my solution,
asm file:
.386
.model flat, stdcall
option casemap :none
include keygen.inc
.code
;Reproduction de l'algo
start:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke DialogBoxParam, hInstance, IDD_MAIN, 0, offset DlgProc, 0
invoke ExitProcess, eax
invoke InitCommonControls
DlgProc proc uses esi edi hWnd:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD
mov eax,uMsg
.if eax == WM_INITDIALOG
invoke LoadIcon,hInstance,200
invoke SendMessage, hWnd, WM_SETICON, 1, eax
invoke LoadLibrary,chr$('msvcrt.dll')
mov msvcrt,eax
invoke GetProcAddress,msvcrt,chr$('_itoa')
mov itoa,eax
invoke GetProcAddress,msvcrt,chr$('srand')
mov srand,eax
invoke GetProcAddress,msvcrt,chr$('rand')
mov rand,eax
.elseif eax == WM_COMMAND
mov eax,wParam
.if eax == IDB_EXIT
invoke SendMessage, hWnd, WM_CLOSE, 0, 0
.elseif eax == IDB_GENERATE
mov serial_d,0
.repeat
mov edi,offset Buf1
push serial_d
call srand
add esp,04h
xor ebx,ebx
.repeat
push serial_d
call rand
add esp,04h
mov ecx,1Ah
cdq
idiv ecx
movzx eax,byte ptr [edx+LowcseAlp]
stosb
inc ebx
.until ebx == 8
inc serial_d
invoke lstrcmp,addr Buf1,chr$('vflpgnqo')
.until eax == 0
dec serial_d
push 10
push offset Serial
push serial_d
call itoa
add esp,0ch
invoke SetDlgItemText,hWnd,IDC_SERIAL,addr Serial
.endif
.elseif eax == WM_CLOSE
invoke EndDialog, hWnd, 0
.endif
xor eax,eax
ret
DlgProc endp
end start
.model flat, stdcall
option casemap :none
include keygen.inc
.code
;Reproduction de l'algo
start:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke DialogBoxParam, hInstance, IDD_MAIN, 0, offset DlgProc, 0
invoke ExitProcess, eax
invoke InitCommonControls
DlgProc proc uses esi edi hWnd:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD
mov eax,uMsg
.if eax == WM_INITDIALOG
invoke LoadIcon,hInstance,200
invoke SendMessage, hWnd, WM_SETICON, 1, eax
invoke LoadLibrary,chr$('msvcrt.dll')
mov msvcrt,eax
invoke GetProcAddress,msvcrt,chr$('_itoa')
mov itoa,eax
invoke GetProcAddress,msvcrt,chr$('srand')
mov srand,eax
invoke GetProcAddress,msvcrt,chr$('rand')
mov rand,eax
.elseif eax == WM_COMMAND
mov eax,wParam
.if eax == IDB_EXIT
invoke SendMessage, hWnd, WM_CLOSE, 0, 0
.elseif eax == IDB_GENERATE
mov serial_d,0
.repeat
mov edi,offset Buf1
push serial_d
call srand
add esp,04h
xor ebx,ebx
.repeat
push serial_d
call rand
add esp,04h
mov ecx,1Ah
cdq
idiv ecx
movzx eax,byte ptr [edx+LowcseAlp]
stosb
inc ebx
.until ebx == 8
inc serial_d
invoke lstrcmp,addr Buf1,chr$('vflpgnqo')
.until eax == 0
dec serial_d
push 10
push offset Serial
push serial_d
call itoa
add esp,0ch
invoke SetDlgItemText,hWnd,IDC_SERIAL,addr Serial
.endif
.elseif eax == WM_CLOSE
invoke EndDialog, hWnd, 0
.endif
xor eax,eax
ret
DlgProc endp
end start
Inc file:
include windows.inc
include user32.inc
include kernel32.inc
include comctl32.inc
include \masm32\macros\macros.asm
includelib user32.lib
includelib kernel32.lib
includelib comctl32.lib
DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
;
.const
IDD_MAIN equ 1000
IDB_EXIT equ 1001
IDC_NAME equ 1002
IDC_SERIAL equ 1005
IDB_GENERATE equ 1006
IDB_ABOUT equ 1007
.data
LowcseAlp db "abcdefghijklmnopqrstuvwxyz",0
.data?
hInstance dd ?
msvcrt dd 4 dup(?)
srand dd 4 dup(?)
rand dd 4 dup(?)
itoa dd 4 dup(?)
serial_d dd 4 dup(?)
Buf1 dd 10 dup(?)
Serial dd 10 dup(?)
include user32.inc
include kernel32.inc
include comctl32.inc
include \masm32\macros\macros.asm
includelib user32.lib
includelib kernel32.lib
includelib comctl32.lib
DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
;
.const
IDD_MAIN equ 1000
IDB_EXIT equ 1001
IDC_NAME equ 1002
IDC_SERIAL equ 1005
IDB_GENERATE equ 1006
IDB_ABOUT equ 1007
.data
LowcseAlp db "abcdefghijklmnopqrstuvwxyz",0
.data?
hInstance dd ?
msvcrt dd 4 dup(?)
srand dd 4 dup(?)
rand dd 4 dup(?)
itoa dd 4 dup(?)
serial_d dd 4 dup(?)
Buf1 dd 10 dup(?)
Serial dd 10 dup(?)
RC file:
;This Resource Script was generated by WinAsm Studio.
#define IDD_MAIN 1000
#define IDB_EXIT 1001
#define IDC_STATIC1004 1004
#define IDC_SERIAL 1005
#define IDB_GENERATE 1006
1 24 DISCARDABLE "manifest.xml"
IDD_MAIN DIALOGEX 10,10,135,42
CAPTION "Brute-Forcer"
FONT 8,"Tahoma"
STYLE 0x90c80804
EXSTYLE 0x00000188
BEGIN
CONTROL "Exit",IDB_EXIT,"Button",0x10010000,80,25,45,13,0x00000000
CONTROL "Serial",IDC_STATIC1004,"Static",0x50000000,7,9,20,9,0x00000000
CONTROL "",IDC_SERIAL,"Edit",0x50010000,33,6,91,12,0x00000200
CONTROL "Get",IDB_GENERATE,"Button",0x10010000,10,25,44,13,0x00000000
END
#define IDD_MAIN 1000
#define IDB_EXIT 1001
#define IDC_STATIC1004 1004
#define IDC_SERIAL 1005
#define IDB_GENERATE 1006
1 24 DISCARDABLE "manifest.xml"
IDD_MAIN DIALOGEX 10,10,135,42
CAPTION "Brute-Forcer"
FONT 8,"Tahoma"
STYLE 0x90c80804
EXSTYLE 0x00000188
BEGIN
CONTROL "Exit",IDB_EXIT,"Button",0x10010000,80,25,45,13,0x00000000
CONTROL "Serial",IDC_STATIC1004,"Static",0x50000000,7,9,20,9,0x00000000
CONTROL "",IDC_SERIAL,"Edit",0x50010000,33,6,91,12,0x00000200
CONTROL "Get",IDB_GENERATE,"Button",0x10010000,10,25,44,13,0x00000000
END
AutoIt bruteForcer (for the lulz):
; brute force pour le crackme de EsSandRe
; Merci a 599eme Man
HotKeySet("{F1}", "Quit")
; Appuyez sur F1 pour quitter le programme
Func _sleep()
$result = InputBox("Temps de ralentissement", "Temps en ms")
If Not Number($result) Then _sleep()
Return $result
EndFunc
$Cible="CrackMe by EsSandRe"
$Mdp=""
$tempo=_sleep()
If WinExists($Cible)<>1 Then
MsgBox(0,"Error","Crackme is not launched")
Exit
EndIf
WinActivate($Cible)
WinWaitActive($Cible)
For $i=0 to 99999999
$Mdp = $i
ControlSetText($Cible, "", "[CLASS:Edit; INSTANCE:1]", $Mdp)
Sleep($tempo)
ControlClick($Cible, "", "[CLASS:Button; INSTANCE:1]")
Sleep($tempo)
If ControlGetText("Mauvais mot de passe", "", "[CLASS:Static; INSTANCE:2]")<>"Mauvais mot de passe" Then
MsgBox(0,"","Found !!! : " & $Mdp )
Exit
Else
WinClose("Mauvais mot de passe")
EndIf
ControlClick("Mauvais mot de passe", "", "[CLASS:Button; INSTANCE:1]")
Sleep($tempo)
Next
Func Quit()
Exit
EndFunc
; Merci a 599eme Man
HotKeySet("{F1}", "Quit")
; Appuyez sur F1 pour quitter le programme
Func _sleep()
$result = InputBox("Temps de ralentissement", "Temps en ms")
If Not Number($result) Then _sleep()
Return $result
EndFunc
$Cible="CrackMe by EsSandRe"
$Mdp=""
$tempo=_sleep()
If WinExists($Cible)<>1 Then
MsgBox(0,"Error","Crackme is not launched")
Exit
EndIf
WinActivate($Cible)
WinWaitActive($Cible)
For $i=0 to 99999999
$Mdp = $i
ControlSetText($Cible, "", "[CLASS:Edit; INSTANCE:1]", $Mdp)
Sleep($tempo)
ControlClick($Cible, "", "[CLASS:Button; INSTANCE:1]")
Sleep($tempo)
If ControlGetText("Mauvais mot de passe", "", "[CLASS:Static; INSTANCE:2]")<>"Mauvais mot de passe" Then
MsgBox(0,"","Found !!! : " & $Mdp )
Exit
Else
WinClose("Mauvais mot de passe")
EndIf
ControlClick("Mauvais mot de passe", "", "[CLASS:Button; INSTANCE:1]")
Sleep($tempo)
Next
Func Quit()
Exit
EndFunc
Package download
Lol, j'ai bien aimer le script AutoIt xD.
ReplyDeletepar contre ta mis
For $i=65000 to 99999999
Je pense que c'était pour des test, mais faut normalement partir de 0 :D.
Sinon beau bruteforce en ASM ;).
Moi je suis pas aussi fou ^^, je l'ai fait en C.
waip c'était pour test :)
ReplyDeleteSalut,
ReplyDeleteest il possible de faire la meme chose avec un code a 4 chiffres et lettres?
Hey Steven,
ReplyDeletethe download link is not valid anymore. I just stumbled upon this post. Can you please provide the package? Thanks a lot!
Regards,
Nick
http://web.archive.org/web/20120114201854/http://xylitol.free.fr/EsSandRe.zip
Delete