Serial number analysis

Enterprise 2023-05-08 01:43:41 views: null

software analysis

program download

crackme_4stz

1

wangzhiyuyeshou

First open it and have a look, and found that there are only two text boxes, nothing else, not even buttons. At this time, I guess this is because the program has been matching characters in the background, and compare the results. If the comparison is the same, it will jump out of success and so on. something to come.

2

od loaded in, run.
wangzhiyuyeshou
Now this program has two situations:
1. Both Nombre and Codigo are specific, that is to say, the two input must be correct to be correct.
2. Nombre and Codigo change accordingly, that is, if you input different Nombre, then Codigo is also different.

These two situations do not affect my random input of characters in the Nombre box. So I input "wang" in the Nombre box, and then power off at the translatemessage function, as shown in the figure below:
①. Search for all functions in the current module
wangzhiyuyeshou
②. Find translatemessage and set a breakpoint
wangzhiyuyeshou
③. Click b to view the breakpoint
wangzhiyuyeshou
Double-click to go in and see separately. I deleted the jmp above according to the situation. Obviously it is a jump.

Why should it be broken at the translatemessage function? Because this function is to convert the virtual key message into a character message , the message input by the keyboard must go through this function.

Click on the program, enter an 8 (the number 8 of the small keyboard I entered), and view the stack, as shown in the figure below:
wangzhiyuyeshou
Key=UK_NUMPAD8 , which is the number 8 of the small keyboard.

3

Tracing method using memory

①. Delete all breakpoints, reload, and run, enter wang, and 9876 (press whatever you want).
wangzhiyuyeshou
②. Click m in od , right click to find "9876", as shown below, a total of two places are found:
wangzhiyuyeshou
wangzhiyuyeshou

③. Set a memory access breakpoint at the first place, click in, run f8, and find that it seems to be a copying process, so I can't keep up. . . (Impatient)
Set a memory access breakpoint at the second place, press F8, enter 5, and find a string similar to the answer in the stack, enter it again, and you can check it in the register, the 987654 I entered is indeed in the same This string comparison is as follows:wangzhiyuyeshou
wangzhiyuyeshou

④, reload this program, enter whether this is the serial number, it is true
wangzhiyuyeshou

Guess you like

Origin blog.csdn.net/wangzhiyu12/article/details/110814524
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com