1. Trang chủ
  2. » Công Nghệ Thông Tin

Cracker Handbook 1.0 part 329 ppsx

6 136 2
Tài liệu đã được kiểm tra trùng lặp

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 6
Dung lượng 45,42 KB

Các công cụ chuyển đổi và chỉnh sửa cho tài liệu này

Nội dung

Trang 1

Username : REA-cRaCkErTeAm

Serial 1 : 9d883-b9449-247ac-86337

Serial 2 : 8FD-D61F6-DF7

Username : Ice Dragon

Serial 1 : b2156-523e4-5dfca-59e74

Serial 2 : 61D-FE57C-D18

Ice_Dragon(REA)

Crack soft Shortcut PhotoZoom Pro v1.095

Home Page : http://www.shortcutpublishing.com/

Production : Shortcut PhotoZoom Pro v1.095 (Copyright 1997-2004, Shortcut Software Development B.V)

CrackFile : PhotoZoom Pro.exe

Type : Name / Mail / Serial

Pack : ASProtect 1.23 RC4 - 1.3.08.24 -> Alexey Solodovnikov

Unpack : Olly Scripts (aspr_123_rc4.osc)

Language : Microsoft Visual C++ 6.0

Cracktools : PeiD, Olly 1.10

Dung PeiD kiem tra thay phan mem bi pack bang ASProtect 1.23 RC4 1.3.08.24

-> Alexey Solodovnikov

Dau tien ta phai Unpack phan mem, cach lam nhu sau :

Vao Olly, su dung OllyScipts, chon <Run Scripts> co ten la : aspr_123_rc4.osc, sau khi Scripts chay xong, Olly se dung lai tai day :

00B639EC 3100 XOR DWORD PTR DS:[EAX], EAX <<=====Olly se dung lai tai day sau khi Scripts run xong

00B639EE 64:8F05 0000000> POP DWORD PTR FS:[0]

00B639F5 58 POP EAX

00B639F6 833D B07EB600 0> CMP DWORD PTR DS:[B67EB0], 0

00B639FD 74 14 JE SHORT 00B63A13

Trang 2

00B639FF 6A 0C PUSH 0C

00B63A01 B9 B07EB600 MOV ECX, 0B67EB0

00B63A06 8D45 F8 LEA EAX, DWORD PTR SS:[EBP-8]

00B63A09 BA 04000000 MOV EDX, 4

00B63A0E E8 2DD1FFFF CALL 00B60B40

00B63A13 FF75 FC PUSH DWORD PTR SS:[EBP-4]

00B63A16 FF75 F8 PUSH DWORD PTR SS:[EBP-8]

00B63A19 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-C]

00B63A1C 8338 00 CMP DWORD PTR DS:[EAX], 0

00B63A1F 74 02 JE SHORT 00B63A23

00B63A21 FF30 PUSH DWORD PTR DS:[EAX]

00B63A23 FF75 F0 PUSH DWORD PTR SS:[EBP-10]

00B63A26 FF75 EC PUSH DWORD PTR SS:[EBP-14]

00B63A29 C3 RETN <<==== Set Breakpoint here, roi nhan <Shift-F9>, Olly se dung lai tai Breakpoint vua dat tren

Tai vi tri Breakpoint nay, chung ta nhan <Alt-M> de vao Memory, chon dong nhu duoi day roi lam nhu sau :

00401000 00151000 (1380352.) PhotoZoo 00400000 code Imag 01001002 R RWE <<=====chon dong nay, nhan phim phai chuot, chon “Set memory

breakpoint on access”

Sau khi “Set memory breakpoint on access”, quay tro lai Olly, nhan <Ctrl-F12> de

<Run>, Olly se dung lai tai vi tri sau :

005374EB C3 RETN

005374EC 0000 ADD BYTE PTR DS:[EAX], AL

005374EE 0000 ADD BYTE PTR DS:[EAX], AL

005374F0 0000 ADD BYTE PTR DS:[EAX], AL

005374F2 0000 ADD BYTE PTR DS:[EAX], AL

005374F4 0000 ADD BYTE PTR DS:[EAX], AL

005374F6 0000 ADD BYTE PTR DS:[EAX], AL

005374F8 0000 ADD BYTE PTR DS:[EAX], AL

Trang 3

005374FA 0000 ADD BYTE PTR DS:[EAX], AL

005374FC 0000 ADD BYTE PTR DS:[EAX], AL

005374FE 0000 ADD BYTE PTR DS:[EAX], AL

00537500 0000 ADD BYTE PTR DS:[EAX], AL

00537502 0000 ADD BYTE PTR DS:[EAX], AL

00537504 0000 ADD BYTE PTR DS:[EAX], AL

00537506 0000 ADD BYTE PTR DS:[EAX], AL

00537508 0000 ADD BYTE PTR DS:[EAX], AL

0053750A 0000 ADD BYTE PTR DS:[EAX], AL

0053750C 0000 ADD BYTE PTR DS:[EAX], AL

0053750E 0000 ADD BYTE PTR DS:[EAX], AL

00537510 0000 ADD BYTE PTR DS:[EAX], AL

00537512 FF15 38225500 CALL NEAR DWORD PTR DS:[552238]

<=====Olly dang dung o vi tri nay, nhin len tren cac ban se thay cac files “0000”, day chinh la stolen bytes ma chung ta can phai fix lai…hehe…Chung ta dem duoc

19 dong “0000”, suy ra rang se co 38 dong “00” ->>Vay day la co form la 38 bytes

Tai day, chung ta nhan <Crtl-A> de re-analyze de chinh sua lai cac stolen bytes do theo “form 38 bytes”…va day la mau “form 38 bytes” :

Form 38 bytes of stolen bytes:

Code:

0066B131 55 PUSH EBP

0066B132 8BEC MOV EBP,ESP

0066B134 6A FF PUSH -1

0066B136 68 xxxxxxxx PUSH xxxxxxxx << -Chung ta phai tim gia tri tai day

0066B13B 68 xxxxxxxx PUSH xxxxxxxx << -Chung ta phai tim gia tri tai day

0066B140 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]

0066B146 50 PUSH EAX

0066B147 64:8925 00000000 MOV DWORD PTR FS:[0],ESP

Trang 4

0066B14E 83EC 58 SUB ESP,58

0066B151 53 PUSH EBX

0066B152 56 PUSH ESI

0066B153 57 PUSH EDI

0066B154 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP

De tim 2 gia tri xxxxxxxx tren, chung ta lai mo them mot khung cua so Olly nua, lam lai thao tac <run scripts> nhu tren, sau do vao <Alt-M>, chon “Set memory breakpoint on access”nhu tren, va buoc khac o day la khi quay tro lai man hinh chinh cua Olly, chung ta se lam them dong tac sau, do la gan dieu kien can bang ebp=esp, va lam dieu do nhu sau :

Nhan <Ctrl-T>, chon danh dau box “Conditional is true”, sau do ghi vao

“ebp==esp” (luu y la khong co dau [“”] nha cac ban), sau do nhan OK Roi nhan

<Cttrl-F11>, sau khi Olly run xong se dung lai tai dieu kien can bang ebp==esp ma chung ta da dat o tren, cu the la se dung lai tai day :

………� �

00B7743C 53 PUSH EBX <<=====Olly dang dung tai day, nhin qua cua so FPU, chung ta se thay ESP = EBP (Good)

………� �

Tu vi tri ngung nay, chung ta di chuyen man hinh xuong phia mot chut den khi nao tim duoc dong sau :

………� �…

00B77534 55 PUSH EBP

00B77535 8BEC MOV EBP, ESP

00B77537 6A FF PUSH -1

00B77539 68 88005A00 PUSH 5A0088 <<=====gia tri xxxxxxxxxxx can tim o tren

00B7753E 68 F0805300 PUSH 5380F0 <<=====gia tri xxxxxxxxxxx can tim o tren

………� �……

Trang 5

Hehe, ghi lai 2 gia tri [5A0088, 5380F0] nay lai, sau do tro lai man hinh Olly cu de tien hanh chinh sua stolen bytes theo mau tren :

Tro lai giai doan tren, sau khi <Ctrl-A> de re-analyze lai, cac ban se duoc doan ma sau :

005374EC 00 DB 00 <<=====Nhan <Ctrl-E> de dien stolen bytes theo mau tren 005374ED 00 DB 00

005374EE 00 DB 00

005374EF 00 DB 00

005374F0 00 DB 00

005374F1 00 DB 00

005374F2 00 DB 00

005374F3 00 DB 00

005374F4 00 DB 00

005374F5 00 DB 00

005374F6 00 DB 00

005374F7 00 DB 00

005374F8 00 DB 00

005374F9 00 DB 00

005374FA 00 DB 00

005374FB 00 DB 00

005374FC 00 DB 00

005374FD 00 DB 00

005374FE 00 DB 00

005374FF 00 DB 00

00537500 00 DB 00

00537501 00 DB 00

00537502 00 DB 00

00537503 00 DB 00

00537504 00 DB 00

00537505 00 DB 00

00537506 00 DB 00

00537507 00 DB 00

Trang 6

00537508 00 DB 00

00537509 00 DB 00

0053750A 00 DB 00

0053750B 00 DB 00

0053750C 00 DB 00

0053750D 00 DB 00

0053750E 00 DB 00

0053750F 00 DB 00

00537510 00 DB 00

00537511 00FF ADD BH, BH

Tai vi tri dau tien, chung ta nhan <Ctrl-E> de dien stolen bytes…luu y phai dien tung dong mot tu tren xuong duoi theo nhu mau tren…sau khi dien xong, chung ta

se co doan ma hoan chinh nhu sau :

005374EC 55 PUSH EBP

005374ED 8BEC MOV EBP, ESP

005374EF 6A FF PUSH -1

005374F1 68 88005A00 PUSH PhotoZoo.005A0088

005374F6 68 F0805300 PUSH PhotoZoo.005380F0 ; Entry address

005374FB 64:A1 0000000> MOV EAX, DWORD PTR FS:[0]

00537501 50 PUSH EAX

00537502 64:8925 00000> MOV DWORD PTR FS:[0], ESP

00537509 83EC 58 SUB ESP, 58

Ngày đăng: 03/07/2014, 18:20

Xem thêm

TỪ KHÓA LIÊN QUAN

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN