好友
阅读权限10
听众
最后登录1970-1-1
|
CM是什么?Crackme是什么?这是什么东西?楼主发的什么?
他们都是一些公开给别人尝试破解的小程序,制作 Crackme 的人可能是程序员,想测试一下自己的软件保护技术,也可能是一位 Cracker,想挑战一下其它 Cracker 的破解实力,也可能是一些正在学习破解的人,自己编一些小程序给自己破解,KeyGenMe是要求别人做出它的 keygen (序号产生器), ReverseMe 要求别人把它的算法做出逆向分析, UnpackMe 是要求别人把它成功脱壳,本版块禁止回复非技术无关水贴。
【文章标题】: 吾爱2013CM大赛解答--2013CM_无邪-- 无邪 CM分析
【文章作者】: Crack_Qs[4st Team]
【作者主页】: www.reversesec.com
【软件名称】: 2013CM_无邪-- 无邪
【下载地址】: 自己搜索下载
【作者声明】: 我是打酱油的,失误之处敬请诸位大侠赐教! 技术支持:Peace、kido
--------------------------------------------------------------------------------
【详细过程】
004010A1 /. 55 push ebp
004010A2 |. 8BEC mov ebp,esp
004010A4 |. 81EC 1C000000 sub esp,0x1C
004010AA |. 68 010100A0 push 0xA0000101
004010AF |. 6A 00 push 0x0
004010B1 |. 68 50AB4600 push 2013CM_?0046AB50
004010B6 |. 68 01000000 push 0x1
004010BB |. BB 501B4000 mov ebx,2013CM_?00401B50
004010C0 |. E8 15090000 call 2013CM_?004019DA ; 取 ASCII "asduiashdihasdjkanksd"
004010C5 |. 83C4 10 add esp,0x10
004010C8 |. 8945 FC mov [local.1],eax
004010CB |. 6A FF push -0x1
004010CD |. 6A 08 push 0x8
004010CF |. 68 04000116 push 0x16010004
004010D4 |. 68 01000152 push 0x52010001
004010D9 |. E8 02090000 call 2013CM_?004019E0 ; 取用户名
004010DE |. 83C4 10 add esp,0x10
004010E1 |. 8945 F8 mov [local.2],eax
004010E4 |. 8B45 FC mov eax,[local.1]
004010E7 |. 50 push eax
004010E8 |. FF75 F8 push [local.2]
004010EB |. E8 14FFFFFF call 2013CM_?00401004 ; 比较
004010F0 |. 83C4 08 add esp,0x8
004010F3 |. 83F8 00 cmp eax,0x0
004010F6 |. B8 00000000 mov eax,0x0
004010FB |. 0F94C0 sete al
004010FE |. 8945 F4 mov [local.3],eax
00401101 |. 8B5D F8 mov ebx,[local.2]
00401104 |. 85DB test ebx,ebx
00401106 |. 74 09 je X2013CM_?00401111
00401108 |. 53 push ebx
00401109 |. E8 C0080000 call 2013CM_?004019CE
0040110E |. 83C4 04 add esp,0x4
00401111 |> 8B5D FC mov ebx,[local.1]
00401114 |. 85DB test ebx,ebx
00401116 |. 74 09 je X2013CM_?00401121
00401118 |. 53 push ebx
00401119 |. E8 B0080000 call 2013CM_?004019CE
0040111E |. 83C4 04 add esp,0x4
00401121 |> 837D F4 00 cmp [local.3],0x0
00401125 0F84 88000000 je 2013CM_?004011B3 ; nop
0040112B |. 68 010100A0 push 0xA0000101
00401130 |. 6A 00 push 0x0
00401132 |. 68 6DAB4600 push 2013CM_?0046AB6D
00401137 |. 68 01000000 push 0x1
0040113C |. BB 501B4000 mov ebx,2013CM_?00401B50
00401141 |. E8 94080000 call 2013CM_?004019DA ; 取 ASCII "sadsadasdsafaffdsfadasd"
00401146 |. 83C4 10 add esp,0x10
00401149 |. 8945 F0 mov [local.4],eax
0040114C |. 6A FF push -0x1
0040114E |. 6A 08 push 0x8
00401150 |. 68 05000116 push 0x16010005
00401155 |. 68 01000152 push 0x52010001
0040115A |. E8 81080000 call 2013CM_?004019E0 ; 取假码
0040115F |. 83C4 10 add esp,0x10
00401162 |. 8945 EC mov [local.5],eax
00401165 |. 8B45 F0 mov eax,[local.4]
00401168 |. 50 push eax
00401169 |. FF75 EC push [local.5]
0040116C |. E8 93FEFFFF call 2013CM_?00401004 ; 比较
00401171 |. 83C4 08 add esp,0x8
004011A2 |> \837D E8 00 cmp [local.6],0x0
004011A6 |. 0F84 07000000 je 2013CM_?004011B3 ; nop
004011AC |. B8 01000000 mov eax,0x1 ; 给eax赋值1
004011B1 |. EB 02 jmp X2013CM_?004011B5
004011B3 |> 33C0 xor eax,eax
004011B5 |> 85C0 test eax,eax
004011B7 |. 0F84 82050000 je 2013CM_?0040173F
00401229 |. /74 09 je X2013CM_?00401234
0040122B |. |53 push ebx
0040122C |. |E8 9D070000 call 2013CM_?004019CE
00401231 |. |83C4 04 add esp,0x4
00401234 |> \837D F4 00 cmp [local.3],0x0
00401238 |. 0F84 88000000 je 2013CM_?004012C6 ; nop
004012B5 |> \837D E8 00 cmp [local.6],0x0
004012B9 |. 0F84 07000000 je 2013CM_?004012C6 ; nop
004012BF |. B8 01000000 mov eax,0x1 ; 给eax 1
004012C4 |. EB 02 jmp X2013CM_?004012C8
004012C6 |> 33C0 xor eax,eax
0040133E |. 53 push ebx
0040133F |. E8 8A060000 call 2013CM_?004019CE
00401344 |. 83C4 04 add esp,0x4
00401347 |> 837D F4 00 cmp [local.3],0x0
0040134B |. 0F84 88000000 je 2013CM_?004013D9 ; nop
004013C8 |> \837D E8 00 cmp [local.6],0x0 ; nop
004013CC |. 0F84 07000000 je 2013CM_?004013D9
004013D2 |. B8 01000000 mov eax,0x1 ; eax 1
004013D7 |. EB 02 jmp X2013CM_?004013DB
004013D9 |> 33C0 xor eax,eax
004013DB |> 85C0 test eax,eax
00401451 |. 53 push ebx
00401452 |. E8 77050000 call 2013CM_?004019CE
00401457 |. 83C4 04 add esp,0x4
0040145A |> 837D F4 00 cmp [local.3],0x0
0040145E |. 0F84 88000000 je 2013CM_?004014EC ; nop
004014DB |> \837D E8 00 cmp [local.6],0x0
004014DF |. 0F84 07000000 je 2013CM_?004014EC ; nop
004014E5 |. B8 01000000 mov eax,0x1 ; eax 1
004014EA |. EB 02 jmp X2013CM_?004014EE
004014EC |> 33C0 xor eax,eax
00401564 |. 53 push ebx
00401565 |. E8 64040000 call 2013CM_?004019CE
0040156A |. 83C4 04 add esp,0x4
0040156D |> 837D F4 00 cmp [local.3],0x0
00401571 |. 0F84 88000000 je 2013CM_?004015FF ; nop
004015EE |> \837D E8 00 cmp [local.6],0x0
004015F2 |. 0F84 07000000 je 2013CM_?004015FF ; nop
004015F8 |. B8 01000000 mov eax,0x1 ; eax 1
004015FD |. EB 02 jmp X2013CM_?00401601
004015FF |> 33C0 xor eax,eax
00401677 |. 53 push ebx
00401678 |. E8 51030000 call 2013CM_?004019CE
0040167D |. 83C4 04 add esp,0x4
00401680 |> 837D F4 00 cmp [local.3],0x0
00401684 |. 0F84 88000000 je 2013CM_?00401712 ; nop
00401701 |> \837D E8 00 cmp [local.6],0x0
00401705 |. 0F84 07000000 je 2013CM_?00401712 ; nop
0040170B |. B8 01000000 mov eax,0x1 ; eax 1
00401710 |. EB 02 jmp X2013CM_?00401714
00401712 |> 33C0 xor eax,eax
--------------------------------------------------------------------------------
【经验总结】
就是反复比较
--------------------------------------------------------------------------------
【版权声明】: 本文原创于Crack_Qs[4st Team], 转载请注明作者并保持文章的完整, 谢谢!
2013年12月15日 17:03:34
|
免费评分
-
查看全部评分
|
发表于 2013-12-15 17:05
