IDA Pro reverse combat Crackme (simple), idaprocrackme

IDA Pro reverse combat Crackme (simple), idaprocrackme

Today, I am very idle. If I have nothing to do, I will come up with the reverse questions that I have not solved before. The specific source code is in the attachment, so I will not talk about it. I will serve it directly:

0. source program running effect (if the input is incorrect, exit directly ):

1. Exeinfo PE shell check:
   
   

   
   Seeing a small program with no shell, it seems that it will be very easy to train hands !!! Then load it directly to IDA to check the program execution logic!
   
   

2. IDA Pro view program execution Logic
   

The screenshot here is a white chart, but it is sufficient for the analysis program flow. By the way, the red line in the explanation is executed by the False branch, and the Green Line is executed by the True branch, generally, there are not many branches here, so this program should not be very complicated!

3. Check the source code for the magic IDA F5.

I'm dizzy. The hard-to-edit high-definition images here can only look like this at the end. Let's take a look at it and find out the key functions. Here is how men can follow up!

4. Click the key function to go to the Verification Code section. Check the decompilation Source Code directly.

I can see that all my hands are itchy. I need to use the C language to write a reverse algorithm and reverse his key string!

5. Simple reverse algorithms written in C

Execution result:

Enter it and check the result!

6. The final victory!

Finally, I am embarrassed to come up with such a small program, but I hope you will discuss it more.

(Original article, Author: ByteWay) Here is my own forum, welcome to visit: http://itpark.sinaapp.com/thread-index-fid-4-tid-121.htm

Crc32crackme simple cracking

[Cracking process ]:

Hello everyone, today I will give you a simple brute-force demonstration ~ This is a little different from the previous two ~ Haha ~ We still need to analyze the code and read the code clearly! Shell query: Borland Delphi 4.0-5.0
Run the test. Enter wynney 444520 and the system prompts "incorrect registration code"
Use W32asm for unlimited loading, find "incorrect registration code", and double-click to go to the code!
: 00404386 85F6 test esi, esi // compare the real and false registration codes
: 00404388 7419 je 004043A3 // equal to jump, not equal to skip
: 0040438A 6A00 push 00000000 * Possible StringData Ref from Code Obj-> "error"
|
: 0040438C 680C444000 push 004020.c * Possible StringData Ref from Code Obj-> "incorrect registration Code "//***
|
: 00404391 6814444000 push 00404414 let's look up, in
00404388 7419 je 004043A3
If there is a jump, you can (note this term) Jump to 004043A3. Let's go to 004043A3 and check it ~ * Referenced by a (U) nconditional or (C) onditional Jump at Address:
|: 00404388 (C)
|
: 004043A3 6A00 push 00000000 * Possible StringData Ref from Code Obj-> "congratulations"
|
: 004043A5 6824444000 push 00404424 * Possible StringData Ref from Code Obj-> "correct registration Code ~ Is it clear that, if we jump here, do we see that the prompt is correct? That's good ~ We changed je (74) of 00404388 to jmp (unconditional jump, that is, jump in whatever way, EB) [this can also be changed to (jne) 75] is the same result! Is to run the saved program, enter wynney, 444520
Haha ~ Prompt "correct registration code". Today's animation is now ~~ Let's take a good analysis and look for ideas ~!~ We learned to crack the sentence for the purpose of thinking, not to break a software .. If you aim for the latter, you will stop! ^ _ ^, Bye ~
You need to practice the operation slowly.