Home > Cloud Computing > Cloud Security

SWF explorer 1.4 cracking

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Comments: Beginner! Thank you! Copyright Disclaimer: This article is purely a technical exchange. repost the article to indicate the author and keep it complete. Thank you! [Break text title] SWF explorer 1.4 crack [Break text author] Yun Rui [author gender] Male [author Home Page] Your Home Page [author mailbox] melove95@163.com [Organization] Ninth Fleet [beginner cracking! Thank you!
Copyright Disclaimer: This article is purely a technical exchange. repost the article to indicate the author and keep it complete. Thank you!
[Break text title] SWF explorer 1.4 cracking
[Author] Yun Rui
[Author gender] Male
[Author's homepage] Your Home Page
[Author mailbox] melove95@163.com
[Organization] Ship 9
【Software name】 SWF explorer 1.4
【]
[Cracking tool] OLLYDBG1.10, C32ASM, unpecompact, peid0.92 Han
[Protection] PECPMPACT1.68-1.84
[Software limit] Time Limit
Medium difficulty
----------------------------------------------------
Software introduction:
Very good animation player. Someone used to crack 1.1 and 1.2,
----------------------------------------------------
Cracking reputation:
----------------------------------------------------
[Cracking Analysis]
First install SWF explorer 1.4, run the program, enter Registration Information in about, Username: king, registration email: winners365@163.com, registration code 999555 (of course wrong), and then click registration, THANKSREG is displayed! Then open the program with peid. It is a shell with pecompact1.68-1.84. I use the dedicated shelling tool unpecompact to shell and save it as unpacked. then, use C32ASM0.412 disassembly and click string search to view thanksreg. Then, double-click the thanksreg and return to the Code, for example, 004C79E8. ^ E9 DFC7F3FF JMP unpacked.004041CC
004C79ED. ^ EB F0 jmp short unpacked.004C79DF
004C79EF. 8D4D dc lea ecx, dword ptr ss: [EBP-24]
004C79F2. A1 10244D00 mov eax, dword ptr ds: [4D2410]
004C79F7. 8B00 mov eax, dword ptr ds: [EAX]
004C79F9. BA B47A4C00 mov edx, unpacked.004C7AB4; ASCII "ThanksReg"
004C79FE. E8 31 edffff call unpacked.004C6734
004C7A03. 8B45 dc mov eax, dword ptr ss: [EBP-24]
004C7A06. E8 3592F7FF CALL unpacked.0020.c40
004C7A0B. A1 0100004d00 mov eax, dword ptr ds: [4D2504]
004C7A10. 8B00 mov eax, dword ptr ds: [EAX]
004C7A12. E8 851 cfaff call unpacked.0046969C
004C7A17. 33C0 xor eax, EAX
004C7A19. 5A pop edx; kernel32.7C81774D
004C7A1A. 59 pop ecx; kernel32.7C81774D
Then I will break down here. Look up and find regcode. It is estimated that some processing will be performed here. 004C79C5 |. BA A47A4C00 mov edx, unpacked.004C7AA4; ASCII "RegCode"
004C79CA |. 8B45 fc mov eax, dword ptr ss: [EBP-4]
004C79CD |. E8 D6F6FBFF CALL unpacked.004870A8
004C79D2 |. 33C0 xor eax, EAX
004C79D4 |. 5A pop edx; kernel32.7C81774D
004C79D5 |. 59 pop ecx; kernel32.7C81774D
004C79D6 |. 59 pop ecx; kernel32.7C81774D
004C79D7 |. 64: 8910 mov dword ptr fs: [EAX], EDX; ntdll. KiFastSystemCallRet
004C79DA |. 68 EF794C00 PUSH unpacked.004C79EF
004C79DF |> 8B45 fc mov eax, dword ptr ss: [EBP-4]
004C79E2 |. E8 51C0F3FF CALL unpacked.00403A38
004C79E7 \. C3 RETN
004C79E8. ^ E9 DFC7F3FF JMP unpacked.004041CC
004C79ED. ^ EB F0 jmp short unpacked.004C79DF
004C79EF. 8D4D dc lea ecx, dword ptr ss: [EBP-24]
004C79F2. A1 10244D00 mov eax, dword ptr ds: [4D2410]
004C79F7. 8B00 mov eax, dword ptr ds: [EAX]
004C79F9. BA B47A4C00 mov edx, unpacked.004C7AB4; ASCII "ThanksReg"
004C79FE. E8 31 edffff call unpacked.004C6734
004C7A03. 8B45 dc mov eax, dword ptr ss: [EBP-24]
Enable OLLGDBG, disconnect 004C79C5, and then press F9 to run without breaking the required information. It is estimated that a registration code is generated during initialization and there is an address. Therefore, it will be disconnected again,
Later
00487058 |. E8 7BDCF7FF CALL unpacked.00404CD8
0048705D |. 50 push eax; | ValueName = NULL
0048705E |. 8B46 04 mov eax, dword ptr ds: [ESI 4]; |
00487061 |. 50 push eax; | hKey = 0
00487062 |. E8 31FEF7FF CALL; \ RegQueryValueExA (I personally think it is related to registration !)
00487067 |. 85C0 test eax, EAX
00487069 |. 0F94C3 SETE BL
0048706C |. 8B0424 mov eax, dword ptr ss: [ESP]; kernel32.7C81774D
0048706F |. E8 50 fcffff call unpacked.00486CC4
00487074 |. 8845 00 mov byte ptr ss: [EBP], AL
00487077 |. 8BC3 mov eax, EBX
00487079 |. 5A pop edx; kernel32.7C81774D
At the lower end, we encountered SEH and used the SHIRT F7 single-step tracking to stop at the 7C82DAD4 position. In the Stack window 12EC4C, we found an ASCII string "D092E68F", which is the registration code. Hey!

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
cracking coding interview 6th cracking coding interview used cracking coding interview mcdowell cracking coding interview pdf cracking coding interview ebook hackerrank cracking coding interview wifi password cracking tool
Related Article
How does personal cloud security guarantee data security?
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More