第一次 CRACK ME,试手试手~

时间:2023-01-16 20:53:14

    第一次暴力破解,算法分析得头痛 了 ,回头再说,爆破就爆破吧.

先用OD打开ncrackme.exe,然后F9运行下来,程序断到用户名和密码处,我输入了name: zhkza99c,key:0123cat,好象对爆破没啥作用哈,管他,弹出Registration fail,好的,用字符串查找定位到:00401095  向上看看,关键跳转找到~

00401072      75 1B         JNZ SHORT ncrackme.0040108F

NOP掉就完成了.

 

00401050   .  817C24 08 110>CMP DWORD PTR SS:[ESP+8],111
00401058   .  75 74         JNZ SHORT ncrackme.004010CE
0040105A   .  8B4424 0C     MOV EAX,DWORD PTR SS:[ESP+C]
0040105E   .  66:3D EA03    CMP AX,3EA
00401062   .  75 42         JNZ SHORT ncrackme.004010A6
00401064   .  E8 C7010000   CALL ncrackme.00401230
00401069   .  85C0          TEST EAX,EAX
0040106B   .  6A 00         PUSH 0                                                                        ; /Style = MB_OK|MB_APPLMODAL
0040106D   .  68 80504000   PUSH ncrackme.00405080                             ; |Title = "ncrackme"
00401072      75 1B         JNZ SHORT ncrackme.0040108F
00401074   .  A1 B8564000   MOV EAX,DWORD PTR DS:[4056B8]            ; |
00401079   .  68 64504000   PUSH ncrackme.00405064                   ; |Text = "Registration successful."
0040107E   .  50            PUSH EAX                                                            ; |hOwner => NULL
0040107F   .  FF15 C0404000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>      ; /MessageBoxA
00401085   .  E8 A6020000   CALL ncrackme.00401330
0040108A   .  33C0          XOR EAX,EAX
0040108C   .  C2 1000       RET 10
0040108F   >  8B0D B8564000 MOV ECX,DWORD PTR DS:[4056B8]            ; |
00401095   .  68 50504000   PUSH ncrackme.00405050                   ; |Text = "Registration fail."
0040109A   .  51            PUSH ECX                                                            ; |hOwner => NULL
0040109B   .  FF15 C0404000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; /MessageBoxA
004010A1   .  33C0          XOR EAX,EAX
004010A3   .  C2 1000       RET 10
004010A6   >  66:3D EB03    CMP AX,3EB
004010AA   .  75 22         JNZ SHORT ncrackme.004010CE
004010AC   .  A1 C0564000   MOV EAX,DWORD PTR DS:[4056C0]
004010B1   .  85C0          TEST EAX,EAX
004010B3   .  74 19         JE SHORT ncrackme.004010CE
004010B5   .  8B15 B8564000 MOV EDX,DWORD PTR DS:[4056B8]
004010BB   .  6A 00         PUSH 0                                                               ; /Style = MB_OK|MB_APPLMODAL
004010BD   .  68 80504000   PUSH ncrackme.00405080                   ; |Title = "ncrackme"
004010C2   .  68 30504000   PUSH ncrackme.00405030                   ; |Text = "good function, i was cracked"
004010C7   .  52            PUSH EDX                                                            ; |hOwner => NULL
004010C8   .  FF15 C0404000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>    ; /MessageBoxA
004010CE   >  33C0          XOR EAX,EAX
004010D0   .  C2 1000       RET 10

反正这是练手,爆破也不算什么坏打算啊,算法攻击中 .....