Home > Cloud Computing > Cloud Security

Simple cracking of a prime factor decomposition Tool

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

A small software found on the Internet claims to be able to break down the number of less than 29 BITs (I wonder if it is true, because in fact, when the number of bits of a prime number exceeds 16 bits, its speed is quite satisfactory) I originally wanted to use it to verify the self-written prime factor decomposition program. unexpectedly, the software had a registration mechanism, and it was always annoying. By the way, let him off =. It aims to discuss and protect the author's rights and interests (everyone: P! In fact, I am also embarrassed =), the software name will not be said.

Go to the topic. PEID, no shell, big love; written in VB, no wonder the speed...
Since there is no shell, it is directly thrown into the OD, the program provides the machine code, feed it a registration code, register! (It should not be successful. =) if it is successful, the registration fails. Messagebox is disconnected, and then again, the program ignores my breakpoint and continues to prompt failure. In the end, the program does not know VB. Find information. After some searching, the function is disconnected again in the rtcmsgbox function, which will be disconnected successfully and the code line is returned at the call:
004128FB. FF15 9C104000 call dword ptr [<& MSVBVM60. #595>]; MSVBVM60.rtcMsgBox
That is, the error message "failed to register" is displayed on the Internet.
......
0041283B. FF15 64104000 call dword ptr [<& MSVBVM60. _ vbaHresultChe>; MSVBVM60. _ vbaHresultCheckObj
00412841> 8B45 E0 mov eax, dword ptr [ebp-20]
00412844. 50 push eax; enter the registration code entered by the user
00412845. FF15 54124000 call dword ptr [<& MSVBVM60. #581>]; MSVBVM60.rtcR8ValFromBstr
0041284B. FF15 C4104000 call dword ptr [<& MSVBVM60. _ vbaFpR8>]; MSVBVM60. _ vbaFpR8
00412851. DB46 38 fild dword ptr [esi + 38]; st0 = correct registration code
00412854. DD9D 38 FFFFFF fstp qword ptr [ebp-C8]; correct registration code loaded into the ebp-c8, st0 = the registration code entered by the user
0041285A. DC9D 38 FFFFFF fcomp qword ptr [ebp-C8]; compare two "codes"
00412860. DFE0 fstsw ax
00412862. F6C4 40 test ah, 40
00412865. 75 07 jnz short decomposition reason. 0041286E; Skip successful
00412867. B8 01000000 mov eax, 1
0041286C. EB 02 jmp short decomposition reason. 00412870
0041286E> 33C0 xor eax, eax
00412870 F7D8 neg eax
00412872. 8D4D E0 lea ecx, dword ptr [ebp-20]
00412875. 66: 8985 4 CFFF> mov word ptr [ebp-B4], ax
0041287C. FF15 50124000 call dword ptr [<& MSVBVM60. _ vbaFreeStr>]; MSVBVM60. _ vbaFreeStr
00412882. 8B3D 4C124000 mov edi, dword ptr [<& MSVBVM60. _ vbaFreeO>; MSVBVM60. _ vbaFreeObj
00412888. 8D4D D8 lea ecx, dword ptr [ebp-28]
0041288B. FFD7 call edi; <& MSVBVM60. _ vbaFreeObj>
0041288D. 66: 83BD 4 CFFF> cmp word ptr [ebp-B4], 0
00412895. 0F84 0D010000 je decomposition reason. 004129A8;
0041289B. 8B3D EC114000 mov edi, dword ptr [<& MSVBVM60. _ vbaVarDu>; MSVBVM60. _ vbaVarDup
004128A1. B9 04000280 mov ecx, 80020004
004128A6. 894D A0 mov dword ptr [ebp-60], ecx
004128A9. B8 0A000000 mov eax, 0A
......
Here is the location where the registration code is compared. I have added comments in some places, but the calculation code of the correct registration code is not here. With this, it's easy to get rid of it. Blasting started! Change the jnz of 00412865 to jmp. After the change, feed a registration code and register again! Haha, the registration is complete, and the annoying prompt box disappears. In addition to changing the jump, there are other places that can also be cracked. For example, you can also change the population operation at location 00412870 to xor eax and register eax.

In fact, there is a more convenient way to open regmon. After running the program, you can clearly see the operation of the program in the Registry in regmon, including the table items for saving registration information:
10.26076508 #? Export 2.04.exe: 1512 QueryValue HKCUSoftware ...... value SUCCESS "False"
Change the key value to true, saving the OD.
A simple brute-force attack, sharing ideas, Daniel moxiao

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More