Today we are going to generate a simple keygen to crack this beautiful crackme named “Get The Password”. Here’s the beast:
今天,我们将生成一个简单的密钥生成器,以破解名为“获取密码”的美丽破解程序 。 这是野兽:
Cool graph, isn’t it?
很酷的图形,不是吗?
In the top part we can see there’s a pattern, right here:
在顶部,我们可以看到一个模式,就在这里:
So, what’s going on here? Well, basically…
那么,这是怎么回事? 好吧,基本上...
cl
is being used as an index, compared against a hardcoded value which increments each time (0,1,2..9) and edx
is being used in pairs of blocks where every time is either incremented or decremented by one then a hardcoded value is compared against al
’s content and it goes back to the start of the algorithm if the condition is met.
cl
用作索引,与每次增加(0,1,2..9)的硬编码值进行比较,并且edx
在成对的块中使用,其中每次将硬编码值递增或递减一个将与al
的内容进行比较,如果满足条件,则返回算法的开头。
After reading the code we can conclude that each one of those blocks represents an individual check for each one of the characters the password has.
阅读代码后,我们可以得出结论,这些块中的每个块代表对密码具有的每个字符的单独检查。
Here’s one of the block groups highlighted in white:
这是用白色突出显示的块组之一:
edx
is being used as “checks counter” and ecx
is the index of the character from the password we are checking. If the check is passed edx
is incremented, otherwise, it’s decremented.
edx
被用作“检查计数器”,而ecx
是我们正在检查的密码中字符的索引。 如果检查通过,则edx
会增加,否则,它会减少。
At the end of this chain of checks, there’s a final validation that controls if all 10 checks have been passed successfully and shows the “Password is correct :)” message if that’s the case.
在此检查链的末尾,有一个最终验证,用于控制所有10个检查是否均已成功通过,并在这种情况下显示“ Password is right :)”消息。
The majority of the conditions in place are “open-ended” (less-or-equal to, greater-than, etc) so we can conclude that as this isn’t a one-solution puzzle, writing a keygen is the best option.
现有的大多数条件都是“开放式的”( 小于或等于 , 大于等),因此我们可以得出结论,由于这不是一个解决方案,所以编写keygen是最佳选择。
Using the list of conditions we gathered from the static analysis we can proceed to create a keygen using some python itertools magic. We just need to write down every check we saw and generate all the possible combinations for the given set of conditions. The overall logic should look similar to this:
使用我们从静态分析中收集的条件列表,我们可以继续使用一些python itertools魔术来创建keygen。 我们只需要写下我们看到的每张支票,并为给定的条件集生成所有可能的组合。 总体逻辑应类似于以下内容:
password_template = [
greater_than(0x47),
lower_than(0x66),
[0x56],
greater_than(0x66),
lower_than(0x33),
greater_than(0x79),
greater_than(0x38),
lower_than(0x4e),
diff_from(0x52),
[0x32],
]for p in itertools.product(*password_template):
print(p)
If you are interested in the details here’s the GitHub link to the full script:
如果您对详细信息感兴趣,请点击此处,获得完整脚本的GitHub链接:
Using the script we can proceed to get some juicy valid codes with ease.
使用脚本,我们可以轻松地获取一些多汁的有效代码。
I hope you liked the writeup, until next time!
希望您喜欢本文,直到下次!
翻译自: https://medium.com/bugbountywriteup/writing-a-keygen-using-python-itertools-1944cbb4d07c