CTF---国色天香(C++注册机)

最新推荐文章于 2022-12-28 12:18:30 发布

原创最新推荐文章于 2022-12-28 12:18:30 发布 · 812 阅读

1 ·

CC 4.0 BY-SA版权

CTF 专栏收录该内容

3 篇文章

订阅专栏

https://ctf.pediy.com/itembank.htm （国色天香）

拿到一道CrackMe的题目，输入CTFHUB，求密码。

# GetDlgItemTextA下断, 返回后是加密流程
# 1.用名字算出一串10位数的密钥
# 2.用密钥再次进行加密, 得到真正的key

这个仅仅是根据了username得到10位数的密钥。

这两个看似同样的操作。一步一步跟着来

放一下自己的注册机代码

// ConsoleApplication1.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include <iostream>
#include <cstdio>
#include <cstring>
#include <windows.h>

using namespace std;
char uName[25] = {0};
char uNameKey[25] = {0};
char uKey[25] = {0};

int _tmain(int argc, _TCHAR* argv[])
{
	cout << "please press your username..." << endl;
	int ebx = 0;
	int ecx = 0;
	int edx = 0;
	while(~scanf("%s", uName)){
		int uNameLen = strlen(uName); 
		if(uNameLen == 0){
			cout << "Enter Name!" << endl;
			continue;
		}else if(uNameLen > 0x20){
			cout << "Name can be max 32 Chars long!" << endl;
			continue;
		}else if(uNameLen < 5){
			cout << "Name must be min 5 Chars long!" << endl;
			continue;
		}
		break;
	}
	
	ecx = 0;
	int al = 0x5;
	edx = 0;
	while(true){
		int cl = uName[edx];
		cl = cl ^ 0x29;
		cl = cl + al;
		if(cl < 0x41 || cl > 0x5A){
			cl = 0x52;
			cl = cl + al;
		}
		uNameKey[edx] = cl;
		uNameKey[edx + 1] = 0x0;
		edx ++;
		al --;
		if(al == 0) break;
	}
	edx = 0;
	al = 5;
	while(true){
		int cl = uName[edx];
		cl = cl ^ 0x27;
		cl = cl + al;
		if(cl < 0x41 || cl > 0x5A){
			cl = 0x4D;
			cl = cl + al;
		}
		uNameKey[edx + 5] = cl;
		uNameKey[edx + 5 + 1] = 0x0;
		edx ++;
		al --;
		if(al == 0) break;
	}
	uNameKey[10] = '\0';
	printf("uNameKey = %s\n", uNameKey);
	ebx = 0;
	ecx = 0;
	edx = 0;

	while(true){
		
		int dl = uNameKey[ecx];
		if(dl == 0x0){
			break;
		}
		dl += 0x5;
		if(dl > 0x5a){
			dl -= 0xd;
		}
		dl = dl ^ 0xc;
		if(dl < 0x41){
			dl = 0x4b;
			dl += ecx;
		}
		if(dl > 0x5A){
			dl = 0x4b;
			dl -= ecx;
		}
		uKey[ecx] = dl;
		ecx ++;
	}
	uKey[ecx] = '\0';

	printf("uKey = %s\n", uKey);
	getchar();
	getchar();
	return 0;
}