kingwrcy/cycle crackme

## cycle crackme
/***
*[crackme] from http://bbs.pediy.com/showthread.php?t=21532
*i can not write the keygen,just decompile the code,write the program execute flow.
***/

#include "stdio.h"
#include "string.h"


unsigned int savedEdi = 0;
unsigned int savedEcx = 0;
unsigned int savedEdx = 0;
unsigned int esi,edi,tmp,edx,eax,ebx,ecx;

unsigned int num402182 = 0xfedcba98;

unsigned int data[100] = {0xff01,0x00401115};
int arrIndex = 2;
void fun3(unsigned int);


int main(int argc, char const *argv[]) {
	char username[] = {"crackme"};
	//12345678901234567
	char password[] = {"09876543210987654"};
	int len = strlen(username);
	int lenPassword = strlen(password);
	int j=0;
	for (int i = 0 ; j < 0x10 - len; j++) {
		if (j==len) i = 0 ;
		*(username+len+j) = *(username+i);
		i++;
	}
	////printf("%s\n", username);

	int k = 0;
	while(password[k]!=0 && password[k] <= 0x7e && password[k] >= 0x30 ){
		k++;
	}
	////printf("%d\n", k);
	if(k != 0x11){
		return 0;
	}

	eax = (*((int*)username) ^ *((int*)password)) & 0x7f3f1f0f;
	ebx = (*((int*)(username+4)) ^ *((int*)(password+4))) & 0x7030100;

	// ////printf("eax:%x\n", eax);

	// ////printf("ebx:%x\n",ebx);

	////printf("===========================================\n");


	while(ecx!=0x8){
	    esi = (eax << ecx) & 0x80808080;
		edi = (ebx << ecx) & 0x80808080;
		edx = esi;
		////printf("esi:%x,edi:%x,edx:%x\n",esi,edi,edx );

		edx = (edx & (~0xff00)) | (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
		////printf("edx高8位右移7位:%x\n",edx );

		edx = (edx & (~0xffff)) | (((edx & 0xffff) << 7) & 0xffff);  //低16位左移7位
		////printf("edx低16位左移7位:%x\n",edx );

		edx = edx >> 0x8;
		////printf("edx右移8位:%x\n",edx );

		edx = (edx & (~0xff00)) | (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
		////printf("edx高8位右移7位:%x\n",edx );

		edx = (edx & (~0xffff)) | (((edx & 0xffff) << 7) & 0xffff);  //低16位左移7位
		////printf("edx低16位左移7位:%x\n",edx );

		edx = edx >> 0x8;
		////printf("edx右移8位:%x\n",edx );

		edx = (edx & (~0xff00)) | (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
		////printf("edx高8位右移7位:%x\n",edx );

		edx = (edx & (~0xffff)) | (((edx & 0xffff) >> 1) & 0xffff);  //低16位右移1位
		////printf("edx低16位右移1位:%x\n",edx );

		esi = edx;
		edx = edi;
		////printf("====>esi:%x,edx:%x\n",esi,edx );

		edx = (edx & (~0xff00)) | (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
		////printf("edx高8位右移7位:%x\n",edx );

		edx = (edx & (~0xffff)) | (((edx & 0xffff) << 7) & 0xffff);  //低16位左移7位
		////printf("edx低16位左移7位:%x\n",edx );

		edx = edx >> 0x8;
		////printf("edx右移8位:%x\n",edx );

		edx = (edx & (~0xff00)) | (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
		////printf("edx高8位右移7位:%x\n",edx );

		edx = (edx & (~0xffff)) | (((edx & 0xffff) << 7) & 0xffff);  //低16位左移7位
		////printf("edx低16位左移7位:%x\n",edx );

		edx = edx >> 0x8;
		////printf("edx右移8位:%x\n",edx );

		edx = (edx & (~0xff00)) | (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
		////printf("edx高8位右移7位:%x\n",edx );

		edx = (edx & (~0xffff)) | (((edx & 0xffff) >> 5) & 0xffff);  //低16位右移5位
		////printf("edx低16位右移5位:%x\n",edx );

		edi = edx;
		////printf("edi:%x\n",edi );

		edi = edi ^ esi;
		////printf("edi xor esi:%x\n",edi );

		edx = edi;
		edx = edx & 0xFF;
		////printf("edx and 0xff:%x\n",edx );


		savedEcx = ecx;
		savedEdx = edx;
		////printf("saved ecx:%x,saved edx:%x\n",ecx,edx );

		edx = 0x8;
		int tmp;
		tmp = eax;
		eax = ecx;
		ecx = tmp;

		if(eax<=0x3){
			eax = (eax & 0xffff0000) + ((eax & 0xff) * (edx & 0xff)); //mul dl
			edx = savedEdx;
			eax = eax +0x8;
			////printf("before:eax:%x,ecx:%x\n",eax,ecx );
			tmp = eax;
			eax = ecx;
			ecx = tmp;
			////printf("after:eax:%x,ecx:%x\n",eax,ecx );
			/**
			 * 循环左移n (a>>(N-n))|(a<<n)
             　　循环右移n (a<<(N-n))|(a>>n)
			 */
			eax = (eax >> (32-ecx)) | (eax << ecx);//eax循环左移ecx位
			////printf("eax循环左移%d位:eax:%x\n",ecx,eax );

			////printf("eax xor edx:%x xor %x:%x\n",eax,edx,eax ^ edx );
			eax = eax ^ edx;

			eax = (eax << (32-ecx)) | (eax >> ecx);//eax循环右移ecx位
			////printf("eax循环右移%d位:eax:%x\n",ecx,eax );
		}else{
			eax = eax - 0x3;
			eax = (eax & 0xffff0000) + ((eax & 0xff) * (edx & 0xff)); //mul edx低8位
			edx = savedEdx;

			tmp = eax;
			eax = ecx;
			ecx = tmp;

			ebx = (ebx >> (32-ecx)) | (ebx << ecx);//eax循环左移ecx位
			ebx = ebx ^ edx;
			ebx = (ebx << (32-ecx)) | (ebx >> ecx);//eax循环右移ecx位
		}

		ecx = savedEcx;
		ecx++;
		////printf("eax:%x\n",eax );
		////printf("**********************************\n");
	}

	// printf("eax:%x,ebx:%x,ecx:%x,esi:%x,edi:%x,edx:%x\n",eax,ebx,ecx,esi,edi,edx );

	fun3(0xff01);
	printf("===>eax:%x,ebx:%x,ecx:%x,esi:%x,edi:%x,edx:%x,num402182:%x\n",eax,ebx,ecx,esi,edi,edx,num402182 );
    // printf("i:%d\n",i);
    //
    if(ecx==0x01){
		eax = *((int*)(username+8));
		ebx = *((int*)(username+12));
		eax = eax ^ ebx;
		eax = eax ^ num402182;
		eax = eax | 0x40404040;
		eax = eax & 0x77777777;
		eax = eax ^ *((int*)(password+8));
		eax = eax ^ *((int*)(password+12));
		if(eax == 0){
			print "success"
		}
	}
	return 0;
}

void fun3 (unsigned int a){
    edi = data[--arrIndex];
	ecx = data[--arrIndex];
    data[arrIndex++] = edi;
    // printf("arrIndex:%d,ecx:%x,edi:%x,num402182:%x\n", arrIndex,ecx,edi,num402182);
    //savedEdi = edi;
	//printf("ecx:%x\n", ecx);

	if(ecx > 0x80){
        data[arrIndex++] = ecx;
		//savedEcx = ecx;
		esi = ecx;
		ecx = ecx & 0xff;
		edi = eax;
		if(ecx > 0x8){
			edi = ebx;
			ecx = ecx >> 0x4;
		}

		do{
			edi = (edi >> (32-8)) | (edi << 0x8);
			ecx = ecx >> 1;
		}
		while( ecx !=0 );

		esi = esi >> 0x8;
		edi = edi & esi;
		edi = edi & 0xff;

		// //printf("esi:%x,edi:%x\n",esi,edi );
        // printf("**arrIndex b:%d\n", arrIndex);
		ecx = data[--arrIndex];
		// printf("**arrIndex b:%d,ecx:%x\n", arrIndex,ecx);
		esi = 0x80;
		do{

			//
			if((esi & edi) !=0){
				edi =edi ^ esi;
//				savedEdi = edi;
                data[arrIndex++] = edi;
				ecx = ecx & 0xff00;
				//printf("===ecx:%x,esi:%x,edi:%x\n",ecx,esi,edi );

				tmp = esi;
				esi = ecx;
				ecx = tmp;


				//xor ch,cl
				ecx = (ecx & 0xffff00ff) | ((((  (ecx & 0xff00)  >>8  ) ^ (ecx & 0x00ff))) << 8);
				esi = esi ^ ecx;
				// //printf("---ecx:%x,esi:%x,edi:%x\n",ecx,esi,edi );

				tmp = esi;
				esi = ecx;
				ecx = tmp;

				data[arrIndex++] = ecx;
				//inc dword ptr[0x402182]
				num402182=num402182+1;
                // printf("===>eax:%x,ebx:%x,ecx:%x,esi:%x,edi:%x,edx:%x,num402182:%x,arrIndex:%d\n",eax,ebx,ecx,esi,edi,edx,num402182,arrIndex );
                data[arrIndex++] = 0x004011E9;
				fun3(ecx);
                ////printf("---ecx:%x,esi:%x,edi:%x\n",ecx,esi,edi );
				edi = data[--arrIndex];

				esi = 0x80;

			}else{
				esi = esi >> 1;
				////printf("esi:%x,edi:%x\n",esi,edi );
			}
			//if(i==8)return;

		}while(esi != 0);
	}
	arrIndex--;
    //////printf("---ecx:%x,esi:%x,edi:%x\n",ecx,esi,edi );
}

//0040154B
	/***
	*[crackme] from http://bbs.pediy.com/showthread.php?t=21532
	*i can not write the keygen,just decompile the code,write the program execute flow.
	***/

	#include "stdio.h"
	#include "string.h"



	unsigned int savedEdi = 0;
	unsigned int savedEcx = 0;
	unsigned int savedEdx = 0;
	unsigned int esi,edi,tmp,edx,eax,ebx,ecx;

	unsigned int num402182 = 0xfedcba98;

	unsigned int data[100] = {0xff01,0x00401115};
	int arrIndex = 2;
	void fun3(unsigned int);





	int main(int argc, char const *argv[]) {
	char username[] = {"crackme"};
	//12345678901234567
	char password[] = {"09876543210987654"};
	int len = strlen(username);
	int lenPassword = strlen(password);
	int j=0;
	for (int i = 0 ; j < 0x10 - len; j++) {
	if (j==len) i = 0 ;
	(username+len+j) = (username+i);
	i++;
	}
	////printf("%s\n", username);

	int k = 0;
	while(password[k]!=0 && password[k] <= 0x7e && password[k] >= 0x30 ){
	k++;
	}
	////printf("%d\n", k);
	if(k != 0x11){
	return 0;
	}

	eax = (((int)username) ^ ((int)password)) & 0x7f3f1f0f;
	ebx = (((int)(username+4)) ^ ((int)(password+4))) & 0x7030100;

	// ////printf("eax:%x\n", eax);

	// ////printf("ebx:%x\n",ebx);

	////printf("===========================================\n");


	while(ecx!=0x8){
	esi = (eax << ecx) & 0x80808080;
	edi = (ebx << ecx) & 0x80808080;
	edx = esi;
	////printf("esi:%x,edi:%x,edx:%x\n",esi,edi,edx );

	edx = (edx & (~0xff00)) \| (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
	////printf("edx高8位右移7位:%x\n",edx );

	edx = (edx & (~0xffff)) \| (((edx & 0xffff) << 7) & 0xffff); //低16位左移7位
	////printf("edx低16位左移7位:%x\n",edx );

	edx = edx >> 0x8;
	////printf("edx右移8位:%x\n",edx );

	edx = (edx & (~0xff00)) \| (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
	////printf("edx高8位右移7位:%x\n",edx );

	edx = (edx & (~0xffff)) \| (((edx & 0xffff) << 7) & 0xffff); //低16位左移7位
	////printf("edx低16位左移7位:%x\n",edx );

	edx = edx >> 0x8;
	////printf("edx右移8位:%x\n",edx );

	edx = (edx & (~0xff00)) \| (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
	////printf("edx高8位右移7位:%x\n",edx );

	edx = (edx & (~0xffff)) \| (((edx & 0xffff) >> 1) & 0xffff); //低16位右移1位
	////printf("edx低16位右移1位:%x\n",edx );

	esi = edx;
	edx = edi;
	////printf("====>esi:%x,edx:%x\n",esi,edx );

	edx = (edx & (~0xff00)) \| (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
	////printf("edx高8位右移7位:%x\n",edx );

	edx = (edx & (~0xffff)) \| (((edx & 0xffff) << 7) & 0xffff); //低16位左移7位
	////printf("edx低16位左移7位:%x\n",edx );

	edx = edx >> 0x8;
	////printf("edx右移8位:%x\n",edx );

	edx = (edx & (~0xff00)) \| (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
	////printf("edx高8位右移7位:%x\n",edx );

	edx = (edx & (~0xffff)) \| (((edx & 0xffff) << 7) & 0xffff); //低16位左移7位
	////printf("edx低16位左移7位:%x\n",edx );

	edx = edx >> 0x8;
	////printf("edx右移8位:%x\n",edx );

	edx = (edx & (~0xff00)) \| (((edx & 0xff00) >> 7) & 0xff00);//高8位右移7位
	////printf("edx高8位右移7位:%x\n",edx );

	edx = (edx & (~0xffff)) \| (((edx & 0xffff) >> 5) & 0xffff); //低16位右移5位
	////printf("edx低16位右移5位:%x\n",edx );

	edi = edx;
	////printf("edi:%x\n",edi );

	edi = edi ^ esi;
	////printf("edi xor esi:%x\n",edi );

	edx = edi;
	edx = edx & 0xFF;
	////printf("edx and 0xff:%x\n",edx );


	savedEcx = ecx;
	savedEdx = edx;
	////printf("saved ecx:%x,saved edx:%x\n",ecx,edx );

	edx = 0x8;
	int tmp;
	tmp = eax;
	eax = ecx;
	ecx = tmp;

	if(eax<=0x3){
	eax = (eax & 0xffff0000) + ((eax & 0xff) * (edx & 0xff)); //mul dl
	edx = savedEdx;
	eax = eax +0x8;
	////printf("before:eax:%x,ecx:%x\n",eax,ecx );
	tmp = eax;
	eax = ecx;
	ecx = tmp;
	////printf("after:eax:%x,ecx:%x\n",eax,ecx );
	/**
	* 循环左移n (a>>(N-n))\|(a<<n)
	循环右移n (a<<(N-n))\|(a>>n)
	*/
	eax = (eax >> (32-ecx)) \| (eax << ecx);//eax循环左移ecx位
	////printf("eax循环左移%d位:eax:%x\n",ecx,eax );

	////printf("eax xor edx:%x xor %x:%x\n",eax,edx,eax ^ edx );
	eax = eax ^ edx;

	eax = (eax << (32-ecx)) \| (eax >> ecx);//eax循环右移ecx位
	////printf("eax循环右移%d位:eax:%x\n",ecx,eax );
	}else{
	eax = eax - 0x3;
	eax = (eax & 0xffff0000) + ((eax & 0xff) * (edx & 0xff)); //mul edx低8位
	edx = savedEdx;

	tmp = eax;
	eax = ecx;
	ecx = tmp;

	ebx = (ebx >> (32-ecx)) \| (ebx << ecx);//eax循环左移ecx位
	ebx = ebx ^ edx;
	ebx = (ebx << (32-ecx)) \| (ebx >> ecx);//eax循环右移ecx位
	}

	ecx = savedEcx;
	ecx++;
	////printf("eax:%x\n",eax );
	////printf("**********************************\n");
	}

	// printf("eax:%x,ebx:%x,ecx:%x,esi:%x,edi:%x,edx:%x\n",eax,ebx,ecx,esi,edi,edx );

	fun3(0xff01);
	printf("===>eax:%x,ebx:%x,ecx:%x,esi:%x,edi:%x,edx:%x,num402182:%x\n",eax,ebx,ecx,esi,edi,edx,num402182 );
	// printf("i:%d\n",i);
	//
	if(ecx==0x01){
	eax = ((int)(username+8));
	ebx = ((int)(username+12));
	eax = eax ^ ebx;
	eax = eax ^ num402182;
	eax = eax \| 0x40404040;
	eax = eax & 0x77777777;
	eax = eax ^ ((int)(password+8));
	eax = eax ^ ((int)(password+12));
	if(eax == 0){
	print "success"
	}
	}
	return 0;
	}

	void fun3 (unsigned int a){
	edi = data[--arrIndex];
	ecx = data[--arrIndex];
	data[arrIndex++] = edi;
	// printf("arrIndex:%d,ecx:%x,edi:%x,num402182:%x\n", arrIndex,ecx,edi,num402182);
	//savedEdi = edi;
	//printf("ecx:%x\n", ecx);

	if(ecx > 0x80){
	data[arrIndex++] = ecx;
	//savedEcx = ecx;
	esi = ecx;
	ecx = ecx & 0xff;
	edi = eax;
	if(ecx > 0x8){
	edi = ebx;
	ecx = ecx >> 0x4;
	}

	do{
	edi = (edi >> (32-8)) \| (edi << 0x8);
	ecx = ecx >> 1;
	}
	while( ecx !=0 );

	esi = esi >> 0x8;
	edi = edi & esi;
	edi = edi & 0xff;

	// //printf("esi:%x,edi:%x\n",esi,edi );
	// printf("**arrIndex b:%d\n", arrIndex);
	ecx = data[--arrIndex];
	// printf("**arrIndex b:%d,ecx:%x\n", arrIndex,ecx);
	esi = 0x80;
	do{

	//
	if((esi & edi) !=0){
	edi =edi ^ esi;
	// savedEdi = edi;
	data[arrIndex++] = edi;
	ecx = ecx & 0xff00;
	//printf("===ecx:%x,esi:%x,edi:%x\n",ecx,esi,edi );

	tmp = esi;
	esi = ecx;
	ecx = tmp;



	//xor ch,cl
	ecx = (ecx & 0xffff00ff) \| (((( (ecx & 0xff00) >>8 ) ^ (ecx & 0x00ff))) << 8);
	esi = esi ^ ecx;
	// //printf("---ecx:%x,esi:%x,edi:%x\n",ecx,esi,edi );

	tmp = esi;
	esi = ecx;
	ecx = tmp;

	data[arrIndex++] = ecx;
	//inc dword ptr[0x402182]
	num402182=num402182+1;
	// printf("===>eax:%x,ebx:%x,ecx:%x,esi:%x,edi:%x,edx:%x,num402182:%x,arrIndex:%d\n",eax,ebx,ecx,esi,edi,edx,num402182,arrIndex );
	data[arrIndex++] = 0x004011E9;
	fun3(ecx);
	////printf("---ecx:%x,esi:%x,edi:%x\n",ecx,esi,edi );
	edi = data[--arrIndex];

	esi = 0x80;

	}else{
	esi = esi >> 1;
	////printf("esi:%x,edi:%x\n",esi,edi );
	}
	//if(i==8)return;

	}while(esi != 0);
	}
	arrIndex--;
	//////printf("---ecx:%x,esi:%x,edi:%x\n",ecx,esi,edi );
	}

	//0040154B