新160个crackme - 095-tengxingCrackMe_v1.1
运行分析
- 需破解用户名和注册码
PE分析
- Delphi程序,32位,无壳
静态分析&动态调试
- ida找到关键字符串
- 动调调试,Name长度为4~15
- 遇到第一个循环:判断Serial必须为大小写字符或数字
- 循环二:根据Name得到v23,判断v23与第一段Serial是否相等
- 循环三:提取Name长度计算得到v34,判断v34与第二段Serial是否相等
- 循环四:将Name从小到大进行排序,得到Name_move
- 循环五:提取Name_move每一位计算得到v65,判断v65与第三段Serial是否相等
算法分析
- 假设Name为4位,爆破Name和Serial
s = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
for Name_1 in s:
for Name_2 in s:
for Name_3 in s:
for Name_4 in s:
Name = Name_1 + Name_2 + Name_3 + Name_4
Serial = []
# 循环二:提取Name每一位得到v23,判断v23与第一段Serial是否相等
for i in range(len(Name)):
v23 = 3 * len(Name) - 2 * (i+1) - 20 + ord(Name[i])
Serial.append(v23)
# 循环三:提取Name_reverse每一位计算得到v34,判断v34与第二段Serial是否相等
Name_reverse = Name[::-1]
for i in range(len(Name_reverse)):
v34 = ord(Name_reverse[i]) + 3 * len(Name) - 3 * (i+1) - 20
Serial.append(v34)
# 循环四:将Name从小到大进行排序,得到Name_move
Name_move = [ord(i) for i in Name]
n = 0
while n == 0:
n = 1
for i in range(3):
if Name_move[i] > Name_move[i + 1]:
k = Name_move[i]
Name_move[i] = Name_move[i + 1]
Name_move[i + 1] = k
n = 0
# 循环五:提取Name_move每一位计算得到v65,判断v65与第三段Serial是否相等
for i in range(len(Name_move)):
v65 = Name_move[i] + (len(Name) - 3) * (len(Name) - 3) - 2 * (i+1) - 20
Serial.append(v65)
Serial = "".join([chr(i)for i in Serial])
n = 0
for i in Serial:
if i in s:
pass
else:
n = 1
break
if n == 0:
print(Name + '的Serial为:' + Serial)
- 验证成功
原文地址:https://blog.csdn.net/qq_41483767/article/details/143642748
免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!