吾爱破解160个crackme之008 009 0010 0011

xiaoxiao2021-02-28 80

这四个题都是一个人出的，怎么说，还是比较简单的，我们一个一个的来观察。这四个题目都是vb编写，而且没有加壳。 008：比较简单，打开一看，就是单纯的serial：拖进od，查找字符串，关键点就出来了：查看代码：

00401D73 . 51 push ecx ; Andréna.<ModuleEntryPoint> 00401D74 . 68 541A4000 push Andréna.00401A54 ; UNICODE "SynTaX 2oo1" 00401D79 . FF15 08314000 call dword ptr ds:[<&MSVBVM50.__vbaStrCm>; Msvbvm50.__vbaStrCmp

是不是很简单。 009：这个其实差不多，是name+serial，同理拖进od查看关键代码点：关键点如下：

0040229E . 50 push eax ; /var18 = 7FF97917 0040229F . 51 push ecx ; |var28 = Andréna.<ModuleEntryPoint> 004022A0 . C745 A8 00000>mov dword ptr ss:[ebp-0x58],0x0 ; | 004022A7 . C745 94 08800>mov dword ptr ss:[ebp-0x6C],0x8008 ; | 004022AE . FF15 48414000 call dword ptr ds:[<&MSVBVM50.__vbaVarTstEq>] ; \__vbaVarTstEq

利用vbaVarTstEq函数进行操作输入name，关键的操作函数比较清楚，可以看到:

004020A8 . FF15 14414000 call dword ptr ds:[<&MSVBVM50.__vbaHresultCheckObj>] ; Msvbvm50.__vbaHresultCheckObj 004020AE > 8B45 A8 mov eax,dword ptr ss:[ebp-0x58] 004020B1 . 8975 A8 mov dword ptr ss:[ebp-0x58],esi ; Andréna.<ModuleEntryPoint> 004020B4 . 8B35 FC404000 mov esi,dword ptr ds:[<&MSVBVM50.__vbaVarMove>] ; Msvbvm50.__vbaVarMove 004020BA . 8D55 94 lea edx,dword ptr ss:[ebp-0x6C] 004020BD . 8D4D BC lea ecx,dword ptr ss:[ebp-0x44] 004020C0 . 8945 9C mov dword ptr ss:[ebp-0x64],eax 004020C3 . C745 94 08000>mov dword ptr ss:[ebp-0x6C],0x8 004020CA . FFD6 call esi ; Andréna.<ModuleEntryPoint>; <&MSVBVM50.__vbaVarMove> 004020CC . 8D4D A4 lea ecx,dword ptr ss:[ebp-0x5C] 004020CF . FF15 B4414000 call dword ptr ds:[<&MSVBVM50.__vbaFreeObj>] ; Msvbvm50.__vbaFreeObj 004020D5 . B8 01000000 mov eax,0x1 004020DA . 8D8D 54FFFFFF lea ecx,dword ptr ss:[ebp-0xAC] 004020E0 . 8985 5CFFFFFF mov dword ptr ss:[ebp-0xA4],eax 004020E6 . 8985 4CFFFFFF mov dword ptr ss:[ebp-0xB4],eax 004020EC . 8D55 BC lea edx,dword ptr ss:[ebp-0x44] 004020EF . 51 push ecx ; /Step8 = Andréna.<ModuleEntryPoint> 004020F0 . 8D45 94 lea eax,dword ptr ss:[ebp-0x6C] ; | 004020F3 . BB 02000000 mov ebx,0x2 ; | 004020F8 . 52 push edx ; |/var18 = Andréna.<ModuleEntryPoint> 004020F9 . 50 push eax ; ||retBuffer8 = 7FF97917 004020FA . 899D 54FFFFFF mov dword ptr ss:[ebp-0xAC],ebx ; || 00402100 . 899D 44FFFFFF mov dword ptr ss:[ebp-0xBC],ebx ; || 00402106 . FF15 18414000 call dword ptr ds:[<&MSVBVM50.__vbaLenVar>] ; |\__vbaLenVar 0040210C . 8D8D 44FFFFFF lea ecx,dword ptr ss:[ebp-0xBC] ; | 00402112 . 50 push eax ; |End8 = 7FF97917 00402113 . 8D95 E8FEFFFF lea edx,dword ptr ss:[ebp-0x118] ; | 00402119 . 51 push ecx ; |Start8 = Andréna.<ModuleEntryPoint> 0040211A . 8D85 F8FEFFFF lea eax,dword ptr ss:[ebp-0x108] ; | 00402120 . 52 push edx ; |TMPend8 = Andréna.<ModuleEntryPoint> 00402121 . 8D4D DC lea ecx,dword ptr ss:[ebp-0x24] ; | 00402124 . 50 push eax ; |TMPstep8 = 7FF97917 00402125 . 51 push ecx ; |Counter8 = Andréna.<ModuleEntryPoint> 00402126 . FF15 20414000 call dword ptr ds:[<&MSVBVM50.__vbaVarForInit>] ; \__vbaVarForInit 0040212C . 8B3D 04414000 mov edi,dword ptr ds:[<&MSVBVM50.__vbaFreeVarList>] ; Msvbvm50.__vbaFreeVarList 00402132 > 85C0 test eax,eax 00402134 . 0F84 9C000000 je Andréna.004021D6 0040213A . 8D55 94 lea edx,dword ptr ss:[ebp-0x6C] 0040213D . 8D45 DC lea eax,dword ptr ss:[ebp-0x24] 00402140 . 52 push edx ; Andréna.<ModuleEntryPoint> 00402141 . 50 push eax 00402142 . C745 9C 01000>mov dword ptr ss:[ebp-0x64],0x1 00402149 . 895D 94 mov dword ptr ss:[ebp-0x6C],ebx 0040214C . FF15 90414000 call dword ptr ds:[<&MSVBVM50.__vbaI4Var>] ; Msvbvm50.__vbaI4Var 00402152 . 8D4D BC lea ecx,dword ptr ss:[ebp-0x44] ; | 00402155 . 50 push eax ; |Start = 0x7FF97917 00402156 . 8D55 84 lea edx,dword ptr ss:[ebp-0x7C] ; | 00402159 . 51 push ecx ; |dString8 = Andréna.<ModuleEntryPoint> 0040215A . 52 push edx ; |RetBUFFER = Andréna.<ModuleEntryPoint> 0040215B . FF15 38414000 call dword ptr ds:[<&MSVBVM50.#rtcMidCharVar_632>] ; \rtcMidCharVar 00402161 . 8D45 84 lea eax,dword ptr ss:[ebp-0x7C] 00402164 . 8D4D A8 lea ecx,dword ptr ss:[ebp-0x58] 00402167 . 50 push eax ; /String8 = 7FF97917 00402168 . 51 push ecx ; |ARG2 = Andréna.<ModuleEntryPoint> 00402169 . FF15 70414000 call dword ptr ds:[<&MSVBVM50.__vbaStrVarVal>] ; \__vbaStrVarVal 0040216F . 50 push eax ; /String = 7FF97917 ??? 00402170 . FF15 0C414000 call dword ptr ds:[<&MSVBVM50.#rtcAnsiValueBstr_516>] ; \rtcAnsiValueBstr 00402176 . 66:8985 4CFFF>mov word ptr ss:[ebp-0xB4],ax 0040217D . 8D55 CC lea edx,dword ptr ss:[ebp-0x34] 00402180 . 8D85 44FFFFFF lea eax,dword ptr ss:[ebp-0xBC] 00402186 . 52 push edx ; /var18 = Andréna.<ModuleEntryPoint> 00402187 . 8D8D 74FFFFFF lea ecx,dword ptr ss:[ebp-0x8C] ; | 0040218D . 50 push eax ; |var28 = 7FF97917 0040218E . 51 push ecx ; |saveto8 = Andréna.<ModuleEntryPoint> 0040218F . 899D 44FFFFFF mov dword ptr ss:[ebp-0xBC],ebx ; | 00402195 . FF15 94414000 call dword ptr ds:[<&MSVBVM50.__vbaVarAdd>] ; \__vbaVarAdd 0040219B . 8BD0 mov edx,eax 0040219D . 8D4D CC lea ecx,dword ptr ss:[ebp-0x34] 004021A0 . FFD6 call esi ; Andréna.<ModuleEntryPoint> 004021A2 . 8D4D A8 lea ecx,dword ptr ss:[ebp-0x58] 004021A5 . FF15 B8414000 call dword ptr ds:[<&MSVBVM50.__vbaFreeStr>] ; Msvbvm50.__vbaFreeStr 004021AB . 8D55 84 lea edx,dword ptr ss:[ebp-0x7C] 004021AE . 8D45 94 lea eax,dword ptr ss:[ebp-0x6C] 004021B1 . 52 push edx ; Andréna.<ModuleEntryPoint> 004021B2 . 50 push eax 004021B3 . 53 push ebx 004021B4 . FFD7 call edi ; Andréna.<ModuleEntryPoint> 004021B6 . 83C4 0C add esp,0xC 004021B9 . 8D8D E8FEFFFF lea ecx,dword ptr ss:[ebp-0x118] 004021BF . 8D95 F8FEFFFF lea edx,dword ptr ss:[ebp-0x108] 004021C5 . 8D45 DC lea eax,dword ptr ss:[ebp-0x24] 004021C8 . 51 push ecx ; /TMPend8 = Andréna.<ModuleEntryPoint> 004021C9 . 52 push edx ; |TMPstep8 = Andréna.<ModuleEntryPoint> 004021CA . 50 push eax ; |Counter8 = 7FF97917 004021CB . FF15 AC414000 call dword ptr ds:[<&MSVBVM50.__vbaVarForNext>] ; \__vbaVarForNext 004021D1 .^ E9 5CFFFFFF jmp Andréna.00402132 004021D6 > 8D4D CC lea ecx,dword ptr ss:[ebp-0x34] 004021D9 . 8D95 54FFFFFF lea edx,dword ptr ss:[ebp-0xAC] 004021DF . 51 push ecx ; /var18 = Andréna.<ModuleEntryPoint> 004021E0 . 8D45 94 lea eax,dword ptr ss:[ebp-0x6C] ; | 004021E3 . 52 push edx ; |var28 = Andréna.<ModuleEntryPoint> 004021E4 . 50 push eax ; |SaveTo8 = 7FF97917 004021E5 . C785 5CFFFFFF>mov dword ptr ss:[ebp-0xA4],0x499602D2 ; | 004021EF . C785 54FFFFFF>mov dword ptr ss:[ebp-0xAC],0x3 ; | 004021F9 . FF15 5C414000 call dword ptr ds:[<&MSVBVM50.__vbaVarMul>] ; \__vbaVarMul 004021FF . 8BD0 mov edx,eax 00402201 . 8D4D CC lea ecx,dword ptr ss:[ebp-0x34] 00402204 . FFD6 call esi ; Andréna.<ModuleEntryPoint> 00402206 . 8B1D A0414000 mov ebx,dword ptr ds:[<&MSVBVM50.__vbaMidStmtVar>] ; Msvbvm50.__vbaMidStmtVar 0040220C . 8D4D CC lea ecx,dword ptr ss:[ebp-0x34] 0040220F . 51 push ecx ; Andréna.<ModuleEntryPoint> 00402210 . 6A 04 push 0x4 00402212 . 8D95 54FFFFFF lea edx,dword ptr ss:[ebp-0xAC] 00402218 . 6A 01 push 0x1 0040221A . 52 push edx ; Andréna.<ModuleEntryPoint> 0040221B . C785 5CFFFFFF>mov dword ptr ss:[ebp-0xA4],Andréna.00401C34 ; UNICODE "-" 00402225 . C785 54FFFFFF>mov dword ptr ss:[ebp-0xAC],0x8 0040222F . FFD3 call ebx ; <&MSVBVM50.__vbaMidStmtVar> 00402231 . 8D45 CC lea eax,dword ptr ss:[ebp-0x34] 00402234 . 8D8D 54FFFFFF lea ecx,dword ptr ss:[ebp-0xAC] 0040223A . 50 push eax 0040223B . 6A 09 push 0x9 0040223D . 6A 01 push 0x1 0040223F . 51 push ecx ; Andréna.<ModuleEntryPoint> 00402240 . C785 5CFFFFFF>mov dword ptr ss:[ebp-0xA4],Andréna.00401C34 ; UNICODE "-" 0040224A . C785 54FFFFFF>mov dword ptr ss:[ebp-0xAC],0x8

慢慢分析，流程如下：

name = "foyjogme" value = 0 for i in name: value += ord(i) result = value * 0x499602d2 print result

然后用-符号替换掉第四个和第九个数字即可 010：这个同理还是比较简单的：查看关键的代码如下：

00401F68 > /85C0 test eax,eax 00401F6A . |0F84 BB000000 je Andréna.0040202B 00401F70 . |8D55 94 lea edx,dword ptr ss:[ebp-0x6C] 00401F73 . |8D45 DC lea eax,dword ptr ss:[ebp-0x24] 00401F76 . |52 push edx ; Andréna.<ModuleEntryPoint> 00401F77 . |50 push eax 00401F78 . |C745 9C 01000>mov dword ptr ss:[ebp-0x64],0x1 00401F7F . |C745 94 02000>mov dword ptr ss:[ebp-0x6C],0x2 00401F86 . |FF15 90414000 call dword ptr ds:[<&MSVBVM50.__vbaI4Var>] ; Msvbvm50.__vbaI4Var 00401F8C . |8D4D BC lea ecx,dword ptr ss:[ebp-0x44] ; | 00401F8F . |50 push eax ; |Start = 0x9DFA41E4 00401F90 . |8D55 84 lea edx,dword ptr ss:[ebp-0x7C] ; | 00401F93 . |51 push ecx ; |dString8 = Andréna.<ModuleEntryPoint> 00401F94 . |52 push edx ; |RetBUFFER = Andréna.<ModuleEntryPoint> 00401F95 . |FF15 34414000 call dword ptr ds:[<&MSVBVM50.#rtcMidCharVar_632>] ; \rtcMidCharVar 00401F9B . |8D45 84 lea eax,dword ptr ss:[ebp-0x7C] 00401F9E . |8D4D A8 lea ecx,dword ptr ss:[ebp-0x58] 00401FA1 . |50 push eax ; /String8 = 9DFA41E4 00401FA2 . |51 push ecx ; |ARG2 = Andréna.<ModuleEntryPoint> 00401FA3 . |FF15 64414000 call dword ptr ds:[<&MSVBVM50.__vbaStrVarVal>] ; \__vbaStrVarVal 00401FA9 . |50 push eax ; /String = 9DFA41E4 ??? 00401FAA . |FF15 08414000 call dword ptr ds:[<&MSVBVM50.#rtcAnsiValueBstr_516>] ; \rtcAnsiValueBstr 00401FB0 . |66:05 0A00 add ax,0xA 00401FB4 . |0F80 B0020000 jo Andréna.0040226A 00401FBA . |0FBFD0 movsx edx,ax 00401FBD . |52 push edx ; Andréna.<ModuleEntryPoint> 00401FBE . |FF15 70414000 call dword ptr ds:[<&MSVBVM50.#rtcBstrFromAnsi_537>] ; Msvbvm50.rtcBstrFromAnsi 00401FC4 . |8985 7CFFFFFF mov dword ptr ss:[ebp-0x84],eax 00401FCA . |8D45 CC lea eax,dword ptr ss:[ebp-0x34] 00401FCD . |8D8D 74FFFFFF lea ecx,dword ptr ss:[ebp-0x8C] 00401FD3 . |50 push eax 00401FD4 . |8D95 64FFFFFF lea edx,dword ptr ss:[ebp-0x9C] 00401FDA . |51 push ecx ; Andréna.<ModuleEntryPoint> 00401FDB . |52 push edx ; Andréna.<ModuleEntryPoint> 00401FDC . |C785 74FFFFFF>mov dword ptr ss:[ebp-0x8C],0x8 00401FE6 . |FFD3 call ebx 00401FE8 . |8BD0 mov edx,eax 00401FEA . |8D4D CC lea ecx,dword ptr ss:[ebp-0x34] 00401FED . |FFD6 call esi ; Andréna.<ModuleEntryPoint> 00401FEF . |8D4D A8 lea ecx,dword ptr ss:[ebp-0x58] 00401FF2 . |FF15 B0414000 call dword ptr ds:[<&MSVBVM50.__vbaFreeStr>] ; Msvbvm50.__vbaFreeStr 00401FF8 . |8D85 74FFFFFF lea eax,dword ptr ss:[ebp-0x8C] 00401FFE . |8D4D 84 lea ecx,dword ptr ss:[ebp-0x7C] 00402001 . |50 push eax 00402002 . |8D55 94 lea edx,dword ptr ss:[ebp-0x6C] 00402005 . |51 push ecx ; Andréna.<ModuleEntryPoint> 00402006 . |52 push edx ; Andréna.<ModuleEntryPoint> 00402007 . |6A 03 push 0x3 00402009 . |FFD7 call edi ; Andréna.<ModuleEntryPoint> 0040200B . |83C4 10 add esp,0x10 0040200E . |8D85 ECFEFFFF lea eax,dword ptr ss:[ebp-0x114] 00402014 . |8D8D FCFEFFFF lea ecx,dword ptr ss:[ebp-0x104] 0040201A . |8D55 DC lea edx,dword ptr ss:[ebp-0x24] 0040201D . |50 push eax ; /TMPend8 = 9DFA41E4 0040201E . |51 push ecx ; |TMPstep8 = Andréna.<ModuleEntryPoint> 0040201F . |52 push edx ; |Counter8 = Andréna.<ModuleEntryPoint> 00402020 . |FF15 A4414000 call dword ptr ds:[<&MSVBVM50.__vbaVarForNext>] ; \__vbaVarForNext 00402026 .^\E9 3DFFFFFF jmp Andréna.00401F68 0040202B > 8D45 CC lea eax,dword ptr ss:[ebp-0x34] 0040202E . 8D8D 54FFFFFF lea ecx,dword ptr ss:[ebp-0xAC] 00402034 . 50 push eax ; /var18 = 9DFA41E4 00402035 . 51 push ecx ; |var28 = Andréna.<ModuleEntryPoint> 00402036 . C785 5CFFFFFF>mov dword ptr ss:[ebp-0xA4],Andréna.00401A8C ; |UNICODE "kXy^rO|*yXo*m\kMuOn*+" 00402040 . C785 54FFFFFF>mov dword ptr ss:[ebp-0xAC],0x8008 ; | 0040204A . FF15 40414000 call dword ptr ds:[<&MSVBVM50.__vbaVarTstEq>] ; \__vbaVarTstEq

可以看到和字符串kXy^rO|yXo*m\kMuOn+进行比较，分析流程和加密方式如下：

name = "kXy^rO|*yXo*m\kMuOn*+" for i in name: print chr(ord(i) - 0xA),

得出结果aNoThEr oNe cRaCkEd ! 011：这个就比较费工夫，花点时间找了。因为作者给出了比较麻烦的啥，混淆，对。打开vb Decompiler，发现有四个time函数，具体的加密方式还是比较简单的，有1-8-1总共很多次循环，只要一个循环能对应上，就能注册通过，那么这就是多试的问题，每次都可以拿到1-9-8-0-#的值，然后去一一查找，找到那个唯一的能通过的就可以了。比如我输入1234567890* ，每次循环的状态如下（可以不用分析每个状态的转换函数，因为比较耗时间，直接对应即可）

1 006D919C 30 00 33 00 32 00 33 00 33 00 33 00 34 00 33 00 0.3.2.3.3.3.4.3. 006D91AC 35 00 33 00 36 00 33 00 37 00 33 00 38 00 33 00 5.3.6.3.7.3.8.3. 006D91BC 39 00 33 00 41 00 32 00 42 00 33 00 31 00 32 00 9.3.A.2.B.3.1.2. 006D91CC 34 00 00 4.. 2 +12 006D919C 30 00 33 00 44 00 33 00 45 00 33 00 46 00 34 00 0.3.D.3.E.3.F.4. 006D91AC 30 00 34 00 31 00 34 00 32 00 34 00 33 00 34 00 0.4.1.4.2.4.3.4. 006D91BC 34 00 34 00 35 00 33 00 36 00 33 00 43 00 32 00 4.4.5.3.6.3.C.2. 006D91CC 46 00 00 F.. 3 +6f 006D919C 30 00 41 00 43 00 41 00 44 00 41 00 45 00 41 00 0.A.C.A.D.A.E.A. 006D91AC 46 00 42 00 30 00 42 00 31 00 42 00 32 00 42 00 F.B.0.B.1.B.2.B. 006D91BC 33 00 42 00 34 00 41 00 35 00 41 00 42 00 39 00 3.B.4.A.5.A.B.9. 006D91CC 45 00 00 E.. 4 006D95DC 30 00 35 00 30 00 33 00 35 00 30 00 34 00 35 00 0.5.0.3.5.0.4.5. 006D95EC 30 00 35 00 35 00 30 00 36 00 35 00 30 00 37 00 0.5.5.0.6.5.0.7. 006D95FC 35 00 30 00 38 00 35 00 30 00 39 00 35 00 30 00 5.0.8.5.0.9.5.0. 006D960C 41 00 35 00 30 00 42 00 34 00 46 00 43 00 35 00 A.5.0.B.4.F.C.5. 006D961C 30 00 32 00 34 00 46 00 35 00 00 0.2.4.F.5.. 5 006D935C 30 00 33 00 30 00 36 00 41 00 33 00 30 00 36 00 0.3.0.6.A.3.0.6. 006D936C 42 00 33 00 30 00 36 00 43 00 33 00 30 00 36 00 B.3.0.6.C.3.0.6. 006D937C 44 00 33 00 30 00 36 00 45 00 33 00 30 00 36 00 D.3.0.6.E.3.0.6. 006D938C 46 00 33 00 30 00 37 00 30 00 33 00 30 00 37 00 F.3.0.7.0.3.0.7. 006D939C 31 00 33 00 30 00 37 00 32 00 33 00 30 00 36 00 1.3.0.7.2.3.0.6. 006D93AC 33 00 33 00 30 00 36 00 39 00 33 00 30 00 35 00 3.3.0.6.9.3.0.5. 006D93BC 43 00 00 C... 6 006D95DC 30 00 31 00 45 00 32 00 37 00 31 00 31 00 45 00 0.1.E.2.7.1.1.E. 006D95EC 32 00 37 00 32 00 31 00 45 00 32 00 37 00 33 00 2.7.2.1.E.2.7.3. 006D95FC 31 00 45 00 32 00 37 00 34 00 31 00 45 00 32 00 1.E.2.7.4.1.E.2. 006D960C 37 00 35 00 31 00 45 00 32 00 37 00 36 00 31 00 7.5.1.E.2.7.6.1. 006D961C 45 00 32 00 37 00 37 00 31 00 45 00 32 00 37 00 E.2.7.7.1.E.2.7. 006D962C 38 00 31 00 45 00 32 00 37 00 39 00 31 00 45 00 8.1.E.2.7.9.1.E. 006D963C 32 00 36 00 41 00 31 00 45 00 32 00 37 00 30 00 2.6.A.1.E.2.7.0. 006D964C 31 00 45 00 32 00 36 00 33 00 00 1.E.2.6.3.. 7 006D95DC 30 00 31 00 32 00 44 00 36 00 42 00 38 00 31 00 0.1.2.D.6.B.8.1. 006D95EC 32 00 44 00 36 00 42 00 39 00 31 00 32 00 44 00 2.D.6.B.9.1.2.D. 006D95FC 36 00 42 00 41 00 31 00 32 00 44 00 36 00 42 00 6.B.A.1.2.D.6.B. 006D960C 42 00 31 00 32 00 44 00 36 00 42 00 43 00 31 00 B.1.2.D.6.B.C.1. 006D961C 32 00 44 00 36 00 42 00 44 00 31 00 32 00 44 00 2.D.6.B.D.1.2.D. 006D962C 36 00 42 00 45 00 31 00 32 00 44 00 36 00 42 00 6.B.E.1.2.D.6.B. 006D963C 46 00 31 00 32 00 44 00 36 00 43 00 30 00 31 00 F.1.2.D.6.C.0.1. 006D964C 32 00 44 00 36 00 42 00 31 00 31 00 32 00 44 00 2.D.6.B.1.1.2.D. 006D965C 36 00 42 00 37 00 31 00 32 00 44 00 36 00 41 00 6.B.7.1.2.D.6.A. 006D966C 41 00 00 A.. 8 006D91F4 30 00 42 00 43 00 36 00 31 00 37 00 46 00 42 00 0.B.C.6.1.7.F.B. 006D9204 43 00 36 00 31 00 38 00 30 00 42 00 43 00 36 00 C.6.1.8.0.B.C.6. 006D9214 31 00 38 00 31 00 42 00 43 00 36 00 31 00 38 00 1.8.1.B.C.6.1.8. 006D9224 32 00 42 00 43 00 36 00 31 00 38 00 33 00 42 00 2.B.C.6.1.8.3.B. 006D9234 43 00 36 00 31 00 38 00 34 00 42 00 43 00 36 00 C.6.1.8.4.B.C.6. 006D9244 31 00 38 00 35 00 42 00 43 00 36 00 31 00 38 00 1.8.5.B.C.6.1.8. 006D9254 36 00 42 00 43 00 36 00 31 00 38 00 37 00 42 00 6.B.C.6.1.8.7.B. 006D9264 43 00 36 00 31 00 37 00 38 00 42 00 43 00 36 00 C.6.1.7.8.B.C.6. 006D9274 31 00 37 00 45 00 42 00 43 00 36 00 31 00 37 00 1.7.E.B.C.6.1.7. 006D9284 31 00 00 1.. 9 006D95DC 30 00 31 00 32 00 44 00 36 00 42 00 38 00 31 00 0.1.2.D.6.B.8.1. 006D95EC 32 00 44 00 36 00 42 00 39 00 31 00 32 00 44 00 2.D.6.B.9.1.2.D. 006D95FC 36 00 42 00 41 00 31 00 32 00 44 00 36 00 42 00 6.B.A.1.2.D.6.B. 006D960C 42 00 31 00 32 00 44 00 36 00 42 00 43 00 31 00 B.1.2.D.6.B.C.1. 006D961C 32 00 44 00 36 00 42 00 44 00 31 00 32 00 44 00 2.D.6.B.D.1.2.D. 006D962C 36 00 42 00 45 00 31 00 32 00 44 00 36 00 42 00 6.B.E.1.2.D.6.B. 006D963C 46 00 31 00 32 00 44 00 36 00 43 00 30 00 31 00 F.1.2.D.6.C.0.1. 006D964C 32 00 44 00 36 00 42 00 31 00 31 00 32 00 44 00 2.D.6.B.1.1.2.D. 006D965C 36 00 42 00 37 00 31 00 32 00 44 00 36 00 41 00 6.B.7.1.2.D.6.A. 006D966C 41 00 00 A.. 10 006D935C 30 00 31 00 45 00 32 00 37 00 31 00 31 00 45 00 0.1.E.2.7.1.1.E. 006D936C 32 00 37 00 32 00 31 00 45 00 32 00 37 00 33 00 2.7.2.1.E.2.7.3. 006D937C 31 00 45 00 32 00 37 00 34 00 31 00 45 00 32 00 1.E.2.7.4.1.E.2. 006D938C 37 00 35 00 31 00 45 00 32 00 37 00 36 00 31 00 7.5.1.E.2.7.6.1. 006D939C 45 00 32 00 37 00 37 00 31 00 45 00 32 00 37 00 E.2.7.7.1.E.2.7. 006D93AC 38 00 31 00 45 00 32 00 37 00 39 00 31 00 45 00 8.1.E.2.7.9.1.E. 006D93BC 32 00 36 00 41 00 31 00 45 00 32 00 37 00 30 00 2.6.A.1.E.2.7.0. 006D93CC 31 00 45 00 32 00 36 00 33 00 00 1.E.2.6.3..

总共4*8=32次比较，慢慢查找即可：

"0817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00404AA3 push Andréna.00401EBC UNICODE "REGISTRIERT" 00404C88 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74747A7F7E7G7C7D826D817E7B7" 00404CC0 push Andréna.00401EBC UNICODE "REGISTRIERT" 00404EA5 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "Q817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KEZB7" 00404EDD push Andréna.00401EBC UNICODE "REGISTRIERT" 004050C2 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFP7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 004050FA push Andréna.00401EBC UNICODE "REGISTRIERT" 004052DF mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747G7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00405317 push Andréna.00401EBC UNICODE "REGISTRIERT" 00405534 push Andréna.00401EBC UNICODE "REGISTRIERT" 00405719 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E7WOD7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00405751 push Andréna.00401EBC UNICODE "REGISTRIERT" 00405936 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "http://beam.to/cugABCDEFGHIJKLMNOPQRSTUVWXYZ123456" 0040596E push Andréna.00401EBC UNICODE "REGISTRIERT" 00405B53 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D8KKE7B7" 00405B8B push Andréna.00401EBC UNICODE "REGISTRIERT" 00405D70 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747$7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00405DA8 push Andréna.00401EBC UNICODE "REGISTRIERT" 00405F8D mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747#7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00405FC5 push Andréna.00401EBC UNICODE "REGISTRIERT" 004061AA mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B" 004061E2 push Andréna.00401EBC UNICODE "REGISTRIERT" 004063C7 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747G7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 004063FF push Andréna.00401EBC UNICODE "REGISTRIERT" 004065E4 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74747A7F7E7B7C7D826D817E7B7" 0040661C push Andréna.00401EBC UNICODE "REGISTRIERT" 00406801 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74747A7F7E7B7C7D826D8H7E7B7" 00406839 push Andréna.00401EBC UNICODE "REGISTRIERT" 00406DFB mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00406E33 push Andréna.00401EBC UNICODE "REGISTRIERT" 00407018 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74747A7F7E7G7C7D826D817E7B7" 00407050 push Andréna.00401EBC UNICODE "REGISTRIERT" 00407235 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "Q817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KEZB7" 0040726D push Andréna.00401EBC UNICODE "REGISTRIERT" 00407452 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFP7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040748A push Andréna.00401EBC UNICODE "REGISTRIERT" 0040766F mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747G7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 004076A7 push Andréna.00401EBC UNICODE "REGISTRIERT" 004078C4 push Andréna.00401EBC UNICODE "REGISTRIERT" 00407AA9 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E7WOD7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00407AE1 push Andréna.00401EBC UNICODE "REGISTRIERT" 00407CC6 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "http://beam.to/cugABCDEFGHIJKLMNOPQRSTUVWXYZ123456" 00407CFE push Andréna.00401EBC UNICODE "REGISTRIERT" 00407EE3 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D8KKE7B7" 00407F1B push Andréna.00401EBC UNICODE "REGISTRIERT" 00408100 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747$7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00408138 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040831D mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747#7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00408355 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040853A mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B" 00408572 push Andréna.00401EBC UNICODE "REGISTRIERT" 00408757 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747G7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040878F push Andréna.00401EBC UNICODE "REGISTRIERT" 00408974 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74G47A7F7E7B7C7D826D817E7B7" 004089AC push Andréna.00401EBC UNICODE "REGISTRIERT" 00408B91 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74747A7F7E7B7C7D826D8H7E7B7" 00408BC9 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040918B mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 004091C3 push Andréna.00401EBC UNICODE "REGISTRIERT" 004093A8 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74747A7F7E7G7C7D826D817E7B7" 004093E0 push Andréna.00401EBC UNICODE "REGISTRIERT" 004095C5 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "Q817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KEZB7" 004095FD push Andréna.00401EBC UNICODE "REGISTRIERT" 004097E2 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFP7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040981A push Andréna.00401EBC UNICODE "REGISTRIERT" 004099FF mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747G7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00409A37 push Andréna.00401EBC UNICODE "REGISTRIERT" 00409C54 push Andréna.00401EBC UNICODE "REGISTRIERT" 00409E39 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E7WOD7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 00409E71 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040A056 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "http://beam.to/cugABCDEFGHIJKLMNOPQRSTUVWXYZ123456" 0040A08E push Andréna.00401EBC UNICODE "REGISTRIERT" 0040A273 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D8KKE7B7" 0040A2AB push Andréna.00401EBC UNICODE "REGISTRIERT" 0040A490 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747$7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040A4C8 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040A6AD mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747#7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040A6E5 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040A8CA mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B" 0040A902 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040AAE7 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747G7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040AB1F push Andréna.00401EBC UNICODE "REGISTRIERT" 0040AD04 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74747A7F7E7B7C7R826D817E7B7" 0040AD3C push Andréna.00401EBC UNICODE "REGISTRIERT" 0040AF21 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74747A7F7E7B7C7D826D8H7E7B7" 0040AF59 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040B51B mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040B553 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040B738 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74747A7F7E7G7C7D826D817E7B7" 0040B770 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040B955 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "Q817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KEZB7" 0040B98D push Andréna.00401EBC UNICODE "REGISTRIERT" 0040BB72 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFP7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040BBAA push Andréna.00401EBC UNICODE "REGISTRIERT" 0040BD8F mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747G7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040BDC7 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040BFE4 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040C1C9 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E7WOD7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040C201 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040C3E6 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "http://beam.to/cugABCDEFGHIJKLMNOPQRSTUVWXYZ123456" 0040C41E push Andréna.00401EBC UNICODE "REGISTRIERT" 0040C603 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFF7C7F82836D74RR7A7F7E7B7C7D826D8KKE7B7" 0040C63B push Andréna.00401EBC UNICODE "REGISTRIERT" 0040C820 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747$7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040C858 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040CA3D mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747#7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040CA75 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040CC5A mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7AFFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B" 0040CC92 push Andréna.00401EBC UNICODE "REGISTRIERT" 0040CE77 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747G7AFF7C7F82836D74RR7A7F7E7B7C7D826D81KE7B7" 0040CEAF push Andréna.00401EBC UNICODE "REGISTRIERT" 0040D094 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D747W7A7F7E7B7C7D826D817E7B7" 0040D0CC push Andréna.00401EBC UNICODE "REGISTRIERT" 0040D2B1 mov dword ptr ss:[ebp-0xAC],Andréna.004 UNICODE "0817E747D7A7D7C7F82836D74747A7F7E7B7C7D826D8H7E7B7" 0040D2E9 push Andréna.00401EBC UNICODE "REGISTRIERT"

最后得出结果为74*3032589#**0541238#7412

综上这位大佬题目还是很耿直的，比较利于我这种小白找信心，- -

转载请注明原文地址: https://www.6miu.com/read-31520.html

技术

最新回复(0)