拆解一个简单的KeyFile保护

系统： Windows xp

程序： abexcrackme3

程序下载地址：http://pan.baidu.com/s/1mh3TiqO

要求：伪造Keyfile

使用工具：IDA

可在看雪论坛中查找关于此程序的破文：http://bbs.pediy.com/showthread.php?t=30192

IDA载入程序，找出提示破解成功的字串“Yep, keyfile found!”并定位关键代码：

CODE: ; =============== S U B R O U T I N E =======================================

CODE:

CODE: ; Attributes: noreturn

CODE:

CODE:                 public start

CODE: start           proc near

CODE:                 push                   ; uType

CODE:                 push    offset Caption  ; "abex' 3rd crackme"

CODE:                 push    offset Text     ; "Click OK to check for the keyfile."

CODE:0040100C                 push                   ; hWnd

CODE:0040100E                 call    MessageBoxA

CODE:                 push                   ; hTemplateFile

CODE:                 push    80h             ; dwFlagsAndAttributes

CODE:0040101A                 push                   ; dwCreationDisposition

CODE:0040101C                 push                   ; lpSecurityAttributes

CODE:0040101E                 push                   ; dwShareMode

CODE:                 push    80000000h       ; dwDesiredAccess

CODE:                 push    offset FileName ; "abex.l2c"

CODE:0040102A                 call    CreateFileA

CODE:0040102F                 mov     ds:hFile, eax

CODE:                 cmp     eax, 0FFFFFFFFh

CODE:                 jz      short loc_401075

CODE:                 push                   ; lpFileSizeHigh

CODE:0040103B                 push    ds:hFile        ; hFile

CODE:                 call    GetFileSize

CODE:                 cmp     eax, 12h

CODE:                 jnz     short loc_401060

CODE:0040104B                 push                   ; uType

CODE:0040104D                 push    offset aWellDone ; "Well done!"

CODE:                 push    offset aYepKeyfileFoun ; "Yep, keyfile found!"

CODE:                 push                   ; hWnd

CODE:                 call    MessageBoxA

CODE:0040105E                 jmp     short loc_401088

CODE: ; ---------------------------------------------------------------------------

CODE:

CODE: loc_401060:                             ; CODE XREF: start+49j

CODE:                 push                   ; uType

CODE:                 push    offset aError   ; "Error"

CODE:                 push    offset aTheFoundFileIs ; "The found file is not a valid keyfile!"

CODE:0040106C                 push                   ; hWnd

CODE:0040106E                 call    MessageBoxA

CODE:                 jmp     short loc_401088

CODE: ; ---------------------------------------------------------------------------

CODE:

CODE: loc_401075:                             ; CODE XREF: start+37j

CODE:                 push                   ; uType

CODE:                 push    offset aError_0 ; "Error"

CODE:0040107C                 push    offset aHmmmmmICanTFin ; "Hmmmmm, I can't find the file!"

CODE:                 push                   ; hWnd

CODE:                 call    MessageBoxA

CODE:

CODE: loc_401088:                             ; CODE XREF: start+5Ej

CODE:                                         ; start+73j

CODE:                 call    ExitProcess

CODE: start           endp ; sp-analysis failed

CODE:

程序查找一个Keyfile，文件名为“abex.l2c”，文件长度应为18字节，这样就可以通过验证。在abexcrackme3程序路径下新建文件，文件名为“abex.l2c”，用记事本打开并将内容设置为“012345678901234567”再运行abexcrackme3即可通过验证：

拆解一个简单的KeyFile保护

秒客网

拆解一个简单的KeyFile保护

相关文章