<<Crack!> > Blasting "Password"

DATE-2015/11/15 Sunday

YPP

Beginners crack, often start from "blasting".

This paper does not have much technical content, just to make a simple review of the previous study;

There is still something wrong with this article, please do not hesitate to enlighten your peers! Thank you.

C implementation of simple password verification , Figure 1:

Crack_1.cpp

#include <stdio.h>

#include <string.h>

#define PASSWORD "1234567"

int ypp (char *);

int main ()

{

Char password[1024];

int n=0;

while (1)

{

printf ("Please input password:\t");

scanf ("%s", password);

N=YPP (password);

if (n)

printf ("error!\n\n");

Else

{

printf ("congratulation!\n\n");

Break

}

}

return 0;

}

int ypp (char *password)

{

int num;

NUM=STRCMP (Password,password);

return num;

}

in VC6.0 run under compile, then use Ida Disassembly of it, 2 :

It is easy to identify the main from the disassembly information the address 0x00401020

Next ollydbg loading, for the moment, in this place, the breakpoint:

Figure 3 :

Figure 4

F9 Let the program "run" Up! The interruption is here.

F8 Single step to 0040106a.scanf at this point the program is waiting for us to enter "password"

Enter false password (20151115) , enter:

Figure 5

Keep Stepping ... To 00401079 call crack_1.00401005

Figure 6

F7 step into, will come to YPP () 's airspace:

Figure 7

Figure 8

To know the specific verification process of the password, we should carefully observe the above disassembly;

when stepping to 00401111 when the OD The C has been identified library function strcmp ()

The value of the parameter that holds the true password is also exposed!

Figure 9

Figure Ten (EAX the value is 1 , which is the local variable num The value is true and the password decision fails! )

Don't worry, the key is behind.

when stepping over Retn when, out of YPP () and back to 0040107E.

Figure 11

" Jump isn't taken "meaning" does not perform jump! " then proceed to execution (output error!) )

< the key to the demolition is this. >

<je short crack_1.0040109f; will " JE "Change to" JNE "That's complete demolition!" >

Assembly Instructions JE and the JNE the effect is the opposite

JE: Equal transfer

JNE : Unequal transfer

Double-click the Disassembly column, JE command, modify and then click Assemble "

Figure 12

Figure 13

Figure 14

Figure 15

It is important to note that this modification is "temporary".

If you want to keep it forever, please continue looking down:

1. Right-click on the "jnzshort..." line: follow in Dump--selection

Figure 16

2. in the same way, check the data panel ... Copy to executable file

Figure 17

3. Save File ...

Figure 18

Figure 19

Verify

END.

(YPP) 2015/11/15.

[Email protected]

<<Crack!> > Blasting "Password"