Reverse analysis of Crackme030
1. observation program
2. A simple search case
No shell.
3. Program Analysis
Because the program is written using VB5, so let's use VB Decompiler loader look
We can see, the program has three panels, six click event. The code at the address 4030F0 probably we need.
Then use OD loader, search string
Enter the code at the top can be seen not far from a comparison function
To run here for the function parameters
The first argument should be password fishes we enter, I enter here it is 123456, but now it is some strange symbols.
The second parameter should be the correct password.
After the first argument because the password is not our original input, so we suspect the program may enter the password we made some deal, comparing it carried out. So we have to make the appropriate treatment to reverse the string above, to get the real password.
They came to the beginning of the code, which is seen at the above address 4030F0, breakpoint, run the program
The program first to obtain the password, and then obtain the length of the password
Then build cycle, the number of cycles for the length of the password. In the cycle, the program takes each input character of the password, which is obtained by ASCII value. And ASCII value of the string followed by "2000" single character XORed. That is, the first character of the ASCII code and the ASCII values of the XOR 2, the second password corresponding to the character character 0 5 calculates, password and 2 correspond again operated.
After the cycle is completed, will be compared
According to their method, we can counter the launch of its real password
We will be the string "qBQSYdXUe_B \ V" once again and the string "2000" exclusive-or operation can be