算法难度:⭐⭐⭐
爆破难度:⭐
信息收集
运行情况:
查壳与脱壳:
无壳,VB程序!
调试分析
借助VB Decompiler辅助分析:
这里界面上有两个函数,一个是按钮,另一个是输入Name的时候的事件:
首先看Text2_change函数:就是根据Name有无输入值来判断是否启用按钮
Private Sub Text2_Change() '4024F0
Dim var_1C As Variant
loc_0040259D: If (Form1.Text2.Text = global_00401DC4) + 1 Then // 如果输入的内容为空
loc_004025AA: Set var_1C = Form1.Command1 // 按钮
loc_004025B7: var_1C.Enabled = False // 不启用
loc_004025BF: If var_1C >= 0 Then GoTo loc_004025F7
loc_004025C1: GoTo loc_004025E5
loc_004025C3: End If
loc_004025CE: Set var_1C = Form1.Command1
loc_004025DB: var_1C.Enabled = True // 有输入的内容则启用按钮
loc_004025E3: If var_1C >= 0 Then GoTo loc_004025F7
loc_004025E5: ' Referenced from: 004025C1
loc_004025F1: var_1C = CheckObj(var_1C, global_00401DC8, 140)
loc_0040260C: GoTo loc_00402621
loc_00402620: Exit Sub
loc_00402621: ' Referenced from: 0040260C
End Sub
接下来看Click函数:
Private Sub Command1_Click() '401FF0
loc_004020CA: var_44 = Form1.Text2.Text // Name编辑框的内容
loc_00402126: For var_24 = 1 To Len(var_44) Step 1 // 遍历Name字符串
loc_00402134: If var_108 Then //
loc_00402170: var_8008 = Asc(CStr(Mid(var_44, CLng(var_24), 1))) // 取一个字节变成ASCII码
loc_00402176: var_B4 = var_8008
loc_004021A0: var_34 = var_34 + var_8008 // 累加到var_34
loc_004021CB: Next var_24
loc_004021D1: GoTo loc_00402132
loc_004021D6: End If
loc_00402204: var_34 = var_34 * 1234567890 // 累加结果乘以1234567890
loc_00402254: Mid(var_34, 9, 1) = "-" // 修改其中一个值
loc_004022CB: If (Form1.Text1.Text = var_34) Then // 如果输入的Key == var_34则成功
loc_004022D1: Beep
loc_00402374: var_54 = MsgBox(" RiCHTiG !!!! .... weiter mit dem Nächsten !!!", 48, "RiCHTiG !", 10, 10)
loc_00402391: Else
loc_0040240F: var_8018 = MsgBox("Leider Falsch! Nochmal veruschen ! Wenn Du es nicht schaffen solltest, schreib mir ! Andrenalin@gmx.net", 16, "LEiDER Falsch ! ", 10, 10)
loc_0040242E: var_54 = var_8018
loc_00402446: End If
loc_00402459: GoTo loc_0040248F
loc_0040248E: Exit Sub
loc_0040248F: ' Referenced from: 00402459
loc_004024C0: GoTo loc_00esi
End Sub
按照上述代码的思路去写注册机:
#define _CRT_SECURE_NO_WARNINGS
#include <iostream>
int main()
{
char name[100] = { 0 };
char serial[100] = { 0 };
int len = 0;
long long check = 0;
std::cin >> name;
len = strlen(name);
for (int i = 0; name[i]; i++) check += name[i];
check *= 1234567890;
sprintf(serial,"%lld",check);
serial[8] = '-';
std::cout << serial;
}
得出的结果不对,当输入为selph的时候,输出为:66666666-600,动态调试查看真正是输出:
到这里生成-
的时候,发现这里出现了两次,而反汇编软件只识别到了一个,故再加一个即可
然后这就是完整的注册码生成了
注册机
注册码生成算法:
#define _CRT_SECURE_NO_WARNINGS
#include <iostream>
int main()
{
char name[100] = { 0 };
char serial[100] = { 0 };
int len = 0;
long long check = 0;
std::cin >> name;
len = strlen(name);
for (int i = 0; name[i]; i++)
{
check += name[i];
}
check *= 1234567890;
sprintf(serial,"%lld",check);
serial[3] = '-';
serial[8] = '-';
std::cout << serial;
}
效果:换个Name测试