Crackme -- Acid burn (first program), crackme -- acidburn

Crackme -- Acid burn (first program), crackme -- acidburn

Crackme: Acid burn.exe

Difficulty coefficient:★

Tool: Chinese version of Ollydbg (OD)

 

Run Acid burn.exe

 

First, open OD load Acid burn.exe and enter The wrong registration name and password. The serial is incorect! (Sorry, the serial number is incorrect !)

 

 

 

Open OD --> plug-in --> Chinese search engine --> Search ASCLL shortcut key ctrl + F search string Sorry, The serial is incorect! Location

 

 

Double-click to enter the CPU window. The address here is 0042FA63. Let's write down this place to facilitate next debugging (Ctrl + G jump to this location ).

 

 

Before 0042FA63, there was a jge jump command (jump if the value is greater than or equal to). If it jumps here, the prompt information is skipped.

We will jump to the next breakpoint (the breakpoint under F2) to check the execution status. Run the program (F9) and re-enter the false registration name and password to find that the program has been broken. We perform one-step debugging by pressing F7 to call 00406930.

Then it was found that it had fallen into a deep hole set by the program author.

Obviously, this is not a prompt we are looking for. We will find two strings Congratz on the same prompt !! (Congratulations !!) And Good job dude =) (pretty Good, buddy) it's obvious that this is the outlet point we're looking.

We found Congratz !! In the previous jnz (not equal to ZF = 0), the jump will jump to 0042FBEF if the jump is successful. Here is the key hop we are looking ~ Before this command, a call must be the key call. We use the shortcut key Alt + B to open the breakpoint window and delete the previous breakpoint. Back to CPU window (Alt + C)

Next breakpoint tracking debugging before call (Ctrl + F2 re-start -- run)

At this time, the EAX value is CW-8856-CRACKED EDX value is our false password 11111111111111111111111

Here we suspect that the CW-8856-CRACKED is the registration code we are looking for. Let's go into this call and see.

Here we can see that

Mov esi, eax

Mov edi, edx

Cmp eax, edx

Je 00403A9A

Compare it with values in eax and edx. If the values are the same, jump here and we will analyze that the password is indeed a CW-8856-CRACKED.

 

Brute-force cracking: we must start with jnz to achieve brute-force cracking. Let ZF = 1 jnz not jump. We modify cmp eax, edx

For cmp eax and eax.

 

 

 

 

 

 

 

Starburn3266dll which program does this file belong?

You can delete a module of the recording software from the file name.

: Flash Optimizer 145 registration code