Home > Cloud Computing > Cloud Security

Mathematical Principles of a CrackMe decryption algorithm

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

[Article Title]: Let's talk about the mathematical principle of a CrackMe decryption algorithm.
[Author]: kaien
[Author mailbox]: kkaien@hotmail.com
[Software name]: echapcmd.exe
[Shelling method]: No shell
[Use tools]: OllyDbg, calculator and VC (for writing Registration) provided by winxp)
[Operating platform]: winxp
--------------------------------------------------------------------------------
[Detailed process]
Yesterday, I saw a Cracked article titled "A CrackMe attack on the <encryption and decryption version 2> disc" written by WAKU. I directly cracked CrackMe before reading the article. Although the findings are simple, they are wonderful !!!
Therefore, I cannot help writing a cracking article by using the light of WAKU. Good things don't bother talking about them. You don't need to wear them for a hundred times!
In this article, I will focus on the mathematical principles and evolution of this decryption algorithm, which greatly simplifies the decryption process.
This is the second article I am reading about snow. I hope this article will help new users.

The algorithm code is as follows, which is easy to understand. refer to the comments below:

004010CE |. 33FF xor edi, edi; edi cleared
004010D0 |. B9 08000000 mov ecx, 8; the number of cycles below is 8 (the estimated password is 8 digits)
004010D5 |. BE 44304000 mov esi, echap511.00403044; get the password to esi
004010DA |> 8036 32/xor byte ptr ds: [esi], 32; each letter and 32 xor
004010DD |. 46 | inc esi
004010DE |. ^ E2 FA loopd short echap511.004010DA
004010E0 |. BE 44304000 mov esi, echap511.00403044; change the password address to esi
004010E5 |. B9 04000000 mov ecx, 4; ecx = 4 here, This is to say, the following loops 4 times
004010EA |> 8A06/mov al, byte ptr ds: [esi]; first
004010EC |. 8A5E 01 | mov bl, byte ptr ds: [esi + 1]; second
004010EF |. 32C3 | xor al, bl; al = al ^ bl
004010F1 |. 8887 4C304000 | mov byte ptr ds: [edi + 40304C], al; because edi has been cleared (see the first line ). So in the first loop, the address is 40304c.
004010F7 |. 83C6 02 | add esi, 2; address jump two
004010FA |. 47 | inc edi; edi ++
004010FB |. ^ E2 ED loopd short echap511.004010EA
004010FD |. BE 4C304000 mov esi, echap511.0040304C; after calculation, give the address to esi. In fact, 40304c is in the memory, right behind the first 8-bit password
00401102 |. 8A06 mov al, byte ptr ds: [esi]; In the four calculation results, the first digit is given to al
00401104 |. 8A5E 01 mov bl, byte ptr ds: [esi + 1]; get the second digit to bl
00401107 |. 32C3 xor al, bl; al = al ^ bl
00401109 |. 8A5E 02 mov bl, byte ptr ds: [esi + 2]; Third-> bl
0040110C |. 8A4E 03 mov cl, byte ptr ds: [esi + 3]; Fourth-> cl
0040110F |. 32D9 xor bl, cl; bl = bl ^ cl
00401111 |. 32C3 xor al, bl

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
priority of mathematical operations mathematical value of e priority of mathematical operators gestalt principles of perception principles of microservices ideo principles of design list of mathematical functions
Related Article
How does personal cloud security guarantee data security?
Model-driven cloud security-automating cloud security with cl...
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More