【软件安全实验2022】验证码——2(debug版本)

Sparks_Pion

已于 2022-03-31 18:45:35 修改

阅读量520

点赞数

分类专栏：实验记录文章标签：经验分享 python 网络安全

于 2022-03-29 22:37:24 首次发布

本文链接：https://blog.csdn.net/Sparks_Pion/article/details/123834382

版权

实验记录专栏收录该内容

3 篇文章 0 订阅

订阅专栏

Debug版本同样分析

GetLocalTime(&v7->systemtime64);
nSize = 256;
global_passwd[0] = v7->systemtime64.wDay 
                   * v7->systemtime64.wHour
                   + v7->systemtime64.wYear
                   * v7->systemtime64.wHour
                   * v7->systemtime64.wMonth
                   * v7->systemtime64.wDayOfWeek
                   * v7->systemtime64.wDay;
GetComputerNameA(Str, &nSize);
for ( i = 0; i < strlen(Str); ++i )
    global_passwd[1] = v7->systemtime64.wMonth * (global_passwd[1] + Str[i]);
GetModuleFileNameA(0, Filename, 0x100u);
for ( i = 0; i < strlen(Filename); ++i )
    global_passwd[2] = v7->systemtime64.wHour * (global_passwd[1] + Filename[i]);

strcpy(Destination, v1);
Destination[19] = 0;
v9 = global_passwd[0];
v8 = HIWORD(global_passwd[1]);
v7 = (global_passwd[2] + global_passwd[0]) >> 16;
Destination[4] = 0;
Destination[9] = 0;
Destination[14] = 0;
p1 = strtol(Destination, &EndPtr, 16);
p2 = strtol(&Destination[5], &EndPtr, 16);
p3 = strtol(&Destination[10], &EndPtr, 16);
p4 = strtol(&Destination[15], &EndPtr, 16);
if (p1 == v9 && (CWnd::MessageBoxA(v13, "恭喜你！序列号第1部分正确！", 0, 0), 
p2 == HIWORD(global_passwd[1])) && (CWnd::MessageBoxA(v13, "恭喜你！序列号第2部分正确！", 0, 0), 
p3 == (global_passwd[2] + global_passwd[0]) >> 16) && (CWnd::MessageBoxA(v13, "恭喜你！序列号第3部分正确！", 0, 0), 
((p4 + p1) & 0xAFDA) == (v7 + v8 + v9) >> 4))
{
    result = CWnd::MessageBoxA(v13, "恭喜你！序列号完全正确！", 0, 0);
}
else
{
    result = CWnd::MessageBoxA(v13, "序列号错误![注意：SN总计16位 形式为：xxxx-xxxx-xxxx-xxxx]", 0, 0);
}

脚本如下，第四部分有时候就是不行，QAQ

import datetime
import socket
import os

time = datetime.datetime.now()  # 获取当前时间
year = time.year
month = time.month
weekday = time.weekday() + 1  # 星期一应该对应'1',故加一
hour = time.hour
day = time.day

passwd = [0, 0, 0, 0]

passwd[0] = day * hour + year * hour * month * weekday * day

computerName = socket.gethostname().upper()  # 获取计算机名，需要大写
for ch in computerName:
    passwd[1] = month * (passwd[1] + ord(ch))

fileFlag = False
filePath = ''
for root, dirs, files in os.walk(os.getcwd(), topdown=True):
    if 'DemoD2022_Debug.exe' in files:
        filePath = root + '\\DemoD2022_Debug.exe'
        fileFlag = True
        break
if fileFlag == False:
    print('未找到 DemoD2022_Debug.exe ,请放至同一文件夹下')
    exit(0)

for ch in filePath:
    passwd[2] = hour * (passwd[1] + ord(ch))

p1 = passwd[0] & 0xFFFF
v9 = p1
v8 = passwd[1] >> 16
v7 = (passwd[2] + passwd[0]) >> 16
hasFlag = False
for i in range(0x10000):
    if ((i + p1) & 0xAFDA) == (v7 + v8 + v9) >> 4:
        passwd[3] = i
        hasFlag = True
        break
if hasFlag == False:
    print("时机不对，无法破解")
print(
    ('{:04X}-{:04X}-{:04X}-{:04X}').format(passwd[0] & 0xFFFF, passwd[1] >> 16,
                                           (passwd[2] + passwd[0]) >> 16,
                                           passwd[3]))

Sparks_Pion

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
【软件安全实验2022】验证码——2(debug版本)

Debug版本同样分析GetLocalTime(&v7->systemtime64);nSize = 256;global_passwd[0] = v7->systemtime64.wDay * v7->systemtime64.wHour + v7->systemtime64.wYear * v7->systemtime64.wHour
复制链接

扫一扫

专栏目录