadia Code PL")
        font.setPointSize(10)
        self.label.setFont(font)
        self.label.setObjectName("label")
        self.label_2 = QtWidgets.QLabel(self.centralwidget)
        self.label_2.setGeometry(QtCore.QRect(50, 100, 72, 15))
        font = QtGui.QFont()
        font.setFamily("Cascadia Code PL")
        font.setPointSize(10)
        self.label_2.setFont(font)
        self.label_2.setObjectName("label_2")
        MainWindow.setCentralWidget(self.centralwidget)
        self.menubar = QtWidgets.QMenuBar(MainWindow)
        self.menubar.setGeometry(QtCore.QRect(0, 0, 500, 29))
        self.menubar.setObjectName("menubar")
        MainWindow.setMenuBar(self.menubar)
        self.statusbar = QtWidgets.QStatusBar(MainWindow)
        self.statusbar.setObjectName("statusbar")
        MainWindow.setStatusBar(self.statusbar)

        self.retranslateUi(MainWindow)
        QtCore.QMetaObject.connectSlotsByName(MainWindow)

    def retranslateUi(self, MainWindow):
        _translate = QtCore.QCoreApplication.translate
        MainWindow.setWindowTitle(_translate("MainWindow", "CrackeMe02注册机"))
        self.pushButton.setText(_translate("MainWindow", "生成注册码"))
        self.label.setText(_translate("MainWindow", "Name:"))
        self.label_2.setText(_translate("MainWindow", "Serial:"))

main.py:

# -*- coding: utf-8 -*-

# Form implementation generated from reading ui file 'main.py'
#
# Created by: PyQt5 UI code generator 5.15.2
#
# WARNING: Any manual changes made to this file will be lost when pyuic5 is
# run again.  Do not edit this file unless you know what you are doing.

import sys
import random
import string
from PyQt5.QtWidgets import QApplication, QMainWindow
from crackMe02 import Ui_MainWindow


class MyMainWindow(QMainWindow, Ui_MainWindow):
    serial_prefix = 'AKA-'
    name = ''
    serial = ''

    def __init__(self, parent=None):
        super(MyMainWindow, self).__init__(parent)
        self.setupUi(self)
        self.pushButton.clicked.connect(self.generate_name_serial)

    def generate_name(self):
        return ''.join(random.sample(string.ascii_letters + string.digits, random.randint(4,10)))

    def generate_serial(self, name):
        return self.serial_prefix + str(ord(name[0]) + len(name) * 0x17cfb)

    def generate_name_serial(self):
        self.name = self.generate_name()
        self.serial = self.generate_serial(self.name)
        self.textEdit.setText(self.name)
        self.textEdit_2.setText(self.serial)


if __name__ == '__main__':
    app = QApplication(sys.argv)
    myWin = MyMainWindow()
    myWin.show()
    sys.exit(app.exec_())

最终:

image20210202175616307.png
image20210202175644562.png

End