Comments: Today, I would like to introduce you to the knowledge and experiences of brute force cracking. Of course, this is my personal experience, but there should be other experience for the experts. If you think that my experience is insufficient, I hope I can write a letter to supplement it. Now we will introduce the principles of brute-force cracking. I have never been able to obtain the registration code or register code for brute-force cracking. I would like to introduce my knowledge and experience on brute-force cracking to you today. Of course, this is my personal experience, but there should be other experience for the experts. If you think that my experience is insufficient, I hope I can write a letter to supplement it. Now we will introduce the principles of brute-force cracking. For brute-force cracking, it is often difficult to obtain the registration code or the calculation process of the registration code is too complicated, and cannot be calculated normally (here, the anti-Push method is used to calculate the registration code) so we can use the method of modifying the program to crack the software, which is usually brute force cracking. Now we can split the software that uses brute-force cracking into different types to let everyone know how to crack the registration code or brute-force cracking of different software. 1. beta software is used for testing and generally cannot be registered. In this case, it has only one time bomb limit and can only be used for brute force cracking. Just remove the time bomb. 2. sharing software does not require the form of registration code input. This software is relatively mature, but the author generally does not use registration code protection software, but only makes a time bomb, as shown above, so the attack is the same as above. 3. The registration code calculation process in shared software is too complicated
This software is designed by the author to use a very complex computing process. You cannot obtain its registration code using reverse push, so it can only use brute force cracking to use this software.
4. Prompt window for sharing software
Generally, this kind of software has a prompt window when it starts to run. the most annoying thing is that some software Prompt Windows have certain time requirements. You need to wait 10 seconds to run the software, therefore, brute-force cracking is usually used to crack it. (This does not include cracking the registration code)
5. Key File Protection for Shared Software
For such software, it is usually difficult to decrypt people, but it is quite easy to use brute force cracking. You only need to find the right place to crack it.
6. Shared Software shelling
This type of cracking is the most difficult of brute-force cracking, because if you have no knowledge about shelling, you will not be able to use brute-force cracking to crack the software. Therefore, we must have a good knowledge of shelling to deal with this attack.
Now let's take an example to explain how to perform brute force cracking.
Brief Introduction: A software installation program can be used to create very small installation files and support Win95/98/NT. The files created with it are very small and only 2-3 kb, SETUP is not required. EXE file, you just need to right-click and choose Install, but you can also use it to create a file containing SETUP. the INF package of the EXE file. It can generate one or more ZIP or EXE files. It uses INI file and can be packaged in multiple languages.
Tracking: After I load the software, it notifies me that the software has expired, so I will solve the problem first. I used softice to load it at the beginning, but I didn't analyze it. So I used the w32dasm tool to analyze it, using this software to analyze such expiration software is quite a level. Therefore, as a decryption person, you must have such a good tool.
Below: 004B3882 rjfadd dword ptr [handle]: 004B3888 DB7DC8 fstp tbyte ptr [ebp-38]: 00009b wait: 00000000call 00409F64: 004B3891 DB6DC8 limit tbyte ptr [ebp-38]: 004B3894 DED9 fcompp: 004B3896 DFE0 fstsw ax: 004B3898 9E sahf: 004B3899 7321 jnb pushed: 00006a00 push 00000000: 00000000mov cx, word ptr [limit]: 0000b202 mov, 02
* Possible StringData Ref from Code Obj-> "This version of INF-Tool Lite"-> "is outdated. "|: 004B38A6 mov eax, clerk: 004B38AB call 004573E8: 109a180c74c00 mov eax, dword ptr [004CC780]: 004B38B5 8B00 mov eax, dword ptr [eax]: 004B38B7 E894AAF9FF call 0044E350
* Referenced by a (U) nconditional or (C) onditional Jump at Address: |: 004B3899 (C) |: 004B38BC C605ADFC4C0000 mov byte ptr [004 CFCAD], 00: 004B38C3 116mov byte ptr [004 CFCAC], 00: 004B38CA B201 mov dl, 01: 004B38CC A120F44000 mov eax, dword ptr [0040F420]: 004B38D1 2017call 004030D0: 004B38D6 898644160000 mov dword ptr [esi 00001644]. Have you seen the software expiration in eax? Let's look up a jne command that can be skipped here. It is estimated that it is Check whether it expires, but we need to confirm it and change it. Hey, that's it. You'll know it in a try. After the software entered, it was found that the registration code was not entered, so it was cracked. The software was cracked. * ********************************* Search: 9E 73 21 6A 00 ** replace: 9E EB 21 6A 00 ******************************** this software is to use brute force methods to crack, let's analyze how brute-force cracking is usually performed.
For brute-force cracking, it is best to use the disassembly software such as W32DASM. Why? This is mainly because the brute-force cracking software usually has a prompt window about the time of use or the number of times of use, therefore, you can remember the prompt window and use W32 to find the corresponding statement to get the error, and then find out how to avoid the jump of this place to crack such software. This is usually the method of brute-force cracking.
Let's take a good look at the above example. I think this method is usually used for brute-force cracking. The following methods should be used for cracking.
1. after the call date, it is usually one year after the call, so that the software with time restrictions will prompt you that the software has expired, so that you can normally load the analysis using W32 analysis or TRW or SI.
2. Search for the key value in the registry. After deletion, the system prompts expiration or registration requirements.
3. You can find the corresponding registry or file value for the software that requires the number of times of use. This can also crack the software.