ܼ

ǰ  

ΪȫıдҪPEļʽ֪ʶҪջCԵı̼ɣһЩ㷨ֱṩļ㷨ҿԷCԴ롢VB롣
нCrackerһʷΪˡΪаСˡ֮塣˶ƽһʹ˵йչƽһݹͣ˵⻰ԣ΢Բϵͳҵ¢ϣҵڵļз桭ȥû棬ٻƳֹ棬ƥͨƳԼǿûļɱڴҹͬС

ŲԱƳԽԽ࣬дһױƽҲԽԽˣиûڻǷаȫԡӼ˵ֻ˵ܼ޹أһԵİȫһָɵĻǷȶɿǷƽⷽ棬Ҫܺõطֹƽ⣬ôһżܼǷǳҪġ
鿼ǵʹԵû󲿷ֶPEļṹ̫Ϥûвúܵײķȥѧǲֱӱķʽͼ˵μܡ
ǰµ˳нģ
ƽ⼼    ƽ⼼1    ƽ⼼2    ƽ⼼3
ļ    ļ֤    LOGOͼƬ֤    ڱ֤
ļС    ӿǺǩ֤    ӿǺCRC֤    ļС֤
    ָ    ģ    ֿ֧
ڴע    ж,ѭ    ַ    ʱڴ
㷨ע    RSA㷨    ֵֿ֧    
    ദ֤    ֤    

Ǽ崴Ʒ˶λߵĹڴһʾлвݸԵвЩߵԷֹ˶ǵĿƽ⡣

Black Soldier

Ŀ  ¼

ܼ    1
һԳܵĿ    5
1    5
2ߵȨ    5
Գܵԭ    5
1ǰҪܵ    5
2ҪܵҪƶһƻ    6
3ʱĵԱԺ޸    6
4ǰһǷʽ    6
ֹݱ    7
1ֹƱ    7
2ֹڱⱻ    7
3ֹLOGOͼƬ    8
ģֹڴע    8
1Ҫʹüж    9
2MD5Ա    9
3ע뿽    9
壮ֹļ    10
1üӿ    10
2ӿǺļС֤    14
3ӿǺǩ֤    14
4ӿǺCRC֤    15
Է    16
1ԵĻָ    16
2ģʹ    17
3ֿ֧ʹ    17
4ͨ鸸̵֪Ƿ񱻵    18
5ʹö߳    19
ߣע    19
1עԭ    19
2RSA㷨ע    20
3ֵֿ֧    27
ˣһЩѵ    27
1ƽߵĽѵ    27
2ƽʹߵĽѵ    30
3ΪҪ    30
ţ֤    30
1ʵֵԭ    30
2ڵļ    31
ʮܹ    31
1ܹѡ    32
2ܹӿǷ    33
3ܹд洢    33
ʮһ㷨ԣ׮    34
1ݿôк¶    34
2ϼ㷨    37
3ڱ    38
4֤    39
5ͬȨ֤    40
6͵GHOFFICE˴֤    41
7α֤    43
8ʱ֤ʱ֤ͻݼ֤    44
9֤רҵ֪ʶϼ    44
10αװдֿ֧    44
11İ׮    45
12汾    45
13ݽϼܼ    45
14Զ㷨    46
15ܿͼ    46
¼1γѧ    48
¼2ü򵥷ֹƽ⡷    49
¼3ݽϼ    50

  ģ
һԳܵĿ

ڴбҪ˵һΪҪΪԼĳмܣΪ㣺
1
ļģļȨϢģļߴ粻ġ
ܶʱеļõԽļģļȨϢַͼƬģȻԼĶϲԶƻż˵ĵǼˣߡ෴ʹЩûʹһͨϵʧ˴ڱԼȨ˵ҲбҪԡ
QQֹΪĲ棬QQһЩϢ棬ΪQQ˾ʮͷʹԺһЩ´Ҳ֪ڿƽQQĺˣڰװQQ°汾ʱǷƽⲹڣھͲС
2ߵȨ
Ҳ˵һƽһһûмܵôͻֻ֪һе飬Ǯû¸ɵˣĿʲôǺ֪ġ
Ǹ˻ǹ˾һò棬Լ̿ʽĹôǺٿȥġӺܶܶ࣬Ҳѳ˺ܶƽ棬һƽ⣬ôɵʧǷǳġ

Գܵԭ
ǵļܷͨϸʽһЩǱ׼ŵЩŵдһЩݣĽԿȵȡ̳ΪԿ̡ʱû̲룬ȡЩŵеݣжǷϷġԿ̡
̼ܻһЩλܵȵȡ
Ž̵û䣬ַ˳ʷ̨µܼҲԽԽˡ
1ǰҪܵ
˵ʵк̳ܶϷ˵ԼԱдƽ⣬ǳˣòŻᱻƽ⣬룬Ǻܸ˵ӣܵͣ΢뱻ƽ⣬Ӧøˣе˴һ⣬㻹ܸˣ֪ʶȨȨѱַˣʺܶӣء˲ƣоǼǿܷʽ
עģҪȫȫûעKEYļ൱൱شһõǰ뿼ܵ㵽һ°棬һƽ⣬ٳһ°ȥǼǵġ
2ҪܵҪƶһƻ
һʼμܵûһһ̳ϹעõԼĳУΪǼˣʵϱҪһѧϰƻҪõ֪ʶռƻһܼƻҲǱҪġ
3ʱĵԱԺ޸
ڼпʹ˶ദܣҪĵдãԷֹԺǣʵʹñעķʽ˵ЩעڱʱǲᱻĿEXEļеģҿԷдͬʱҲʡдⲿĵʱ䡣Ժʱֱҵܵĵط

4ǰһǷʽ
ƶһ׼Կһ³ķԣƽĿԣƽߣڲ֪μܵ»ȥƽ
һο׼档
ע
ⷽ,ΪǼ1֡
1.    Ƿӿ? 
2.    ǷϵĲͬĹԳмӿ/ѹ
3.    ǷԼ鹦ܣCRCУ
4.    صַǷнмܴ 
5.    Ƿ˱Ƚϳѧ㷨 
6.    Ƿжദ֤㣬öͬж϶ͬȫֱ־ע֤
7.    Ƿ֤Ĺܣ 
8.    Ƿ֤ܣ
9.    עǷٵظûʾϢ 
10.    ǷGetLocalTime( )GetSystemTime( )֪ĺȡϵͳʱ䣿 
11.    Ƿαƽ⹦ܣ
12.    ǷǶ˷ٵĴ룿 
13.    ǷУ麯˿Σ
14.    Ƿע롢װʱ¼ڶͬĵط
15.    ǷУʱŴ󵼽ߣ 
16.    ǷԼصķƽʩ 
飺÷6ϲſʽ
ߣHUC-Black Soldier


ֹݱ
ӱڿʼѽ뽲ܵ⣬½ڲ֣/ƽķ֣ԣ٣߾ãһһС֪ʶĽǷǳҪġ
Щ˾Ͱľܽģڴ˱ʾл
1ֹƱ
ǼΪ򵥵ķ
жϣдȡִļ = ҵĳ.EXE
УΪʹõжϡǡأҿһ£жϡĴ밲ȫҪȡߣﲻٳһӣֻҪ˵һ¼ɡжϡǶط֧ṹ˱ƽѶȣˣһҪעһ飬ڽмܱȽʱһҪʹñȽϵ䣬ױʹƽ⹤¶ϵ㣬ôȷӦεأ뿴룺
ƴѭףֵǷעɹ
ȫ_עɹ = 1
ƴѭβ
ͨĴԿûʹж䣬һѭȥ롣СǷעɹȷʵǷһ߼ֵֵͨͻᱻΪ01֮һ֣Ե˶֪һѭУѭΪ1ִѭеΪ0ѭɻ󣬼˻ҵжϵĻ룬ǿ˱ԡ

ĻˣĳеĳһʵϼǸַۺϣ̵ֻеһ֣Ҫּܷʽһ֮СҪʱѧϰᡣ
ܵ1һҪڼ㷨С
ܵ2áѭж䡣
2ֹڱⱻ
ڱǷ񱻱˸Ҳͨͬķʵ֤
жϣ_. = ҵĳ.EXE
Ҳ˵ЩûбҪɣ˭ôģ봰ڱأҿһӰɣһѵ࣬ϰеѵ࣬ƽˣ޸״İȨϢΪԼѵı־ĽѧЧѧΪѵļʵǿԼԿҾѵı־棬˺ܺõĹЧѧѧѧˡ
¼Ȼ״һôҲûУȫƽռˡһõȫܵġ
⣬ҪѴҵǣҲǷǳյģĻױ˸ַַҲˣܿҵȽϵĵطӶȥΪǽַңҵĳ.EXEԡַȡ루ȡ򣨣ַӵķһΪһִٱȽϡ
жϣȡǩ_.⣩ = ȡǩҵĳ.EXE
3ֹLOGOͼƬ
е³ϢģͼƬʾķʽͼƬϲױ޸ģҲиֽ޸ģͼƬĴС֪ģжϣ
ƴѭףֵȡֽڼȣ_ڡͼ=342488
֪ͼƬСߴֽдġ
ҲԽͼƬԵԴУֱӽбȽϡ
ƴѭףֵ_ڡͼ=#ͼƬ1
ϷȻһЩֱӺôǣһΪƽ˸ѣȻʧ֤˰ȫ
ĹڴҲҪŶ
ʹݲֿ֧еġݣݣͼƬͼƬԴУʱٽʾһЩֱܾͿˡʱעֱӷһдбȽϣҪ浽һУڴҲĵġ
ģֹڴע
ڴעԭڲ÷ԭļ㷨ʵֱӶȡԭڼܼڴʾע롣
ܶʱ㷨㹻ˣǾKEYǴڴеģͼΪƽ⡣ƽֻҪдһС򣬽ڴַʾһOKˡرڻԶɴڴעֻҪڴַһ¾ˡͼʾ


İ취ƼʹRSAעᷨ㲻ãǾҪһЩˡ

1Ҫʹüж
Ҫʹ򵥵ж䣬ʹѭжϡ
ڳϽжá

2MD5Ա
עжϹòҪֱжעıķȷӦȡıMD5룬ȡMD5жԱȣûע༭еıϢעıϢMD5ֱӶԱȡʱ˻һٵעţȻڴѰݺٽзתΪMD5жϺ󣬼ڴҲԼݵģ

3ע뿽
ڴиƴע룬֤ʱȡһжϾͿԡĺôǼҪNעڴ棬֪һ֤ˣ
עֿNطҲǸ÷

壮ֹļ
ָƽģ㷨ʧܵ£߳ŭǽһ֮±ƽ⣬ĿѵҪעĲֱȥֱӲĺļСıˡ
Ҫ˵ǣһ㱩ƽǰ˶Ҫٲ鿴עֵһЩؼ֣ҲҪעϢдУ硰עᡱעɹעʧܣЩҺʾпܵĻټܣƽ߲ҵλáʱһּ򵥵ַߺҵЩе֣˾ʾ
ΣҪʹϢʾǷעɹϢAPIʹױҵԵһʾڣʾעɹֱ֣ܺڴзһʾǷעɹͼƬҲС
ٴΣעжòҪֱжע룬MD5жԱȣûע༭еıϢעıϢMD5ֱӶԱȡʱ˻һٵעţȻڴѰݣתΪMD5жϺ󣬼ڴҲԼݵģ 
עжϲҪʹá򵥵ʹǰ˵ѭжϡ

ӿþǷֹԼĳ򱻱ơƽ߻ѿǣеĿǺӲм㷨ΪѿǴ鷳ΣӿǺⲿDLLдһMD5У飬⽫ֹѿǺУ˾Ͳܽеˡ
ӿΪͨܿǡӿǿѹļСҽһЩִ˴ҵЧ
ͨǵѹԴʹļߴСһʹСһϵĳߴ磬еĻԼϵͳԴռáɵEXEļӿǺпܱCɵĳСѹ˳ߴ磬ʱټһǣߴ練
ͨУUPXASPACKASProtectPKLITEPECompactȡ
ܵĿУӰȡ
ܵĿǿṩֱӵע빦ܡܵĿǹÿǣܶ˶ȥʹãһױ˿ѿǣҲƽˣôʮصġƼľһͨǣUPXȻMD5жǷѿǾͿˡ

棬ٽһ³õļӿ
1üӿ
ͼUPX Shell v3.10н棺


ͼASPACKн棺


ͼPKLITEн棺


ͼPECompactн棺

ͼǡӰӿн棺


ͼǡ񡱼ӿн棺

ǼµĹǷֹѿˣһ˵ܶ˶ҪһǿĿǣһκοǶпܱƽ⣬һǵļԾкܴ⡣
ǿǵġϵͳһƷǿǣȷʵǺѵģƽԭWIN98ʱʽļ۸ҲǳߣҪ1000ԪRMBҡ
õͨȻǿȲߣͨԱ̽У飬ԱĿǲѵ
ܵ3ͨĿǣȥѿһУء
2ӿǺļС֤
ӿǺһЩݰȫõ˱֤һЩûмӹַ磺ݿ룬㷨롣
ѹǺԵEXEļߴһСһ1.5MBСΪ800KBҡ
ôõļС֤Դ룺
жϣȡļߴ磨ȡִļ= 843674
еֵǾ鿴뼰ӿǺļԴСɵģɴֲĵطһÿαļСǲһģ˺ѽֵȡԣֵãеĻôÿɵļСһͻȡ׼Ƚϲ˵
ڱȽʱԽдʽ
жϣȡļߴ磨ȡִļ 900000
ͨĸı󣬻Ͽ֪Ƿ˿ˣΪ˿ǺӺܶࡣ

3ӿǺǩ֤
Դһݲֿ֧⡱㰲ȫܵҪͼʾ

ΪõǡȡժҪǲMD5㷨ͬݵMD5붼һ˱֤Ҫݲᱻ۸ġڲͬݣóĽǲһġ˽ѿˡĶˣôǰȡõĽҲǲһġ
ȡժҪóĽǷһֽڼݵMD5ժҪıһ32λֽڵݡ
һ⣺ȡ˼ӿǺժҪǷкٱټӿȡժҪ󣬱ȡֵǰȡֵǲһµġ
ȡİ취һǽժҪıⲿ
һµķʽ
һַʽܺһļС
ڶַʽܺDLLС
һַʽֱӴһļУҲԼдļУͼƬļУļУDLLļУӲдDLLУ
ڶַʽȡժҪֱDLLԴдȽϴ롣ȻΪDLLļô˱ȽDLL֤ժҪӶǿİȫԡ
4ӿǺCRC֤
ǺбҪԼϸõıCRCУеһֲķ
CRCʲôأʵǴҶӦûİһ£ùRARZIPѹǲǳһ˵ġCRCУϢأӦ˰ɣCRCǿݵļֵȫǡCyclic Redundancy Checkǡѭ롱CRCУ顱ǡѭУ顱
CRCʲôأӦ÷Χܹ㷺ľ紫нϢУԡʵǴ԰ӦõȥΪļǷǳǳǳϸġϸʲô̶أĳֻҪĶһֽڣֻǴСдĸĶֵͻԭĲͬǺǣǲǺأֻҪġԭCRCֵĳطȻڳٶļCRCУ飬ŸһɲõCRCֵбȽϣȵĻ˵ĳûб޸/ƽȵĻôܿĳ⵽˲ĸȾ߱16ƹ߱ƽˡ
CRCıǽXOR㣬ĹǲùΪ̶Ľû壻ȤֻյõCRCֵ

ûṩһCRC32.ECģ飬ģ̳ϻԴҿֱùãԺͼʾ


÷ʽΪ´룺
жϣȡѭУͣļȡִļ= 18293823767
ΪCRCֵ
ҿԣֵԣýбȽϣüӼķóǰCRCĲֵΪ0˵ȵģûбĶǱĹġ
룺
򱻸 =  1
ƴѭףȡֵȡѭУͣļȡִļ- 18293823767
򱻸 =  0-
ѭ
ƴѭβ
أ򱻸ģ
УȡֵǽҲתΪԷмƴѭ
Уֵͱ򱻸ġΪ1ʾûбĶΪ0ʾĶصֵͿԽһЩļˡ
ҵķȱ
CRC-32ֵʵɼмóд뵽֤ĻĹûˣ
ʵķеģǿڼCRC-32ֵ֮ǰԲתַӵֽţַλxorȲ߰ԼյϢ뵽ַУıʲôУ֮ǵļݾˣȻȽϵʱҲͬķCRC-32ֵõCRC-32ͲļݼģŶƽߵҲӴ١

ܽ᣺
ϵķҶвãдһDLLļУȻżҪ֤ӳʱԱüɡ
Է
1ԵĻָ
ӻָķͨԣеķֵַַҪòͬĻָֽͬеǵָֽеǶָֽڶָֽ˵ҪȷָĵһֽڵʼλãҲǲλãȷطָͿܷһָˡңֽڣָȲʹ÷ڴһָ󣬽ָᱻ롣ԣַǺЧ 
°汾Զ뻨ָĹܣҲȻļһЩд󡣴ҿԵ˵ߡϵͳáĴͼʾ


ûָʱĴ뼸ǸԴһһӦģһǵĳʲôܿأȫԴӷĽĹܡ
ʵָΪعһЩ塱һЩõֽڣԻƽߺϢáΪ㹹Щ塱ֻҪ򿪾ͿˡͬʱҲѴңڷ°汾ʱµķʽһܷǻָΪ1ڶܷǻָΪ2ܷǻָΪ3ܷǻָΪ1ܶʼƽ߸任ٶȡ
ܵ4ÿܷһ°汾ƽٶȸϲϷٶȡ
2ģʹ
Ŀǰ̳ϳһЩģֿ֧⣬зԵĹܣú󣬾ͻ鿴޵SOFTICEȵԹߣԵĵҲͬЧ
ṩһģ飺ǹģҲԳһ£Ϊ˵ǳأЩģ鲢ȶҼWIN98³ҴҲΪǵӶԶ˳
Լ̳ɡƼʹá
3ֿ֧ʹ
ֿ֧Ҳṩ˷ԵĹܣǺǿֿ֧⡣
Ҫע⣬һҪڶϵͳ½ϸĲԺܷ

4ͨ鸸̵֪Ƿ񱻵
һ£ֱеĳĸEXPLOERееĸԣƽеĸƽĵǾбҪжϳǷEXPLOERԣǣǳкܴĿڼ˵ĵбˣʱͺðˡ
̳ûṩһȡ븸̵ģ飬ģԴ룬ҪAPIȡýݡ
ҿ̳ûΪؼΪ̡ҵԴ롣
ͼеԳʱΪԣ


ͼԱУ丸EXPLORER.EXEΪ860

ܵ5һеEXEĸEXPLORER.EXE
ҪעǣпܽԳƸΪEXPLORER.EXEαװһ𣿲ԣҪһΪEXPLORER.EXEĽмIDǲһģͬĽIDôʱжͿ֪ǲǱ˵ˡ
5ʹö߳
DebugֲԿDebugߵľޣһֻ4ڴĶϵ㣬ÿϵ㲻ܿƳֽڣڴϵ㲻ܿƳ16ֽڵ򣻵ڶǶԶֻ߳ͬʱһ̡߳ĵڶ㣬ҿԶ࿪֤߳̽
̵߳ı̷οֲᡣ
һ㿪5-8߳̾͹æˡ
ܵ6ʹ5϶֤߳עᡣ
ߣע

1עԭ
԰װĳ\e\lib\krnln\samples\ע.eʾעԭ
һӳظȡӲģȡӲʧܵҪظȡΣȡʧܾһĬϵӲ档һҪһ
עԭǣûʹùһʱΪΪ룬ҪעᣬṩûϵӲţûӲŷߣ߸һע룬ûõעдעɹעļӲŲģֻ֪
磺ûϵӲΪ34߷صעΪ1904ûע1904ôעɹģ34X56=1904ôҲġϽֻܵӣҲ˵1䵽9999һϵģʵӲ벻򵥣16ƵģҲô򵥣ܻϾҲ˵Ƚ϶ԣ²ķȥƽ޴ġ
濴һԴеĳ룬ΪҪûעʱж䣺

Ϊжõķעӳ

ͨϼǷӲעӳ
һעɴӲ룬ҿڴϼһť˰ťĴ£

߾ͿԺɵصõע룬Ȼע뷢ûעˡ
ֻһ״̬ʵֵģûм˶ƽ⡣˿ֻô򵥵ķôһԴġ˴עɵļҪ뾡һа취ʹ֮ӻ磺λ죬üϼֵáЩ취ں½ннܡ

2RSA㷨ע
RSA
ʹRSAǶԳԿ㷨ָֽڼݽǩ֧324096֮ϷRSAλǩĽı
˵һǩϵͳҪʵַ
ȸоǩȨԱ費ͬRSAԿףRSAԿɡԿ˽ԿģɣΪɷҪԿʹ http://dywt.com.cn/RSATool2v14.rar в˵ȻԱġԿ͡ģɶ⹫˽ԿɱԱƱܡ
ȨԱʹá˽Կ͡ģָݽǩȻǩĽıͬǩһͣյʹøǩ߹ġԿ͡ģǩıԱǩݽ֤֤ͨ˵ݱضǴǩϿɵģûоκδ۸ġ
˵ǩעϵͳʵֲ裺
1עûṩעϢӲ롢ûȣ
2ʹԼ˽ԿԸעϢǩõǩı
3ǩıΪעԿļ͸û
4û˵ʹͬûϢעԿļߵĹԿǩ֤ͨѾעᣬʾδעᡣʹñ˽Կδй¶ǰ£ԾԱƽע
RSAʹü
RSAToolнͼʾ

кܶ˵RSA߲ãʵRSAߵʹ÷˵÷ǳˡ˵ԭģ
дRSAToolʹ˵£
RSATool 2.14 ʹָϣ
صַhttp://eyuyan.com/RSATool2v14.rar

ΪɷҪRSAԿ²

1ڡNumber BaseϿѡΪ 10 ;
2StartťȻƶֱʾϢ֣Իȡһӣ
3ڡKeySize(Bits)༭ 32 
4Generateťɣ
5ơPrime(P)༭еݵPublic Exp.(E)༭
6ڡNumber BaseϿѡΪ 16 ;
7¼¡Prime(P)༭еʮıݡ
8ٴظ 2 
9ڡKeySize(Bits)༭ϣԿλ324096λԽలȫҲߣٶԽһѡ1024λ㹻ˣ
10Generateťɣ
11TestťԣڡMessage to encrypt༭һıȻ󵥻EncryptťܣٵDecryptťܣܺĽǷһ£һ±ʾɵRSAԿãҪɣ
12ɣPrivate Exp.(D)༭еΪ˽Կ7¼ΪԿModulus (N)༭еΪģ뽫ʮıɡ

һ򵥵RSAע
磺ͨRSAߵõ

Կ
20063
˽Կ
7FC4638275AF6B27AFD040FED32A941D227154ECDE37ABFF73D72DB50F9FC70C75BC3AF0EC26016BC706D953A9C5D6831E0DDD27B42A182CB92A6E426693511E42EB0BF9D64459809D5EC305E13B2A85BA004BA934232305D3DA1205E7AD1D01744BBCF286B23D64CC68371FDD39DAA43861920DA3DE5F9335A77983BFD08A83
ģ
CEB774FCCE9DB84A4452A0774264FC55F35A8D8AA9D1FC5EBD3E0880B7B62A4EF834FD6E855CD84A4D04F3BBDE32180FC3EE45AB5582C2320A6575C6ECF923A24EAF59F22F930631347E0E3B0477A89FCE22FE741F5053EC5320AAF6489CC407056361F01E031A02DB52CB0CBDFBB11F72C340354C6CAB78D97630EB8A6A5431
ʼ£


עᴰƽ£


עᰴť£

ĳ򴰿ڲûĳУҪעʱעᡣ
еע£עⱣܣ


ɰť£עⱣܣ

4.0ͨץͼʾ


ܵ7RSA㷨ȻǿԿļαϡ

㷨ʵеע
ȡӲûвظȡֻȡһΣʵʲҪضȡΣȡӲʧҲҪӦĬϴӲҪתΪһַ
ִδֽ⴦ʵʱҪֽ⣬ҷֱصҲܡ
עıϳֱӶȡһıļбȽϡɵעһıļУڵעᰴťֱıļݽжԱȡıļļӲŵơ
ǻ㷨ʾеע㷨ٽмӹøһЩ
עУעⱣܣĴҪϸܣ⹫

ٿһԴƷҵάޡӣҲ½ҵ򣬿עᴰڵĴɣȥʲôȫԿء





RSAı㷨
ҪʾǶRSAһ֤˵RSAһǳǿļ㷨㷨̫򵥣ױƽ⣬ôҪͨµķбΡٵֻһοԼķԽŹԽ̬Խá
磬Բ÷ֽRSA㷨ÿֻ֤һС֣Ա֤ڳĸطв֤ͬصֵеĿΪֵͣеĿΪ߼ΣڳвͬطãúԸݽ㣬ƽ棬ôʹƽ˵óĽһǴġ˫RSAܳסRSAҲǸð취֮ٻһ£RSAֵֿ֧ϵķԼǿǿȡ
⣬ִܳҪֿţȫֱзһЩ򼯱зһЩֲзһЩзһЩַһҪңɴΪһУRSA֮ټܣRSAԿǼܸʽģ֤ҪעǺܶ࣬һҪһЩҪﵽܵĿģҲҪ̫ˣԼҲͿˡдûûԴͲ̫ˡ

3ֵֿ֧
ṩֵֿ֧ɫصǿԼλ˴ҿԸ㷨ǵһעͱȥоԣ˽Եֵֿ֧ȥƽ⣬ʹҲɾдעһ£ֵֿ֧Ȿͻ˺ܳʱд˼Ҳ첻עġһ˵עһ㶼ϣļСһЩӶҲдעһCдʹдҲҪϺܴϵͳֵֿֿ֧֧⣬̫˰ɣ
ڴ˽ǽRSA㷨ֵֿ֧ϵİ취עϾͲˣֻҪֹڴעּɡڴעķֹͨжϵķʽֹƽͨӿǺⲿCRC֤֤ԣڲٶؼ飬ϼ׮ͨѹأվͿȷһʧˡ

PEļʽľԣκμܳпܱƽ⣬ҪĽǼǿܵĸӶȣü֪Ѷˣķǵʱ뾫˷ʱɱ
ˣһЩѵ
ʵϣǵûΪˣߡעߡƽʹߡƽʹߡ
ҪƽһЩѵʱһҪûֿûʧô͸Ҳ½ġ
1ƽߵĽѵ
оԣأ
ƽߵĽѵҪһЩ̹ģ
һƽ˵ܲʵȥƽһ˵ѵĿʼƽ鷳ƽ֪ѶһȤ¡һҪŶ¾Ͱдˡ
òҪдƽߵĻὫ˹ǽˣǳǿҵһҪƽ㣬òʧϵıƴģ˸Ͳ̫ˡ
һͨĽѵ£

̬ȥѵˣôҲûа취ֹˣϾȨļоûҪҶĶˡ
ʱ򣬼ʹõʲôĶӰ죬ΨһȽϿľӲеһЩˡǽļɾվջվĴ룺



2ƽʹߵĽѵ
Ƕڼ˵Ľѵһƽʹ˵ҲҪ䵱ĳͷ̫ܶǵĻƻһ˵һιᣬݴ󣬻һЩСʧɡ
£ԼݽʵĴɡ
1֣鷢ƽʹʱΪһЩ棬һЩ棬ԲһЩʧ
2֣һЩݸˣǷǳԵĴЩʧ
3֣鿪ʼһʱãƽʹ϶ݣ˵ںʹΪƽѿʹˣʱʱݿһᣬֻˡ
ױ߾ַ
ʵһְ׮ڷºټǷ棬ݿ洢һʱټǷûļֵܷôѧϰ
ƽʹߵòõ³òҪɾҪݡҸǲɾõݵģϾЩǹҵĲƸ
ܵ8ܵĽ˫ӮУûʶעᣬͬʱҲˡ
3ΪҪ
߸һЩѵģBUGдܳҲBUGڡû˾Ͳ̫ˣϾһҪڱġʹǶԵģû࣬ô̫ˣû˸ˡ
罭¼ǰJU֮
ܸһƽ߼ƽ⣬Ϊ˴ȡûԴϲˡױһӣϱƽˣʵϻڰ׮һʱûҪݱˣֻܹԹעᡣ
ܵ9ڱõܴø㡣
ţ֤
е˵֤ɿǴδƽļܷȷʵַƽ⣬Ϊעʼϵģôȥƽѽ
ܵ10һõ֤ûƽ⡣

1ʵֵԭ
֤ЩϷе֤
֤һԼܣڷˣͻ̷ͨڹСͻõĹдпͻ˳򣬵Ҫ֤ʱͻ˵Ӳͨ紫͵У˳򽫼ܺעͨ紫ظͻͻеĿͻյڴнܽжע˾ͨʧܡߵķϱûעݿ⣬ʱ֤֮á
ڴ˿Ա±ƽ¿
ȣ֤ͨʹصע룬ҲǼܹģȥҲѣҷ߱ܵģ˿ʼսӴע롣ҪȥѧϰҲ˵
οԤƽ⣬߿ɽҪֱӷڷУ֤ͨͣȡݣӶƽĿͻ˱ƽΪЧ
ٴΣʹƽˣҲԽɵͻ˳򣬼˵עݿ⣬Ӷƽɵʧƽıʧܡ
߿ɿӿͻ˵ʹ飬ظƵ֤ȡݣͿֹͣͻʹá

2ڵļ
1ûĳҪͨʹõģ֤Ҳʹá
2߱Ҫ֤ȶߣôͻʹãҲҪ߱һķάԱҪϸߣҪһķھ顣
3֤Ҳһȫ֤գҪֶν֤Ҹ谵׮ơ
4ܴڿͻ̫࣬һղҪϷֱӼϷڱáڵĵͨܣɿһӵһͨԱʱ֮衣
ʮܹ
ĵĿô˽ܹܶ£һҪ˷־ŶܹǸõĹߣһõͺŵļܹΪʡģ뿴ɣһŶ֧ء
̳˵Ҫ̫˼ϣҪܣȻ˼ڼҲ룬ⶼǰСѽԼʱĻֻҪùһǾͿˡ
ܵ11벻Ҫ̫˼϶Ҫһǿļܣܹõѡ
˵ʵڵĹǰöˣǰ˵йƻģˣڵĹѽԽԽˡ֮ҷðɡ
һͼܹߡһװڲڡڵȽӿϵӲ·ͬʱһʹڸԵĽӿ͹ʱڼϵѯѸټѯӦȷӦ֤Сû򽫲УӵӲһֹ档ҵֵһ㶼
ƽʱĹҪС󹷡⹷͡⹷ҪָĲʺɫеHASPҪнأʺʣСʺء˼ʯܵ˵ܹӿڡӿǡٵȷ漼Ϻãϸƺѡ
1ܹѡ
ܹһΪڹUSBܹ
ڼӡڣΪ16ڿͬӶͼܹͼʾ
    
Ҳһ΢ͼܹƳ


USBΪֱӲUSBӿڣÿӿֻܲһͼʾ

Ŀǰһ̶ܹ̭͵ļܹUSBڵļܹһֻUSBܹڴ50Ԫҡ
USB豸רΪ豸ӶƣϸĹ淶ӽӿڱͱ豸ĳͻUSBUSB׼豸κγͻΪֻΪ豸Ƶģܶಢ豸ûп蹫òڵΪͳɱռ˲Դʹòڵ豸˽ʹUSBϺá
USBӿڱеԴߣΪṩȶĹԴӶUSBĹѹĵҪ󽵵ܹͣĹõܴơڱûеԴߣڹҪڵź߻ṩԴ򲢿ڸ͵£ڹоƬòѱ֤˽ʹUSBϺá

2ܹӿǷ
һļܹṩɵϼܹߣӿǹߡֿԼܹеġ
ܹǶּܷʽǼܾǶ exe  exp ļֱӽмܵķʽǶڸԻֱԺʽֵļܷʽϵͳ֧ Dos16/32 Windows3x/9x/ME/NT/2000/XP ĸְ汾еĹṩ 37 ǶԼģ飬Ǽܹߡ
ӿʽܵнǰͨǵļܽƵģҲҪύҪܵԭļȻɼܺļҲΪ̫ˡ
ǶһùṩDLLAPIãԴﵽüģĿġĵöͬһṩCԻVBԵõʵģ򼴿ɡ
̳ʿ˵˼̫ൽƽҲһ°Ҿøƽ˸ãǰɣ̫˼ڷƽϣ黹ǲȡܹӿǵİ취㡢ݣʱͿоνƾˡΪһܵŶ֧ѽ

3ܹд洢
еļܹд洢Сһе1024ֽڣҲԽһЩҪϢ档ʵҲԽRSAһЩݷԹ˫ؼ顣ͬҲͨDLLõġ
ʮһ㷨ԣ׮
ҪǣܲҪһʽҪñ仯֮ƽ޴֣ҵ֮һ㡣ǰ˵ֻһЩ֪ʶһҪһ֮ͨ,ܷԽԽ,̬һЩҲûйϵǡĻ޼̫ȭʱǶζԻ
ȻܶϲƵģодעǶ໨Щʱ䣬˷ǵҪһЩ׮Ҫü򵥵ġڡжϣپɸļ㷨Ϊİ裬ƽ뷴ƽһս㲻ܷƽ⣬ҲҪƶһЩԾֹؿƽ߷ʵݣݵǳԡ񫡢ղܣôǵľѪ
1ݿôк¶
̳ϸû˵Լݿ뱻֪ˣôǿһμݿģ£
 (ȡĿ¼ ()  \ʿ.edb, , , , , K39DKEKD944, )
ˣǱһ£һEXEļȻļ׺ΪTXTǾͿԲPEרҵߣֱü±ˡ
Ȼڼ±룬ҿʲôͼз׵Ĳ֣


̣Ȼݿᱻ֪ˡ
ǰĶһ£ֽΪɵַȻֱȫֱжһ֣ڳ򼯱зһ֣Ͳˡ
飬ֻĶһС֣
  K  ı (13  3)  ַ (68)  K  E  K  D  ı (18  2)  ı (22  22)
 (ȡĿ¼ ()  \ʿ.edb, , , , , , )
ٰǰĲ鿴Կݿǰ뱻Ĳֶˣͼʾ


Ӧ˰ɣȫõĻһñҵġ
ʵϣҪļܿ˵ҪֿţȡַλƻȡķԼӼ˳ķԵõһغַ
ܵ12ؼַܵһҪҼܡ

ҵ1һַҪ£һַ͵ݣΪַȡ룬ȡλλ룬Ӽ˳ƽӵԴ롣£


ҵ2һڿִ룬Զֽ⣬ڱõEXEļвǷַͬ

ԼһߣôרõĹ߻Ҫðɡ
ҵ3Ϊ˲˴ܰʵƽ⻷ҪǵĴ룬еӳȫ滻ɵӳȻıעFunc_3dfsa_fs32zlfv()ʲô˼ֻ֪ˡ
дһԡƻ˼·ΪԴ븴ΪıȻûһһӦлңȻճУӳƺͱƵȶΪԤַ֪ˣ˼ǿ˱ԡע⣬ֻеҪʱʹ֮һעⱸԴ롣㿴ԼĴʱɱѽ



ַλ    ǷEXEҵ    ǷԴҵ
    ɿ    
        
        
        
˵        
бĿ    ɿ    
ȫֱ        
ȫֱֵ        
򼯱        
򼯱ֵ        
ֲ        
ֲֵ        
        
ֵ    ɿ    
Զ        
DLL    ɿ    
DLLļ        
DLLжӦ        
DLL        
ͼƬԴ        
Դ        
        
ӳ        
ӳ        
ӳ        
ģ        
    ɿ    
Ϣı    ɿ    

2ϼ㷨
ǽṩм㷨֮Ϊ㷨
ṩּм㷨һݿļܡһò˵еԴԵԾˣһҪЩֳɵĶ
ʹԴݿļܹĿǰǷǳɿģƵ㷨ĿǰûƽݿĹƳʹһЩҪĶڼܺݿʮְȫ

ԴҲһ㷨ܺԴԹ˾ҲܽܡһעҵҵעҵԴùÿ̨жУֻ֪ûп֤򲻿
ͼΪʹò˵󵯳ĴڣҿΪԴϱ


3ڱ
Ĺ°ɣкֿţʹҵһطҲûʧҲˣҲرͼҲֳһһĴš
ӹ¹ǵС˵ܿɣʵ۽رͼְ˲ţһһҵǷǳѵŶΤСҲʱҵȫŶ
һЩȽҪıַıҲԷֿλôţֶΡֿʹţʱתֲָֿͬ͡ȫֱ򼯱ֲš
ܵ13ؼܵĲһҪֿš
RSA֤ҲҪҪһԵȫ֤ˣһҲûСӦʱ֤һ֣֤һ֡
DebugֲԿDebugߵľޣһֻ4ڴĶϵ㣬ÿϵ㲻ܿƳֽڣڴϵ㲻ܿƳ16ֽڵ
עᲿ300УԷֳ30ӳûظӳ򡣷һЩGHOFFICE˴Ҳʧʲô

ҵRSA֤һ֤Ϊ֤ÿηزͬ͡

4֤

֤Ҫһ֤һֱڵģ˾ͺ׵¶ϵˡʱһ֤⣬µ֤ģ30֮һ50֮һĻ֤˻᲻ͣһ֤ƽʱ൱س
ܵ14㹻֤ƽ
֤벻֤ͬӳ

еһЩֻ30֮һĻ֤

ڴзһЩɫͼһͼƬ˲һûһˣͻᴥ֤

Ǽܱƽ⣬ڣôƽٶȸ㷢ٶȣôԶ°˵ƽʱдһĴ۴ʱֱдú㡣
ƽ֮һü˷

İ취Ҳʹãڶ֤ע롢Կעļͨ10000飬ͬԱԺ֤˷һЩڴ档֤ʱʹеһ֤ڼ˲֪õеһеıȶԣģÿֵ֤һüѪŹء
ƴѭף10000ƴΣ
[ƴ] = 123456  һעԿƽ֪Ҳν
ƴѭβ
[ȡ110000]
㲻Ҫ̼ע룬10000ݿֻҪԺһþˣƽ˲֪õһͬʱȱʱʹһЩٵĶȡעĵøƽߡַԳӰ΢㵽ֻ˷һڴ档ΪDebugڴ¶ϵľ,Ҫ¶ϵ,ľƽˡ
5ͬȨ֤
ʱһ֤ǷǳҪģü֪ȷʵ֤ˣɾ裬εֻ֤һ֤ûȫ֤
еĽʱעϢҪ֤֤Ϊƽ˾ԣΪߺо顣ԵҲҪѽ
磬ʱ֤ͨһΣ֤ǿһȻĵطٽ֤Ϳˡ
ȷһ
ƴѭ(ֵ֤1)
ע = 1
ƴѭβ


һӳ֤ͨ
ƴѭףעᣩ
ƴѭ(ֵ֤2)
ע = 2
ѭ
ƴѭβ
ѭ
ƴѭβ
ӳ֤ͨ
ƴѭףעᣩ
ƴѭ(ֵ֤3)
ע =3
ѭ
ƴѭβ
ѭ
ƴѭβ
ʱҲԽһôȻǲǼֱ֤ˣ

6͵GHOFFICE˴֤
ǰѽָԭڳΪٷһЩGHOFFICE˴ԺƼҲһð취GHOFFICE˴һЩٵ֤룬ĵģĴϰǧü
ʵԸЩתָıơ˵һ취͹ͷ۵ˣڳвԼжǷйص䣬Ҳκʾ˳ϣжΪתһƺܺķ֧Ǹ֧ķ֧ֻ࣬ڼ㹫ʽ㷨Զһ£ʹȷǾڻ뼶ϾͷֲĸǶԵģĸǴˣʹΪƽɹʵʱõĽٳǾûȤˣǺǣİɣ
ܵ15GHOFFICE˴Ȼ֮٣ܹá

ҵ1һԻ
ҪһԶɳɰǧԴʽֱӿгΪҲ

дһ󣬾ͿԶGHOFFICE˴룬ȻƣճԵĳмɡͼʾ

Ҳɣɵı⿽Ϊȫֱ򼯱ֲʱƿΪƣֱӱ󲻻EXEļҵͬơԷĵؽЩƶΪGHOFFICE˴ﳣ1GHOFFICE˴1ȵʾ

ҵ2һ
ҵͬϣҲԶԵһЩGHOFFICE˴룬Ҽ˵ƽ⣬ҵȫGHOFFICE˴룬Ӷӳƽʱ䡣

ֱͨӿ༭еݣճĴУԶͼʾ

ͼɵһЩĵļܷGHOFFICE˴룬üȥоЩGHOFFICE˴ɡ
ӳҲʱһ£õģö̵߳á
ƽʱעռһЩڼʱӳ򣬿һԳУ棬ĴΪGHOFFICE˴õĳУȻһЩȫǴˡһûȶԡ

7α֤

Ⱦһ˵ɣױ10.0汾ǰѷдעڣױı˼ܷʽױ10.0ƳǳעעעʹáЩûעȡõעʹˣһʱ䣬ûҪݴױͻȻһݿⱻˣֻעױױΪݿ
Իжױ°汾α֤ڽΪԵĵطṩһ֤֤ʽûо̫ǿļܣ֤һ²ŴǼ鵽ûҪݣݣʹô϶ࡣ
ԭעļǰעƴӶɡһֻеһע֤ʱеڶע֤
һ˫ӮĲԣױ߼յעѣѵ˻ǸҸлױߡҪѧϰŶ
취ݿӦüʱãһЩûݵûЧ
ʱ򷢲ԼдעŪƽ棬ôƽľͿܲˣʹƽ⣬˭ԼԼдƽ찡ܼƽֻƽһ룬ûʹˣעٸǮҪлл㣬Уã
ܵ16α֤ԻһƽߣԼһαע
8ʱ֤ʱ֤ͻݼ֤
һʱ֤20051·һôڶ20056º󴥷֤ᡣ
һݿƷôڳݿ5MBʱͽ֤ȷЩǲظģġ
ױα֤ʱгϳµעûעʾעɹˣûҪݺĳӣͻȻ򲻿ݿˣûżΪΪƽɹˣԽҪˣֻǮױ߽עˡһǧлԼƽ⡣һѽ
ݿӦ˵Ǿõİ취
ҵһ㷨ݿУӳͳݿʹʱûǷǿĶݡͳƵ1000ʱ֤˼·Ϊͨ鿴ûûʹøճݼϽдظģ˵Ǽڿƽ⣬һһϵģ˵ʹõҪϣʱжԱȾͺˡ
ϵƽʹмõĿãͨ6α֤뱾ϣôͿ֪ǲûҿݿ⣬עٸ
ܵ17ܵĽӦ˫Ӯα֤һϲߡ

9֤רҵ֪ʶϼ
֤רҵ֪ʶϣü˱ѧϰרҵ֪ʶȥƽ⣬ĹԼдһĴۻҪ󣬶еרҵ֪ʶרǲ֪ģһϺõļܷ
ǰвˡֵ֤1Ĵ뷵ص01֮һó˷лϼ㣬磺
 = λXֵ֤1
֤ȷʱص1ʱĽȷģ򷵻0ʱĽΪ0Ǵġ
ĴԻϵרҵ֪ʶУ磺ɽɵ֧еĳطд㣬Խĳļ˽ϼ㣬ͼɽͼе㷨ּ㣬ࡢ
ܵ18֪רҵ֪ʶƽ߲һ˽Ŷרҵ֪ʶ֤ϰɡ

10αװдֿ֧
ҿԽDLLļչΪԵֿ֧ļFNEչзǶFNEļһдһֿ֧⣬һΪ֤֡
Եֿ֧ļFNEļʵһDLLļֻչı˶ѣдֿ֧ķ۾ѷһƪӣй˵̳۾ӾͿҵˡ
ҵҵ۾дֿ֧ӣԼдһֿ֧⡣
11İ׮
Ӧ뵽ôʵֵİ׮ǰ涼˲٣һЩرİ׮Ʒζġ
ҿһЩ۵ĵطٷһЩ׮磺ڴС¼֤ĳ걻ƶ¼֤
ʱҪ֤ڸһ֤УҪһͼļǷ񱻸ġ
ͬһ֤ʹöΣΪѾ֤ˣûбҪ֤һΣ෴ʱֲ֤ü˷ʤʱԣֱģǾ˳򣬶һЩӳҲ֤

İ׮Լá
ܵ19Ҫǰ׮ãƽⲻȫһЧƽ⡣
12汾
еڷʱǲ汾עṩҲԣֻ鷳һЩѡеͼͼƬԴûעٸȫͼƬ
ҲеĽDLLļе֤˿մעṩעDLLļע롣еֱӽKEYļDLLļṩ
ܵ20Ҫ汾Ծƶ

13ݽϼܼ
ѳҪԴŵһݿļУݿ룬ժҪ任Ľ֤ûעᣬѾעᣬͶгȡִļȡժҪԼƵ㷨α任γһִøִΪݿݿļݿʧܣ˵޸ˣֹмɡֹҲûϷҲԴ
һͬ㷨ݿ룬Ȼݿܼɡ
γ㷨ʹôֿ֧⡣ǻûдעĻֱӽֿ֧з볭ȥͿˣûʱ㡣

14Զ㷨
ǰ潲RSAֵֿ֧⽻İ취һе㷨ֵֿ֧еľ󡢸Ҷ任ȸ߼ܾ͸ˡ
RSAңҲԶһЩRSAԿ510νҪǽЩע붼ңü˿ҵķԼķˡ


㷨ҪԼȥоˡףҺˡ
ܵ21ܲԹŹֺͱ̬ķŶ

15ܿͼ
һܵƿͼҿԸԼʵıܵĲԣ

ͼΧ˻ָ룬üͨǽбѿҲνΪ˰׮顣
ͼбʾкȽ˳עһ֤ûעļƽ⣬עӦһ̵RSAעRSAĵӡαעҲν
ð׮ʽԴڱ⡢ȨϢ֤ǿǵһ֤Щױ˿ӶȥһЩּȡò̶֤
ð׮ķʽԼӿǺԽУ飬ҲҪڳ֤УױȥԲļȣMD5CRC32ϡ
ð׮ķʽ˷ģ顣
вGHOFFICE˴֤롣Դбעġ
ĳеڶ֤עȡڶݣע볤Ȳȡڶݣô˵ʹαעûݿǮעᡣ
һټ֤עļȡݣע볤Ȳȡݣô˵ʹαעûݿǮעᡣ
лע⽫ַܵҷֲͬطţϼҪݣҲɼֵֿ֧㷨ҲԼһЩͷֶΣҲټԼһЩ㷨






һЩ˵ıժ¼,δе,ڴ˱ʾл!
¼1γѧ
áӦѧߵĻ
룺һǷֹСÿļһǷֹĶļϡ
һڱչУѱչŦԼĳطȻȥšⲢǰȫء෴һڱչУȻѱչƹ淶ͬıչ㣬ԱõĿչרܹоװá㻹޷򿪱չȥţǰȫġ
˼˵һϵͳİȫֻԿıԣ㷨ıԡ
Դݵļܵȷ㲻ԸЩݣݵģˣÿɿļ㷨ֻҪƽ߲֪ݵ룬ͲɽЩݡ
ǣļܲͬݵļܣֻǡءԸⲻԸϷû CrackerЩݣģҪڻУԻͱġȻԡЩģô CrackerͨһЩҲԿЩġ
ǣϣκܼƽ⡣ֻƽѶȲͬѡеҪ Cracker æϼ£еĿܲѴ֮ͱƽˡ
ԣ񣨼ϵķ棬ϵķ棩 Cracker ƽѶȡǻƽϵĳɱƽĻҪߡ Cracker ƽú--˭ỨǮȥ 
ȻҪƽ⡱γף Sony Ƶĳǿ棨Key 2 Audio CD棩ʹ˺ܼ˵ļȻȴһ֦ǺűƽˣΪǵķЦϣ
ԣܶ࿴ȥܺõļ Cracker ǰȷһŵһCracker ķ֣ǡƵķ漼Ҳ벻ĵط Crack ˡ
Ϊʲô ΪڻУͻǷ--һǹؼӲȫ󶨣ܷ룬ǿ IDEA ֮༸ƽϵͳġ⽫ں̸ͳʱϸ˵
ҵҲܱ֤Crackڼ֮ڲƽֻ˵УҾס˵ǰƽձʹõķԼõĿܵȱڡţעѪķһʽķ


¼2ü򵥷ֹƽ⡷

DebugֲԿDebugߵľޣһֻ4ڴĶϵ㣬ÿϵ㲻ܿƳֽڣڴϵ㲻ܿƳ16ֽڵ򣻵ڶǶԶֻ߳ͬʱһ̡߳
עᲿ300УԷֳ30ӳûظfunc1(),func2()... func30()ŵĸ֣һܷһԼҵˣҪMemcpyȳϵͳÿע룬Լд,MemcpyܺдܲνinlineչעᲿֺһҪдע룬ڼʮϰҳõעᲿ֡
DebugĵһҪһ:עҲҪһ𣬼ע12λǧҪһ12λע룬ڳĲͬλö12ȫַÿһλעڴͲˡټܴһ£򵥵ַͿԣ֤ʱٽܡҲҪڴ汣֤õıõ֤ʱɢڳĲ֤ͬУתһЩֵУԸLoaderȽЧ
ûбҪøӵļ㷨׳Ϊ׷ٵĿꡣֻҪ㽫עᲿص㹻ãҲû©㻨1дļ㷨ƽ߿ܻỨ1001000ʱƽ⡣󲿷˶
㽫עһ𣬾ĲƱִȻǳԽܣڿӾʹˡ
ŴõķǽƱںϣûвرͼиֺ͵ֶֻһ·һڣҪһô룬ܳ,㽫עᲿֲ棬صĺþͬƱںЩνCrackmeֻǸִѣԭʼķԴﵽͬЧ
1.עҪ̼ע룬Ϊע϶õϵͳãϵͳø¶ϵ㡣ȷŵڴΪȫֱ,Ȼڳκβ,κʱ,ע,ڴûκϵͳõġ
2ְ취ڴע룬
һַڼǰɢע룬޷ڴעֵλãΪǻעλø¶ϵ㡣
һַ෴ڶע󣬶νעڴ(Mallocദ)ĸλ˷һЩڴ档16Bitsע10000ݿҲֻ160Kڴ档MallocЩڴ,ôúʹõȫֱһ(ʹƽHEX ༭򿪲ĳʹǲڴĴ,Ҳ޷ݺעֳ). 㲻Ҫ̼ע룬10000ݿֻҪԺһþˣƽ˲֪õһ. ͬʱԲһЩٵĶȡڴעĵøƽߡַԳӰ΢㵽ֻ˷һڴ档ΪDebugڴ¶ϵľ,Ҫ¶ϵ,ľƽˡ
3ദCRCУļС飬ֲԾ˳һҪദ飬ֻһΡ
4inlineעᲿֳַС飬ɢСܷڲͬ߳. Ҫκʾڳеڴһ־,ʾϢҪӳһʱ,ҪƽͨʾϢҵ־λûλãǰȻҲ10000,һʱ㲻õƽ֪ǵλ.ұòҪ01,һòֵΪעɹı,βֵֻԼ֪

ʲô㷨νĿľƽߵ÷Ӳ͹ŴرһֻҪѼۼܺòɢƽֵôͷӲƽCrackmeǱ䣬ǿ֣Ŀȷܴ򿪣лըҩĲرص㣬κοֶûá

ַõĺõĽ״עķҴ췢ӵغܴ󣬶ƽ߻鷳㲻ڸʲôֻҪƽ߸о۾Թڲû.Ҷ˵㷨Ҳ,Ϊܸû㷨,ֻԹҪó򷴻ص,˶עʱ,ʱûϵͳ,ڴ,޴¶ϵ.ʹøӵļ㷨ͨĽ鷳ƽߺףΪּ㷨Ѿо͸ˣøӵļ㷨ĵûϵͳ̱¶עλãΪƽṩ˷㡣

Һͺܶһ,Ҳǲ,ҳһͱ0dayƽ,Ҽÿһ汾ǶҪƽ.ڲ,Ҳ̫˽ƽ,ֻȥSOFTICEֲ,ôһ򵥵ķ. 0dayȻǾḻҲƽ,ƺҲ˽͸Ľҵĳƽ. ƽǻ,. ҾǱƽ,ֻҪЩinlineúȫڴλ΢һ(ֻҪ2-3Сʱ),һεƽǻ. һûȫʹķ,һû10000ݵڴ濽10000ݵı. ΪֻǼ򵥵inlineͽעϢȫֱһ,ھѾ,0dayıƽ;ƻ.

¼3ݽϼ
ƽУĹ

--ΪؿڡԱ20034142ڣҪתأעԡԱ
--˽һѧߣ©֮λǰָ̣ллcrossbow@citiz.net

ҵĿǰϱȽŵĻ⣬ڸˡǧйԱԼͶ뵽ڵͶ÷Ļرʵʲˣ˶߱顣ֵעǣѡͼϵԭ⣬ԭǹƽ⣨Crackˡ

ƽöˣЩľ󲿷߶һһ֮ھͻϷע߱޸Ĺл֮ΪơƽӢġġġĵֵעɢ˵߼һݣһڿšǵ˭ûûҹذҹ룬ѵõľڿͲ

ҲԼͶɹǣαעڣϹƽϺͽ̸̳ʰǣǷëǣ඼ϵʲô¢ϣֻ״͵൱һѵļܷǳԳƵǡǡҪ֪ҪԵѾγŻڶƽѽڵʲôCCGBCGeGisKingCoreTNTDAMNTMGΪˮƽһƽ֯ȫ80%ǵƽģʵ˾Сӡ

ǷѾѾˣ£Ȼ޷ȫⱻƽ⣬ܹЧӱƽʱ䣬ִƽߵģǿƽ޷ĥӶշġ

ƽ⣬ͨ--ƽ⣨ƣдעҾνÿƽⷽԭӦԷЩǱ˻۵һЩ飬ĳЩؼط̽⣨Delphi룬ʹC++VBѿԼ΢޸һ£ϣܶЩܹЧرԼͶɹ

챩ƽ⣨ƣ

Ҳ򵥵ƽķ÷ʺڶԸûCRCЧƽڲá

󷲹֤ǷעҪifжϣʹʲôRSAECCǿ㷨Ҳⲻʹif䡣ǺǣǹΪΣյĵطŶȻҲǱβѰĿѽ

磬עӳԴ£
. (ǩ֤ (ֽڼ (༭_Ӳ.), ༭_ע., , ģ)  )
    Ϣ (עɹ, 0, )
.
    Ϣ (עʧܣ, 0, )
.

עắʹʹǿRSA㷨ע֤Ȼױƽ⣬ֻҪ޸Ϊ
. (ǩ֤ (ֽڼ (༭_Ӳ.), ༭_ע., , ģ) )

. (ȡǩ֤ (ֽڼ (༭_Ӳ.), ༭_ע., , ģ)  棩
ͿƽɹˣʱϷԵĽκע붼עͨ෴ȷעȴ޷ͨעᡣȷ߸ĳҵжעcmptestȻָĹؼתָͨjejz֮Ļָ޸ΪjnejnzɣֻҪ޸һֽھͿƽ֮

źǣĿǰ󲿷ֹжϵģҲΪʲôϱƽǵصҪԭΪƽʵ̫ˡ

ѵûʲôԷֹķ𣿵ȻаֻҪĹؼǶ뵽עעļоͿԳַֹƽ⡣ǣôǶأ

򵥵ķǰѹؼ루Ʋؼ򵥵һһСDll̬ӿ⣩ǿԳ㷨ܣܳ׿ĳһ̶ĲֻǵֵһעļLicenseļǺǣʽֻ֪ŶBase64һעļû˫עڡ

Ч£עû֤עʱ֤ûļûļȻƵĹ޷ʹáעļ֮һСʱļѿǻ߱޸ģƣȻֵ벻ܳĿ϶GHOFFICE˴룬ûһôֻûб޸ĵȷĽ룬ҵȻֻнȷļһDllļܱGetProcAddressҵõĹؼַֻעûſܵȫˡ


һCrackerƽͱúˣ

ȣûעļʹѿˣƵĲֺעļǹģҲ޷޲

ڶʹõעļǼļҲ޷ֱ֮ͱȥ㷨ԸŶһ99%CrackerǻģǺǣֻԼ㷨оCrackerֲŻƽȥ

ǿЩСʹʹһЩģǺǡƼʹDSAܳ׼㷨RSAһԽǩRSAԼܣDSAֻܽǩѡԭһǳʵõԣơDSAÿǩҪʹһKΪKĴڣʹͬûͻʶ룬DSAܹÿעļͬCrackerעļ˵һϰ

ģʹõ˽ܺDllļҲҪȵ޸߰DllֵĹؼִļСǺǣͿPEļʽˡʹĳдHashЧ룬ǺǣĵǿɰCrackerͬ־Ѫɡ:)

ԼסDllʱļڴжشDllɾעڽ֮ǰ̽һ£ϵͳûFileMonв̽ѽ
    { ̽FileMon }

    function DetectFileMon: Boolean;
    begin
      if CreateFile(PChar('\\.\FILEVXD'), 
                    GENERIC_READ or GENERIC_WRITE,
                    FILE_SHARE_READ or FILE_SHARE_WRITE, 
                    nil,
                    OPEN_EXISTING, 
                    FILE_ATTRIBUTE_NORMAL, 
                    0) <> INVALID_HANDLE_VALUE then
        Result := True //УDown
      else 
        Result := False;
    end;  

ȻԱøһЩԲʱDllѽܺĹؼWriteProcessMemoryAPIд뵽ִļԼ̱ύCommittedڴҳָλȥڴûнܺʱļƽѡʵϣĿǰǿרҵArmadilloõַַԳַֹDumpʵȽѣWinNT 5ԺĲϵͳС

ַעļƴΨһõҲֻиɵۡҶϹƣʱʹƸӰȫ

дע

˼壬ַģע㷨ע֤㷨дĺһģһעв󣬱˻дעǺǣֻˡ㷨ǰעĺϷûñȸעˣ㣡Ǻǡ

ķȻԱⱬƣעвǴڵġCrackerҪдעϸо֤ģ飬Ƚѿǣٷõ١ӿǺͱ겻ܱѿǣ˿ϧǵĿǰΪֹûһǵŵԡCPUִеĶЧָԵĳԽѹɺٴڴDumpͿʵѿǡ˲Ҫڿ滨ܶ๦ΪûҪ

Ǻ͵ҲǲֹܷģΪеWin32ǱͨAPIWindowsϵͳеĹؼDllģKernel32.dllGDI32.dllȣȻAPIǿHookġֻܴԼĴǵͶʵˡ

ΪԼԺԺάķ㣬һָǵĺCrackerɳ֮ĺʲô˼ӦһĿȻɣIsRegistered(), IsLicensed(), LicenseVerify(), CheckReg()...CrackerͿɵشǧҵĿ---עЧ麯ƽDelphiдһTMGСƽ---DeDeɿFormUnitͺԷһִ룬ǿԺWin32DASMĴ룬Delphiв

Ϊ˲Crackerܰʵƽ⻷ҪңObfuscateǵĴ룬еĺȫ滻ɵĺFunc_3dfsa_fs32zlfv()ʲô˼ֻ֪ˡֳɵĴ㰴ʹõıԵҵһЩע⣬ֻеҪʱʹ֮һעⱸԴ롣㿴ԼĴʱɱѽ

һҪʹùܳ㷨RSADSAEl Gamal֮㷨Դҵע⣺㷨Ԫе漰㷨ƵַȫⱻCrackerõ㷨ģдע㻹ŹõDSAȫ滻RSAǺǣģȥɣ

㷨Գ㷨Hash㷨ҲҪע
    EncryptedCode = Blowfish(MD5(UserName), MD5(Key)); 

//ļ㷨ʹBlowfishԳ㷨MD5Hash㷨
ȻҲ˽BlowfishMD5㷨ԭҲǣ˽Ч㷨̺㷨ϾͿԴҵƵBlowfishMD5㷨Ӷģעǡ$&*&($#%@!

õʲô㷨Skipjack (NASAֱ׼㷨), LOKI, 3-WAY, Safer֮಻ǿȺܸߵ㷨ȫȥогɶѵ´ʲô㷨ɣ:)
    0167:005B9F70  MOV    EAX,[EBP-10]
    0167:005B9F73  CALL    00404000
    0167:005B9F78  PUSH    EAX
    0167:005B9F79  MOV    EAX,[EBP-10]
    0167:005B9F7C  CALL    004041C4
    0167:005B9F81  LEA    ECX,[EBP-14]
    0167:005B9F84  POP    EDX 
0167:005B9F85  CALL    004B860C

ȻðHash㷨Ҳȫѡע⣬MD5SHA֮HashĳʼֵᱻCrackerڴҵ֪õHashˡнͬʱʹMD5ı㷨Ripe-MDRMD128160HashTiger, Haval㷨

⣬עҪЧĳǷ޸ģHashЧ飩޸˳ע⣬Щ޸Ľ̵ľָں˶Ϳֱ޸еPEļȾ֮ˣ⻹紫ҲᵼCRC벻ҪΪִļCRCʱѱѿˡ

ʵѿԵı־СԴѿǰ1MPEļUPXASPack֮ѹֻͨ400ҡзԼĴС800KӦ֪˰ɣǺ...

һ㣬ǵвܴǲ϶CrackerʹSoftICETRWOllyDbgǵĳ򡣳˳õMeItICE⣬Ҹһдķ
  { ԼĽ̵ĸǷΪExplorer.exeǱ }
  { ע⣬̨ĸWinNTCmd.exeŶ}
  { עTlHelp32.pasԪ }
  
  procedure CheckParentProc;
  var //ԼĽ̵ĸ
    Pn: TProcesseNtry32;
    sHandle: THandle;
    H, ExplProc, ParentProc: Hwnd;
    Found: Boolean;
    Buffer: array[0..1023] of Char;
    Path: string;
    begin
      H := 0;
      ExplProc := 0;
      ParentProc := 0;
      //õWindowsĿ¼
      SetString(Path,
                Buffer,
                GetWindowsDirectory(Buffer, Sizeof(Buffer) - 1));
      Path := UpperCase(Path) + '\EXPLORER.EXE'; //õExplorer·
      //õн̵б
      sHandle := CreateToolHelp32SnapShot(TH32CS_SNAPALL, 0);
      Found := Process32First(sHandle, Pn); //ҽ
      while Found do //н
      begin
        if Pn.szExeFile = ParamStr(0) then //ԼĽ
        begin
          ParentProc := Pn.th32ParentProcessID; //õ̵ĽID
          //̵ľ
          H := OpenProcess(PROCESS_ALL_ACCESS, True, Pn.th32ParentProcessID);
        end
        else if UpperCase(Pn.szExeFile) = Path then
          ExplProc := Pn.th32ProcessID;      //ExplorerPID
        Found := Process32Next(sHandle, Pn); //һ
      end;
      //ţ̲Explorerǵ
      if ParentProc <> ExplProc then
      begin
        TerminateProcess(H, 0); //ɱ֮֮Ү :)
        //㻹ԼʲôǲǲλɰCracker :)
      end;
end;

DelphiVCԣǺǣǲǰDelphiVCɱˣΪõDelphiVCõĳģȻײˣǺǣԵʱ㻹ǰע͵ɣʱǼӴ

һ⣬ҲһǳҪ⣺ַַעģзǳҪһоCrackerƽʱľȡַע룬õڴעʾͨǡЧע룬룡ߡInvalid key, please input again!ȵȣȻOllyDbg¶ϵԻWinDASMIDA ProȾ̬ڱѿǺĳвǸַҵзˣһַһ ʹʱʱܳҪʹϢʾ ⱻCrackerҵ©ַҪ̫ӵ㷨һٵĶԳ㷨Ϳˡ

һ䣬Ҫڼϻ̫ĹӦðѸʱ;㡣һλǰĻҸҰɣʱ俼ԼǷֵñûҲûˣҪ߹Ҫԡ