Cracking part 5 ppt

THÔNG TIN TÀI LIỆU

Nội dung

0048D95F |. 83CE FF OR ESI,FFFFFFFF ; <== CRC32Value 0048D962 |. 33DB XOR EBX,EBX ; <== i = 0x0 0048D964 |. EB 0D JMP SHORT DUMeter.0048D973 0048D966 |> 8A041F /MOV AL,BYTE PTR DS:[EDI+EBX] ; <== SecIV[i] 0048D969 |. 8BD6 |MOV EDX,ESI ; <== CRC32Value === CRC32 === 0048D93B |. 32C2 XOR AL,DL ; <== Temp = CRC32Value xor SecIV[i] 0048D93D |. 25 FF000000 AND EAX,0FF ; <== Temp = Temp and 0xFF 0048D942 |. 8B0C85 B0504F>MOV ECX,DWORD PTR DS:[EAX*4+4F50B0] ; <== Value = CRC32Table[Temp] 0048D949 |. C1EA 08 SHR EDX,8 ; <== CRC32Value = CRC32Value / 0x100 0048D94C |. 33CA XOR ECX,EDX ; <== Value = Value xor CRC32Value 0048D94E |. 8BC1 MOV EAX,ECX ; <== Value === CRC32 === 0048D970 |. 8BF0 |MOV ESI,EAX ; <== CRC32Value = Value 0048D972 |. 43 |INC EBX ; <== i++; 0048D973 |> 8BC7 MOV EAX,EDI ; <== SecIV 0048D975 |. E8 22FFFFFF |CALL DUMeter.0048D89C ; <== LenSecIV 0048D97A |. 3BD8 |CMP EBX,EAX ; <== while ( i < LenSecIV ) 0048D97C |.^ 72 E8 \JB SHORT DUMeter.0048D966 ; <== Continue Loop 0048D97E |. 8BC6 MOV EAX,ESI ; <== CRC32Value === CRC32 Encrypt === 0048DC34 |. 33C3 XOR EAX,EBX ; <== CRC32Value = CRC32Value xor ValueU - Quá trình kiểm tra thứ hai diễn ra như sau : 0048DC36 |. 3BC6 CMP EAX,ESI ; <== if ( CRC32Value == ValueIII ) 0048DC38 75 04 JNZ SHORT DUMeter.0048DC3E ; <== Congrat !!!! /*/*/*/ - SERIAL tương ứng : User : REA-cRaCkErTeAm Serial : D3-JD5-06FFE94D-6348F8BD Serial : N/A III – End of Tut : - Finished – September 13, 2004 - Thank to my family, Computer_Angel, Zombie_Deathman, Littleboy all REA‘s members, HacNho, RongChauA, Deux, Infinity, all my friend, and YOU. REVERSE ENGINEERING ASSOCIATION http://www.reaonline.net Reverse Engineering Association SoftWare Homepage : http://www.freshdevices.com Production : Freshdevices Corp. SoftWare : FreshDiagnose 6.70 Copyright by : Copyright © 2001-2004 Freshdevices Corp. All Rights Reserved. Type : Name / Serial Packed : ASPack 2.12 -> Alexey Solodovnikov Language : Borland Delphi 6.0 - 7.0 Crack Tool : OllyDbg 1.09d, PEiD 0.92, kWdsm 10 Unpack : Manual Request : Correct Serial FreshDiagnose 6.70 FRESH DIAGNOSE is an utility designed to analyze and benchmark your computer system. It can analyze and benchmark many kinds of hardware, such as CPU performance, hard disk performance, video system information, mainboard information, and many more! I – Information : - Dùng PEiD kiểm tra biết chương trình bị PACK bằng ASPack 2.12 -> Alexey Solodovnikov . UnPACK và kiểm tra lại biết chương trìnhđược viết bằng Borland Delphi 6.0 - 7.0 - Chạy thử chương trình với User và Fake Serial ta không nhận được thông báo gì . Tuy nhiên trong quá trình tìm kiếm chuỗi ta tìm được thông báo : 00561F2F > \B8 74215600 MOV EAX,unpack.00562174 ; ASCII "FreshDiagnose has been registered successfully." - Dò ngược lên trên và đặt BreakPoint tại lệnh CALL đầu tiên của FUNCTIONnày : 00561EB2 . E8 1176F0FF CALL unpack.004694C8 ; <== Set BreakPoint here II – Cracking : - Load chương trình lên, chạy chương trình với User và Fake Serial, chương trình dừng lại tại điểm đặt BP . Trace xuống chút : 00561EF2 . E8 A5FDFFFF CALL unpack.00561C9C ; <== Trace Into === Trace Into === - Chuỗi Serial đầu tiên là chuỗi Serial không hợp lệ . Chỉ có 1 chuỗi Serial duy nhất : 00561D34 |> /8D4D F0 /LEA ECX,[LOCAL.4] 00561D37 |. |0FBFD6 |MOVSX EDX,SI 00561D3A |. |8B45 FC |MOV EAX,[LOCAL.1] 00561D3D |. |8B80 34030000 |MOV EAX,DWORD PTR DS:[EAX+334] 00561D43 |. |8B80 20020000 |MOV EAX,DWORD PTR DS:[EAX+220] 00561D49 |. |8B38 |MOV EDI,DWORD PTR DS:[EAX] 00561D4B |. |FF57 0C |CALL DWORD PTR DS:[EDI+C] ; <== Licence of Old Version 00561D4E |. |8B55 F0 |MOV EDX,[LOCAL.4] ; <== RealSerial 00561D51 |. |A1 A4115800 |MOV EAX,DWORD PTR DS:[5811A4] ; <== Fake Serial 00561D56 |. |E8 5D34EAFF |CALL unpack.004051B8 ; <== Compare 00561D5B |. |75 0A |JNZ SHORT unpack.00561D67 00561D5D |. |C705 98115800>|MOV DWORD PTR DS:[581198],-1 00561D67 |> |46 |INC ESI 00561D68 |. |66:FFCB |DEC BX ; <== 1 Licence 00561D6B |.^\75 C7 \JNZ SHORT unpack.00561D34 - 500 chuỗi Serial của Personal License 00561D95 |> /8D4D EC /LEA ECX,[LOCAL.5] 00561D98 |. |0FBFD6 |MOVSX EDX,SI 00561D9B |. |8B45 FC |MOV EAX,[LOCAL.1] 00561D9E |. |8B80 2C030000 |MOV EAX,DWORD PTR DS:[EAX+32C] 00561DA4 |. |8B80 20020000 |MOV EAX,DWORD PTR DS:[EAX+220] 00561DAA |. |8B38 |MOV EDI,DWORD PTR DS:[EAX] 00561DAC |. |FF57 0C |CALL DWORD PTR DS:[EDI+C] ; <== Personal License 00561DAF |. |8B55 EC |MOV EDX,[LOCAL.5] ; <== RealSerial 00561DB2 |. |A1 A4115800 |MOV EAX,DWORD PTR DS:[5811A4] ; <== Fake Serial 00561DB7 |. |E8 FC33EAFF |CALL unpack.004051B8 ; <== Compare 00561DBC |. |75 0A |JNZ SHORT unpack.00561DC8 00561DBE |. |C705 90115800>|MOV DWORD PTR DS:[581190],-1 00561DC8 |> |46 |INC ESI 00561DC9 |. |66:FFCB |DEC BX ; <== 500 Licences 00561DCC |.^\75 C7 \JNZ SHORT unpack.00561D95 - 500 chuỗi Serial của Business License 00561DF6 |> /8D4D E8 /LEA ECX,[LOCAL.6] 00561DF9 |. |0FBFD6 |MOVSX EDX,SI 00561DFC |. |8B45 FC |MOV EAX,[LOCAL.1] 00561DFF |. |8B80 30030000 |MOV EAX,DWORD PTR DS:[EAX+330] 00561E05 |. |8B80 20020000 |MOV EAX,DWORD PTR DS:[EAX+220] 00561E0B |. |8B38 |MOV EDI,DWORD PTR DS:[EAX] 00561E0D |. |FF57 0C |CALL DWORD PTR DS:[EDI+C] ; <== Business License 00561E10 |. |8B55 E8 |MOV EDX,[LOCAL.6] ; <== RealSerial 00561E13 |. |A1 A4115800 |MOV EAX,DWORD PTR DS:[5811A4] ; <== Fake Serial 00561E18 |. |E8 9B33EAFF |CALL unpack.004051B8 ; <== Compare 00561E1D |. |75 0A |JNZ SHORT unpack.00561E29 00561E1F |. |C705 94115800>|MOV DWORD PTR DS:[581194],-1 00561E29 |> |46 |INC ESI 00561E2A |. |66:FFCB |DEC BX ; <== 500 Licences 00561E2D |.^\75 C7 \JNZ SHORT unpack.00561DF6 === Trace Into === - Các chuỗi Serial này là mặc định . /*/*/*/ - SERIAL tương ứng : User : REA-cRaCkErTeAm Serial : N/A Serial : Personal License : 8X6J5-XC69-BZ63-5NAN Business License : rr2b2b-6t4dk7u6- 3v3r44 III – End of Tut : - Finished – September 15, 2004 - Thank to my family, Computer_Angel, Zombie_Deathman, Littleboy all REA‘s members, HacNho, RongChauA, Deux, Infinity, all my friend, and YOU. REVERSE ENGINEERING ASSOCIATION http://www.reaonline.net TRANG CRACK-HACK NƯỚC NGOÀI http://www.stoned-crackers.com/ http://www.b4p4k.tk http://www.hackernetwork.de http://www.thenewbiesarea.com http://www.ultraseek.net GROUP & TUTORIAL SITES http://zor.org/zornews Zor's Crack News whats going on in scene? http://navig8.to/mp2k MP2k Group http://navig8.to/mp2kforum MP2k Board [Request Board] http://zor.org/tsrhclub TSRh Board [Request Board] http://board.anticrack.de English Board with nice members http://www.exetools.com/forum Board related to reversing tools http://board.win32asmcommunity.net ASM Coding related Board http://www.tnp.redi.tk German Reversing Board http://tsrh.crackz.ws Top Reversing Group http://www.sndteam.da.ru Top Reversing Group http://cracking.accessroot.com New group http://zor.org/krobar a lot of Cracking Tuturials http://cip.myz.info Good tuturials in German http://biw-reversing.cjb.net a lot of good tuturials http://www.reteam.org Reversing Team. Nice tools and tuts  . RealSerial 0 056 1D51 |. |A1 A41 158 00 |MOV EAX,DWORD PTR DS: [58 11A4] ; <== Fake Serial 0 056 1D56 |. |E8 5D34EAFF |CALL unpack.004 051 B8 ; <== Compare 0 056 1D5B |. | 75 0A |JNZ SHORT unpack.0 056 1D67. 0 056 1D5D |. |C7 05 981 158 00>|MOV DWORD PTR DS: [58 1198],-1 0 056 1D67 |> |46 |INC ESI 0 056 1D68 |. |66:FFCB |DEC BX ; <== 1 Licence 0 056 1D6B |.^ 75 C7 JNZ SHORT unpack.0 056 1D34 - 50 0. |C7 05 901 158 00>|MOV DWORD PTR DS: [58 1190],-1 0 056 1DC8 |> |46 |INC ESI 0 056 1DC9 |. |66:FFCB |DEC BX ; <== 50 0 Licences 0 056 1DCC |.^ 75 C7 JNZ SHORT unpack.0 056 1D 95 - 50 0 chuỗi

Ngày đăng: 01/07/2014, 13:20

Xem thêm

Cracking part 5 ppt