拿到一道CrackMe的题目
# GetDlgItemTextA下断, 返回后call 0x401000函数是加密流程
![](https://i-blog.csdnimg.cn/blog_migrate/4895c21b6588257306b5cc91abd45b79.png)
![](https://i-blog.csdnimg.cn/blog_migrate/b4ce83bb8b1f319e9feb45f6519a9849.png)
加密流程实在过长,拖到ida64里,F5,完事,得到以下伪代码
signed int __cdecl sub_401000(const char *a1, _BYTE *a2)
{
int v2; // ebp
unsigned int v3; // edx
int v4; // ebp
_BYTE *v5; // eax
char *v6; // esi
char v7; // dl
signed int v8; // edx
v2 = 0;
if ( *a1 != *a2 || strlen(a1) < 5 || a2[1] != 45 )
{
v8 = (signed int)a1;
}
else
{
v3 = 0;
if ( strlen(a1) != 0 )
{
do
v2 += a1[v3++];
while ( v3 < strlen(a1) );
}
v4 = v2 + 24676;
sprintf(byte_406B30, aLu, v4);
byte_406B44 = *a1;
byte_406B45 = 45;
byte_406B46 = toupper(a1[strlen(a1) - 1]);
strcat(&byte_406B44, byte_406B30);
strcat(&byte_406B44, (const char *)&unk_406030);
sprintf(byte_406B30, aLu, v4 + 24676);
strcat(&byte_406B44, byte_406B30);
v5 = a2; //henuyl 我输入的密码
v6 = &byte_406B44; //henuyl 程序生成的密码(推断上方为生成密码的
// 算法,分析到这里就可以了,下方可以无视)
while ( *v5 == *v6 ) //henuyl 比较密码的过程
{
if ( !*v5 )
goto LABEL_11;
v7 = v5[1];
if ( v7 != v6[1] )
break;
v5 += 2;
v6 += 2;
if ( !v7 )
{
LABEL_11:
v8 = 1;
goto LABEL_14;
}
}
v8 = 0;
}
LABEL_14:
memset(&byte_406B44, 0, 0x100u);
return v8;
}
很容易就可得到这个算法加密的基本流程。
#include <stdio.h>
#include <string.h>
#include <ctype.h>
char src[25];
char buff[25];
char name[] = "CTFHUB";
int v2;
unsigned int v3;
int v4;
int main(){
v3 = 0;
if(strlen(name) != 0){
do{
v2 += name[v3++];
}
while(v3 < strlen(name));
}
v4 = v2 + 0x6064;
sprintf(src, "%lu", v4);
*buff = *name;
*(buff + 1) = '-';
*(buff + 2) = toupper(name[strlen(name) - 1]);
strcat(buff, src);
strcat(buff, "-");
sprintf(src, "%lu", v4 + 0x6064);
strcat(buff, src);
printf("%s\n", buff);
return 0;
}
简简单单有这么难吗~