格式验证
Pswd:XXXX-XXXX-XXXX-XXXX-XXXX
不能包含空格
检验pswd [7]、pswd [8];[8]’C’ && ([7]’9’ || [7]==’F’ )取19字符
处理name,去除开头、结尾的‘\’或‘“’
处理pswd, 'O' 'o' >0 'l'>1
校验
#include <iostream>
#include <Windows.h>
unsigned int getboxnumb_1403491A0(char* name, __int64 not_fc_flag, __int64 zero_or_calc_2c, __int64 calc_30);
char __fastcall calc_2c_140349150(char a1)
{
return ((a1 ^ 0x18) + 0x3D) ^ 0xA7;
}
unsigned __int16 __fastcall calc_30_1403490C0(__int16 a1)
{
unsigned __int16 v1; // er8
v1 = (unsigned __int16)((a1 ^ 0x7892) + 0x4D30) ^ 0x3421;
if (v1 % 0xB)
return 0i64;
else
return (unsigned __int16)(v1 / 0xB);
}
__int64 __fastcall calc_140349040(int a1, int a2)
{
unsigned int v2; // ecx
__int64 result; // rax
v2 = (((a2 ^ a1 ^ 0x22C078) - 0x2C175) ^ 0xFFE53167) & 0xFFFFFF;
result = 0i64;
if (v2 == 0x11 * (v2 / 0x11))
return v2 / 0x11;
return result;
}
void oppswd(unsigned char* data) {
while (*data++)
{
if (*data == 'O' || *data == 'o') {
*data = '0';
}
else if (*data == 'l')
{
*data == '1';
}
}
}
int test() {
unsigned __int16 v19 = 0;
unsigned int calc_2C = 0;
unsigned int v20 = 0;
unsigned int calc_30 = 0;
int v22 = 0;
int v26 = 0;
bool v4 = false;
DWORD v25 = 0;
int v27 = 0;
int v29 = 0;
int numb_13u_ = 13;
int numb_18887u_ = 18887;
int endtime_28 = 0;
unsigned char namedata[] = {
0x77, 0x77, 0x77, 0x2E, 0x62, 0x75, 0x64, 0x69, 0x6E, 0x67,
0x77, 0x61,0x6E, 0x67, 0x2E, 0x63,0x6F, 0x6D,0
};
//用户名:www.budingwang.com
//注册码 : CR96 - 4B9C - 6470 - 303F
//ord('R')-ord('7')+16*(ord('C')-ord('7')) 0xdb
__int8 hex_pswd_bytearray = 0xdb;
__int8 hex_pswd_bytearray_1 = 0x96;
__int8 hex_pswd_bytearray_2 = 0x4B;
unsigned __int8 hex_pswd_bytearray_3 = 0x9C;
__int8 hex_pswd_bytearray_4 = 0x64;
__int8 hex_pswd_bytearray_5 = 0x70;
__int8 hex_pswd_bytearray_6 = 0x30;
__int8 hex_pswd_bytearray_7 = 0x3F;
__int8 hex_pswd_bytearray_71 = hex_pswd_bytearray_7;
__int8 hex_pswd_bytearray_51 = hex_pswd_bytearray_5;
__int8 hex_pswd_bytearray_21 = hex_pswd_bytearray_2;
__int8 hex_pswd_bytearray_11 = hex_pswd_bytearray_1;
__int8 hex_pswd_bytearray1 = hex_pswd_bytearray;
__int8 hex_pswd_bytearray_31 = hex_pswd_bytearray_3;
switch (hex_pswd_bytearray_3)
{
case 0x9C:
v19 = (unsigned __int16)((unsigned __int8)(hex_pswd_bytearray_5 ^ hex_pswd_bytearray_2)
+ ((unsigned __int8)(hex_pswd_bytearray_7 ^ hex_pswd_bytearray_1) << 8));
calc_2C = (unsigned __int8)calc_2c_140349150(hex_pswd_bytearray_6 ^ hex_pswd_bytearray);// ((a1 ^ 0x18) + 0x3D) ^ 0xA7
v20 = (unsigned __int16)calc_30_1403490C0(v19);// ((a1 ^ 0x7892) + 0x4D30) ^ 0x3421
// 如果为0xb倍数返回商,否则返回0
//
calc_30 = (unsigned __int16)v20;
//calc_2C = this->calc_2C;
//clac_2c>0&&clac_2c>=13
if (calc_2C && (unsigned int)(v20 - 1) <= 999)
{
v22 = 0;
if (calc_2C < 2)
v22 = calc_2C;
encrypto:
//QString::toUtf8(p_name, v36);
v4 = hex_pswd_bytearray_31 != -4;// 0FCh
//namedata = QByteArray::data((QByteArray*)v36);
v25 = getboxnumb_1403491A0((char*)namedata, v4, v22, (unsigned int)calc_30);
if (hex_pswd_bytearray_4 == (v25 & 0xFF)
&& (BYTE)hex_pswd_bytearray_51 == ((v25 >> (8 * 1)) & 0xFF)
&& hex_pswd_bytearray_6 == ((v25 >> (8 * 2)) & 0xFF)
&& hex_pswd_bytearray_7 == ((v25 >> (8 * 3)) & 0xFF))
{
if (hex_pswd_bytearray_31 == (char)0x9C)
{
if (numb_13u_ > calc_2C)
{
v26 = 78;
ret:
//QByteArray::~QByteArray((QByteArray*)v36);
return v26;
}
need_45:
v26 = 45;
goto ret;
}
if (hex_pswd_bytearray_31 == (char)0xFC)
{
v27 = calc_140349040(hex_pswd_bytearray + (hex_pswd_bytearray_1 << 8) + (hex_pswd_bytearray_2 << 16), v25);// (((a2 ^ a1 ^ 0x22C078) - 0x2C175) ^ 0xFFE53167) & 0xFFFFFF;
// 整除0x11
if (v27)
{
endtime_28 = v27;
v26 = 147;
goto ret;
}
}
else if (v29)
{
if (numb_18887u_ > v29)
{
v26 = 78;
goto ret;
}
goto need_45; // need this
}
}
v26 = 231;
goto ret;
}
break;
}//end switch
}
int main()
{
int iret = test();
printf("%#2x,%d\n", iret, iret);
std::cout << "Hello World!\n";
}
DWORD box_140B34AD0[308] =
{
969622712, 594890599, 1593930257, 1052452058, 890701766, 1677293387, 394424968, 266815521, 1532978959, 1211194088, 2019260265, 729421127, 953225874, 1117854514, 892543556, 2000911200, 514538256, 1400963072, 486675118, 1862498216, 1136668818, 758909582, 1653935295, 821063674, 888606944, 687085563, 890056597, 1513495898, 365692427, 184357836, 677395407, 863045227, 818746596, 391985767, 1842768403, 758385145, 1478392706, 1985112985, 1552765320, 746944881, 368385984, 1758203153, 1240817244, 660489060, 756944316, 1290697955, 844453952, 288239112, 1769473626, 1922176006, 826636519, 391520695, 1081548223, 1069693142, 1244729994, 766313326, 1101031894, 624951698, 14501479, 1794907983, 1460682958, 1660839647, 1104890686, 897721119, 1442187162, 480708164, 454443986, 1064446153, 1595150448, 1041527979, 1145775470, 1399869657, 255985995, 802693350, 2005610078, 1897360642, 2146073193, 1538606632, 431647857, 964049561, 395138253, 19164808, 856904574, 730737943, 708645054, 1506870658, 933323739, 819349658, 1780571206, 236747382, 533160167, 2042104933, 670325172, 2040165158, 1354372994, 705785180, 1669754395, 1066536508, 1426207888, 1437950089, 741941201, 796931522, 1694313338, 1290302874, 1367672048, 2039808424, 1062939821, 954597728, 1668694488, 859122242, 1369582617, 140269649, 53024683, 729221831, 816609203, 736893191, 55706320, 262747091, 1629838835, 581764799, 1488480625, 1607077349, 1879925846, 1453945819, 1521965565, 856558562, 1530662365, 1230847072, 1404918182, 1281256849, 1238970765, 272453753, 1640907491, 2127893021, 350314733, 556617458, 654390256, 1648581270, 531062411, 1862873022, 1241517385, 1471028336, 5121143, 1444839026, 1183580211, 1573659650, 2018540230, 1487873223, 234237236, 898254600, 1023090193, 728843548, 2007454357, 1451820833, 267351539, 302982385, 26807015, 865879122, 664886158, 195503981, 1625037691, 1330347906, 1742434311, 1330272217, 1645368040, 542321916, 1782121222, 411042851, 435386250, 1176704752, 1454246199, 1136813916, 1707755005, 224415730, 201138891, 989750331, 1006010278, 1147286905, 406860280, 840388503, 1282017578, 1605698145, 23396724, 862145265, 1898780916, 1855549801, 1571519230, 2083204840, 1859876276, 1602449334, 1009413590, 690816450, 86131931, 345661263, 1565025600, 857544170, 1329948960, 1211787679, 994381573, 991984748, 1956475134, 1098146294, 1655714289, 659576699, 689116467, 1485584392, 451884118, 255590636, 2108114754, 1266252396, 1589326471, 2019907768, 15552498, 1651075358, 614606175, 1656823678, 797605325, 1681594366, 2005080248, 624648446, 884695971, 1526931791, 1595240948, 439447199, 2060396292, 680093752, 409028215, 469068267, 195583689, 1791650630, 507724330, 1364025102, 1094582668, 813049577, 32316922, 1240756058, 1176200235, 2104494066, 325396055, 1796606917, 1709197385, 525495836, 1510101430, 735526761, 767523533, 1374043776, 1559389967, 567085571, 1560216161, 867042846, 1001796703, 1568754293, 628841972, 173812827, 379868455, 384973125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
unsigned int getboxnumb_1403491A0(char* name, __int64 not_fc_flag, __int64 zero_or_calc_2c, __int64 calc_30)
{
unsigned int v5; // ebp
__int64 name_size; // rax
__int64 name_size1; // r13
__int64 index; // rbx
unsigned __int8 v9; // r14
unsigned __int8 v10; // si
unsigned __int8 v11; // r15
unsigned __int8 v12; // di
int v13; // eax
DWORD* v14; // r9
unsigned int v15; // er11
DWORD* v16; // r10
int v17; // ebp
__int64 v18; // rcx
__int64 v19; // rax
int not_fc_flag1; // [rsp+58h] [rbp+10h]
not_fc_flag1 = not_fc_flag;
v5 = 0;
name_size = -1i64;
do
++name_size;
while (name[name_size]);
name_size1 = (int)name_size;
if ((int)name_size > 0)
{
index = 0i64;
v9 = 0;
v10 = 15 * calc_30;
v11 = 0;
v12 = 17 * zero_or_calc_2c;
do
{
v13 = toupper((unsigned __int8)name[index]);
v14 = &box_140B34AD0[v12];
v15 = v5 + box_140B34AD0[v13];
v16 = &box_140B34AD0[v10];
if (not_fc_flag1)
{
v17 = box_140B34AD0[(unsigned __int8)(v13 + 13)];
v18 = (unsigned __int8)(v13 + 47);
v19 = v9;
}
else
{
v17 = box_140B34AD0[(unsigned __int8)(v13 + 63)];
v18 = (unsigned __int8)(v13 + 23);
v19 = v11;
}
v12 += 9;
v10 += 13;
v9 += 19;
v11 += 7;
++index;
v5 = *v16 + *v14 + box_140B34AD0[v19] + box_140B34AD0[v18] * (v15 ^ v17);
} while (index < name_size1);
}
return v5;
}
qt程序逆向是比较简单的,下个qt creator,写个小应用,对照ida和moc_xxx,就知道怎么入手了。
乱写一通,记点笔记。